Book Review: Blue Team Handbook: Incident Response Edition

blueTeamHandbookEarlier this year I wrote an extremely short post discussing the Red Team Field Manual (RTFM) book. I’m currently on my third copy of the book (I’ve given the first two away) and I have a copy in my backpack at all times. I recently saw some traffic on a SANS mailing list about similar book geared towards blue teamers and had to check it out.

Like the RTFM, “Blue Team Handbook: Incident Response Edition” is small, affordable and is more of a collection of steps and command examples than a traditional book meant to be read from start to finish. The Blue Team Handbook covers topics such as Windows and Linux volatile data system investigation, network traffic analysis techniques, suspicious network traffic patterns and Snort configuration and usage. Amazon now lists an updated version 2.0 of the book with 20 new pages including information on database incident response.

The book is currently listed for under $14 on amazon and is perfect to keep with the RTFM in my backpack. If having a printed collection of incident response methodology and commands is something you’d like to have the Blue Team Handbook is worth checking out. When I inevitably give my current copy away I’ll have an excuse to get the new version with the database coverage 🙂

Book Review: Red Team Field Manual

rtfmIt feels kind of weird to call this a “book review” when the book is under 100 pages and costs $9 on Amazon but the Red Team Field Manual is worth sharing.

I first heard about the book on a SANS mailing list a few weeks ago when a poster said that the book was awesome and not to be scared off by the Amazon reviews which are joke reviews written by the author’s friends. I went to read the reviews (some of them were pretty darn funny) and since the book was only $9 I ordered it. It may very well go down as the handiest $9 I’ve ever spent.

The book’s author originally wrote the book as a reference for members of his penetration testing red team and got permission from his employer to publish it. The book is just under 100 pages and is nothing but a well-organized list of handy pen-testing commands for Linux, Windows, networking, pen testing tools, databases etc.

  • Looking for some Linux commands to cover your tracks? Page 7
  • A little fuzzy on the exact netsh command to forward a port in Windows? Page 18 has you covered.
  • Want to use Powershell to run a command every four hours? Page 23

I’ve kept my copy in my backpack since the day it arrived and it will probably stay there for many years. If you’re at all interested in pen testing and the book sounds like something you could use it’s definitely worth the $9 to check it out.

Violent Python Quick Thoughts

I eagerly pre-ordered the book Violent Python
and while I’ve only had a chance to go completely through chapter 1 and pick through chapter 6, I wanted to write a quick post with my thoughts on the book.

Chapter one is called introduction to Python and while the author starts off showing an example of a list, of a dictionary etc. the content quickly escalates into projects it has you work on. I’ve done a tiny bit of python coding in the past but my python was extremely rusty. Chapter one definitely helped shake the rust off.

What chapter one would not be good for is teaching someone python that has no programing experience whatsoever. One perfect example is the indentation that is such a fundamental part of python is never addressed. That could be awfully confusing to someone with zero experience. I understand people with zero programming experience are not the target demographic for a book like this; it’s just one caveat to consider before recommending the book. I’ve already recommended the book to multiple people but there are a few I haven’t recommended it to because I think they would experience some frustration due do their lack of experience.

The old recommendation would be to get an introduction to python book first but I’m not sure that’s necessary anymore. There are enough websites out there with free “learn python” courses out there that do a fantastic job on getting people started. Spending a few hours with one of those courses getting comfortable with python syntax, loops, basic libraries etc. would prepare someone to start Violent Python
.

If you’re at all interested in the content contained in Violent Python
the book is a must read. I had a blast creating and then modifying the projects in chapter one and then I jumped to chapter 6 to help me with a web scraping project I needed to write. The book has been fantastic and I’ll be making several more posts about it but I wanted to get some quick thoughts “down on paper”.