Network Threat Hunting Books


Here I leave you what are the best books I have ever read for network threat hunting – security monitoring. These books at the time I read them help me to get back on my feet after some long time without firing wireshark and seeing and nice packet capture.

I recommend them as they are very well writen books, full of examples and still extremely relevant for the cyber security analyst and threat hunter roles in a SOC or CSIRT. If you are looking to start in the industry or scale up you skills to do in depth investigations they are a must read.

Practical Packet Analysis: Using Wireshark to Solve Real – World Network Problems by Chris Sanders.

I chose this book to refresh some practical concepts about traffic analysis. It is a tedious book to read if you are not novice into the subject. I found particulary useful chapter 4 and 5 around the capabilities of Wireshark and how to use some features to manage and analyze pcap files

Network Forensics Tracking Hackers Through Cyberspace by Sherri Davidoff and Jonathan Ham.

This book is a must if you are interested or currently doing network forensics and traffic analysis. It is a very technical book and requires a deep understanding of network communications to follow it through. It covers from basic to more practical issues such as traffic analysis and carving within pcap files. I liked the approach followed especially for traffic analysis, where they show all the possible strategies to follow a network investigation as well as the manual an automated tools to do so. Highly recommended for professional involved in forensics.

The practice of Network Security Monitoring by Richard Bejtlich

There is some overlap between this book and the previous however I found it particularly useful to deploy the Onion Linux distribution and configure it. There are other chapters in the book which take you through some of the tools and tacticts to analyze traffic, these chapters are a very good complement to the material explained in the previous book. The final chapters are dedicated to NSM operations where the subject is discussed and new approaches such as the kill chain is introduced.

The applied network security monitoring – collecction, detection and analysis by Chris Sanders and Jason Smith

This is the last book in network security I read, it is other must read book together with the other three above. The most important chapters which are not presented in the other books are related to collecting IOC’s, the analysis process and Incident Morbidity and Mortality. This last technique is especially important for SOC and management to establish a learning culture within the security environment.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s