Best cybersecurity books from 2014

Countdown to Zero Day

Stuxnet and the Launch of the World's First Digital Weapon

Kim Zetter's investigative reconstruction of Stuxnet, the joint US/Israeli operation that physically damaged Iranian uranium-enrichment centrifuges via a worm, and what its discovery revealed about state-level cyber capability.

The Art of Memory Forensics

Detecting Malware and Threats in Windows, Linux, and Mac Memory

Ligh, Case, Levy, and Walters' canonical reference on memory analysis with Volatility — the technique, the tooling, and the operating-system internals it depends on, across Windows, Linux, and macOS.

Threat Modeling

Designing for Security

Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.

@War

The Rise of the Military-Internet Complex

Shane Harris on the entanglement of US military doctrine, the intelligence community, and private contractors after cyberspace was declared the fifth warfighting domain.

Android Security Internals

An In-Depth Guide to Android's Security Architecture

Nikolay Elenkov on the actual implementation of Android's security model: package manager internals, permissions, keystore, SELinux integration, verified boot.

Incident Response and Computer Forensics

Luttgens, Pepe, and Mandia's working playbook for running an enterprise IR engagement: pre-engagement readiness, evidence acquisition, network and host forensics, and the project-management discipline that separates a controlled response from a panic.

Penetration Testing

A Hands-On Introduction to Hacking

Georgia Weidman's lab-driven introduction to pentesting, walking the reader from setting up a target environment through scanning, exploitation, post-exploitation, and reporting.

Practical Reverse Engineering

x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

A working reverser's textbook from three Microsoft / Quarkslab veterans, covering the architectures and toolchain you'll actually meet on real targets, including the Windows kernel and modern obfuscation patterns.

Spam Nation

The Inside Story of Organized Cybercrime — from Global Epidemic to Your Front Door

Brian Krebs's investigative deep-dive into the Russian-speaking pharma-spam economy of the late 2000s — the affiliate networks, the rivalries, and the people who ran them.