Interesting Books

Here are some of the best books to learn, deepen or structure your skills in penetration testing, red teaming, and offensive security.

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

Web Hacking

The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more.
The Hacker Playbook 3 Real-world offensive security tactics for red teamers and internal pentesters.

Penetration Testing: A Hands-On Introduction to Hacking Great intro with labs, tools, and step-by-step walkthroughs.
Advanced Penetration Testing Focused on real-world enterprise simulations and stealth attacks.

Hacking APIs: Breaking Web Application Programming Interfaces A crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.

Black Hat GraphQL: Attacking Next Generation APIs This hands-on book teaches penetration testers how to identify vulnerabilities in apps that use GraphQL, a data query and manipulation language for APIs adopted by major companies like Facebook and GitHub.

Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them
Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

Red Team Field Manual (RTFM) Compact reference packed with useful commands and tactics.
RTFM: Red Team Field Manual v2 A quick reference when there is no time to scour the Internet for that perfect command
Red Team Development and Operations: A practical guide The authors have moved beyond SANS training and use this book to detail red team operations in a practical guide.
Cybersecurity Attacks – Red Team Strategies A practical guide to building a penetration testing program having homefield advantage

Open Source Intelligence Techniques Learn how to gather data using OSINT tools and strategies.
Deep Dive: Exploring the Real-world Value of Open Source Intelligence Learn to use publicly available data to advance your investigative OSINT skills and how your adversaries are most likely to use publicly accessible data against you
Osint: The Authoritative Guide to Due Diligence A comprehensive guide to the world of online investigations.
OSINT Techniques: Resources for Uncovering Online Information Includes new online and offline search tools and a new Debian Linux OSINT virtual machine. Brand-new search methods for Facebook, Instagram, TikTok, LinkedIn, YouTube, and others ensure you have the latest techniques within your online investigation arsenal.
Google Hacking for Penetration Testers Shows you how security professionals and system administrators manipulate Google to find this sensitive information and "self-police" their own organizations and much more.

Social Engineering: The Science of Human Hacking Psychological aspects of hacking, pretexting, and phishing.
Practical Social Engineering: A Primer for the Ethical Hacker Understand the techniques behind these social engineering attacks and how to thwart cyber criminals and malicious actors who use them to take advantage of human nature

Extreme Privacy: What It Takes to Disappear The only manual needed to secure a new private life
The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data Kevin Mitnick provides both online and real life tactics and inexpensive methods to protect you and your family, in easy step-by-step instructions. He even talks about more advanced "elite" techniques, which, if used properly, can maximize your privacy.

Attacking Network Protocols In-depth on SMB, RPC, and lower-level protocol exploitation.
The Art of Memory Forensics For advanced post-exploitation and forensic analysis on Windows systems.

Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments A comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies large and small.
Cloud Penetration Testing: Learn how to effectively pentest AWS, Azure, and GCP applications Get to grips with cloud exploits, learn the fundamentals of cloud security, and secure your organization's network by pentesting AWS, Azure, and GCP effectively

Last updated 7 months ago