Interesting Books

Here are some of the best books to learn, deepen or structure your skills in penetration testing, red teaming, and offensive security.

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

---

Web Hacking

• The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more.

• The Hacker Playbook 3 Real-world offensive security tactics for red teamers and internal pentesters.

General Pentesting

• Penetration Testing: A Hands-On Introduction to Hacking Great intro with labs, tools, and step-by-step walkthroughs.

• Advanced Penetration Testing Focused on real-world enterprise simulations and stealth attacks.

API Hacking

• Hacking APIs: Breaking Web Application Programming Interfaces A crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.

GraphQL Hacking

• Black Hat GraphQL: Attacking Next Generation APIs This hands-on book teaches penetration testers how to identify vulnerabilities in apps that use GraphQL, a data query and manipulation language for APIs adopted by major companies like Facebook and GitHub.

Bug Bounty

• Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them
• Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

Red Team / Command Reference

• Red Team Field Manual (RTFM) Compact reference packed with useful commands and tactics.

OSINT & Social Engineering

• Open Source Intelligence Techniques Learn how to gather data using OSINT tools and strategies.
• Social Engineering: The Science of Human Hacking Psychological aspects of hacking, pretexting, and phishing.

Windows / AD / Protocols

• Attacking Network Protocols In-depth on SMB, RPC, and lower-level protocol exploitation.
• The Art of Memory Forensics For advanced post-exploitation and forensic analysis on Windows systems.

Cloud Pentesting

• Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments A comprehensive guide to penetration testing cloud services deployed in Microsoft Azure, the popular cloud computing service provider used by numerous companies large and small.
• Cloud Penetration Testing: Learn how to effectively pentest AWS, Azure, and GCP applications Get to grips with cloud exploits, learn the fundamentals of cloud security, and secure your organization's network by pentesting AWS, Azure, and GCP effectively