#bookclub

I might be retired by then

I can i join

👍

Zojja's right... no ETA afaik sadly

thankfully there's a ton of other good books/resources, way more than there were 7 years ago

I also have to say I love Georgia, she is awesome, she came to visit a cyber group I’m part of many years ago, taught a class and gave everyone a copy of her book, but she is also busy

Well she said on her twitter in Feb that the book is in countdown so that could mean anything 😛 She is one of the busiest women in cybersecurity, two companies, the book, teaching classes and other duties. I know I'll be picking up a copy as soon as it's available but I'm also guessing it'll be in a humble bundle before too long

Friday lunch read https://www.oreilly.com/library/view/zero-trust-networks/9781491962183/

zero trust models make me cry

everything makes cry cry

I work on a zero trust k8s network AMA

Can only be tested by 0day.

finished this yesterday, not really as technical as I was hoping but still a really good read for management/decision-makers

Someone good book about cryptographics ?

saw these two recommended :

Serious Cryptography : https://nostarch.com/seriouscrypto
Crypto Dictionary : https://nostarch.com/crypto-dictionary

.. but I haven't read them yet.

oehh nice thanks

this was was recommended to me at uni

Understanding Cryptography : https://link.springer.com/book/10.1007/978-3-642-04101-3

there is a pdf of this book if you look for the name.. probably illegal copy.

Ahh sick thanks, never went to uni but seems like they recommended some nice books 😛

Just use minimal distros like Arch or Gentoo and build from there

It takes a lot of patience and knowledge to build something completely from scratch and that's not a guarantee you will like too

With minimal distros you have a working base and you build on top of it

Both of those no starch crypto books get bundled in humble bundle security bundles pretty regularly; keep your eye out if you don't want to purchase them individually

Does someone have a good audiobook?

Two excellent books by Bruce Schneier...

Applied Cryptography: https://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/1119096723/

Cryptography Engineering: https://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246/

Did you like this book?

haven't finished it yet, much more to read from it and digest

How is it till now?

pretty conceptual so far

the only downside that you will never start from 0 to be able to implement all the stuff with ease

Well sometimes you start from 0

But usually not

The last chapters are about migrating right?

Is it also some hands-on ? Or plain theory ?

Picked up the Purple Team Field Manual on Kindle a couple days ago. It's a nice mix of the Red and Blue concepts and techniques across several platforms and environments. Very little verbiage, mostly command sets and configuration details for working both Red and Blue sides of an encounter in an environment suitable for that level of testing

https://www.amazon.com/PTFM-Purple-Team-Field-Manual/dp/B08LJV1QCD/

Purple Team 💜

@north spade can i dm ??

Yes, thanks for asking

Just preordered ! Thank you for the recommandation

ur name is cry aaand my pfp also make u cry

Makes us cringe, that's for sure

yea..

https://www.humblebundle.com/books/head-first-programming-oreilly-books

I really like the approach. If there is a topic that interrests you, its worth checking the bundle.

Suggest me any best book For CPU architecture and Assembly

For Assembly No Starch Press has a great book.

Name ?

Art of Assembly.

👍

And for CPU architecture x86_64 and Arm

It's a great set of books

Any recommendations on books about investigating cyber crime. I'm mainly looking for information about attribution.

Yes! You read "The secret story of the Dark-Web" by Derek Mailhiot.

thanks @arctic palm I will look into it

Gave +1 Rep to @arctic palm

Hello

Can anyone suggest any book to start malware analysis?

Thank you

Hacking Exposed : Malware and Rootkits

• Practical Malware Analysis

that's all I've got @chrome parcel
Happy Hacking

Thank you @chrome parcel

Gave +1 Rep to @lilac perch

let me find that book, sounds #interesante, ¡Gracias ! 🙏

✌️

i am about to read Head First Design Patterns and already have the first edition is there something new in the second edition that it is worth it to get that ?

Go for the gang of 4 design patterns book. Much more useful IMO.

thanks man, just to be sure you mean Design Patterns: Elements of Reusable Object-Oriented Software by Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides ?

Gave +1 Rep to @regal pond

Yep, that's the one

That is indeed the one

Be warned, you may have to buy multiple copies. They tend to get borrowed and never returned.

👍

Hey guys, did you have some books for learning Python ? Or some other tips for start write some python code for ethical hacking

There’s a good udemy course

https://www.udemy.com/course/learn-python-and-ethical-hacking-from-scratch/

Also the book ‘black hat python’

Udemy often do sales so it’s worth keeping an eye on it as it goes down to like $10

Thank you very much

Gave +1 Rep to @paper raven

I know you asked for books, but it might be worth checking out https://www.freecodecamp.org as well. they have a course named python for everybody which covers the basics and then there's also a python for penetration testing course (within the information security one).

For learning python => https://books.goalkicker.com/PythonBook/ (pdf)

Thank you so much , i visit immediately this website

Gave +1 Rep to @humble goblet

Thank you too , i check out this book

Thanks a l ot

Blackhat Python uses Python 2 which is Deprecated I would recommend checking Python Playlist on HackerSploit YouTube channel
@dreamy panther

Also has python updates on GitHub I believe. And it’s also good practice to update from python2 to python3 because a tonne of exploits are written in pytho 2

sure

however, py2's support has ended in 2020

which means no more updates on Py2

Yeah, to python itself

But the content from the book has been updated

Okay, I hesitated to give it a shot knowing that it's deprecated

You can check the repo

if you mind you can send the link

No I don't have it, but I'm sure you can find it

Thanks, I've found it

Gave +1 Rep to @errant sundial

I know the YouTube channel , the video in python is in Python 3

Anyone know Ippsec on YouTube?

Yes

Are the videos he makes to learn useful? I always see him mentioned on many forums

For sure

He makes a lot of HTB videos

^ Very good content and can learn a lot from him

Thank you so much ... Maybe i start to see the easy box

And takes some notes

There is a new version that is just released

I get it this week 😉

They actually released a new edition that's updated to Python 3 this month! 😄

https://nostarch.com/black-hat-python2E

Wow thank you so much i would read this book as soon as possible 😍

Gave +1 Rep to @humble fractal

You're very welcome!

Oh my god, I need to get a job to buy it asap!

If $ is an issue, there are also lots of great resources out there that are free

It is more of "my parents will not fund my hacker education" :D

Anna, keep your eye on humble bumble. Black Hat <Programming Langague> books show up regularly in IT bundles.

well, "hacker" != "programming" 🙂

there are plenty of resources out there for learning to program that aren't security related, but would still be useful, if that's what you want to learn

Sure, humble bundles are great

The 2nd edition is available on O'Reilly books - you can get access for about $100 per year via https://www.acm.org/membership/join

@tacit compass let's avoid politics, and your post was deleted as well.

Why not if i may ask ?

If they google for 5 minutes they see that it is banging business with banging jobs ?

so, I've been reading a couple of the Kevin Mitnick books. The "Ghost in the Wires" one was very entertaining, but I'm currently on the "Art of Intrusion", and it is a bit more technical and shows some interesting hacking scenarios of all kinds, so I wanted to recommend it to you if you get a chance to read it

GitW was fun, but I felt a little self-serving on his part. What's AofI about?

he interviewed some hackers and explained their adventures, as well as some technical explanations and possible counter measures for the defense. Quite interesting to read about people hacking from inside of prison, people hacking casinos, and some real life pentest scenarios

I'm halfway through

better than GitW you think?

better for users like us :P, GitW was fun and light to read for a normal person I guess

TryHM users could get more from the Art of Intrusion one

cool. Thanks for the info @glass whale 🙂

Gave +1 Rep to @glass whale

;D

Hey, please, can somebody recommend good source for learning pearl and ruby scripting in context of pentesting?

I mean, it can be any context, haha, I need something 'from hello world' to pentesting scripts. 🙂

Unfortunately all of the books I know that teach pentesting-related scripting are for Python :c But! The good news is that scripting for pentesting isn't particularly different, it's just learning specific libraries for doing things like networking. So I think any resource where you can learn the fundamentals of a language would still be really useful, and then you could add the pentesting bits on top

https://www.humblebundle.com/books/cutting-edge-tech-morgan-claypool-books?utm_content=cta_button&mcID=102:608320510853514f02187fc7:ot:5fad322b730d25f07259c547:1&linkID=60832051dc4f2059483e82ab&utm_campaign=2021_04_26_cuttingedgetechmorganclaypool_bookbundle&utm_source=Humble+Bundle+Newsletter&utm_medium=email

What are the best books to start with penetration testing? Please suggest.

Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman
The Hacker Playbook series by Peter Kim. Book 3 is the current one and best in the series though the others are valuable
RTFM: Red Team Field Manual by Ben Clark, BTFM: Blue Team Field Manual by Alan White and PTFM: Purple Team Field Manual by Tim Bryant
Advanced Penetration Testing by Wil Allsopp
Hacking: The Art of Exploitation by Jon Erickson
Web Application Hacker's Handbook by Dafydd Stuttard, though this has been replaced/superseded by the excellent PortSwigger Academy
https://portswigger.net/web-security

There's a few others but that's a good start

Thank you!

Gave +1 Rep to @humble fractal

Thank you for the information... very helpful

Gave +1 Rep to @tidal plume

Thanks man

Gave +1 Rep to @glass whale

Is Mitnick's book worth reading, or just a historical/novelty because of who he is ? Someone has a signed copy for sale and I'm tempted.

I read two of them and they had a value for me. I would go for it, there is a lot of info there about SE.

cool. I was unsure as sometimes celebrity status can be overblown.

I started "the art of invisibility" recently, and it basically provides what it claims to, how to be "invisible", I haven't finished it but as far as I've read it doesn't provide any in-depth technical stuff. I have to say it is very entertaining and eye-opening.

Do you need any previous heavy knowledge on Python to learn this book? Only programming language ik is java tbh.

I haven’t started it yet and have only flipped through the ebook a bit while waiting for the physical copy I ordered to arrive. But: it does seem to jump right into Python code and doesn’t directly teach the language.

That said, although I haven’t used Python much, I was able to follow what’s happening in the code. At the end of the day it’s still stuff like calling functions with parameters and processing the results, that sort of stuff.

I think for someone with no programming background it would be a bad choice, but if you already know Java then it’s probably good. And if you’re getting stuck on the syntax of Python, there are lots of docs freely available online to help: https://www.python.org/about/gettingstarted/

Thank you for the clarification. And yeah, I work with Java on a daily basis so hopefully it won't be hard. I'm still a beginner in programming, but shouldn't be an issue :)

Gave +1 Rep to @humble fractal

You're very welcome! In case it's helpful, it looks like you can also download the book's code from the NoStarch website if you wanted to take a peek at it before buying the book. The link is just above the description

And they have a sample chapter available for download ^^

Book of the Month Club
Serious Cryptography: A Practical Introduction to Modern Encryption, by Jean-Philippe Aumasson.
This month's book is about learning Cryptography. It covers the same topic as the fourth of TryHackMe's Modules on the site: https://tryhackme.com/module/cryptography
Feel free to discuss this book with others and ask questions. The goal is to study and learn together! 🥳

Hi , do you know some good spring boot books?

https://www.manning.com/books/spring-boot-in-action is the one I used. short, practical, and to the point 🙂

Manning is a great publisher. 🙂

Ty for the feedback. I've only skimmed through this and the spring in action book but both seemed great. If I need a book on another topic and there's a manning book, I'll be sure to check it out

Gave +1 Rep to @west fjord

I thought that name sounded familiar... I was reading about Mitnick("Condor") in my Criminology class

do I want K&R first edition C or Ansi C?

Can anyone send me black hat python 2021 edition

https://nostarch.com/black-hat-python2E here you go

https://www.cyberdefensemagazine.com/top-100-cybersecurity-books/

!rule 11

Rule 11: No distribution of illegally obtained materials within the discord. Do not pirate books in #bookclub

Hey, does anyone know books like Hacking Arf of exploitations? I mean low level programming/exploitations

Yep, I have the book a really great book

Isn't that book outdated btw?

It somewhat is yes but no at the same time

It's still relevant on how to get a good introduction with hacking and also with the C programming language

But it does provide a strong foundation of knowledge in hacking

Interesting, I'm looking to purchase some books for new sources

So far I'm interested in:

The Linux Command Line (i felt like linux rooms in THM weren't enough)

Learning By Practicing - Hack & Detect: Leveraging the Cyber Kill Chain for Practical Hacking and its Detection via Network by Nik Alleyne

I might get the new Black Hat Python, but maybe later

If anyone can recommend stuff to beginners, @ me please :)

a lot of people can benefit from recommendations if you get them here instead of in a dm

Yeah, by @ me i meant just tag me here lol

oh sorry

no worries

The first book is definitely a good book to get started with linux, probably one of the best books to get started in linux with

My main sources are going to be THM, INE and some books

The second one I am unsure about that I haven't heard of that book and the last book i've heard good stuff about the previous books so this one might be very good

The second book was recommended to me by someone in this channel, the reviews seem pretty good ngl

TLCL you can also get for free (legally) if you're interested

http://www.linuxcommand.org/tlcl.php/

Thank you

I also heard about Georgia's book that's an intro for pentesting

I'm waiting on the new edition

you might be waiting for a long time so here's another recommendation to add to your list

https://www.wiley.com/en-us/Hands+on+Hacking%3A+Become+an+Expert+at+Next+Gen+Penetration+Testing+and+Purple+Teaming-p-9781119561453

Oh damn, is it sort of beginner friendly?

im not too much of a novice, but i'm not in an intermediate level either

um, someone else could give their opinion on this since I've not read it extensively, but definitely less beginner-friendly than weidman's book I think

but also definitely an amazing book with a lot of useful information/insights and not just a "cookbook" for pentesting

Yeah, I heard about that too

Tbh I think with the sources I have currently, I can probably wait till the second edition

Also check the pinned messages @somber river It has a book on Linux 🙂

This one is pretty interesting

It can still be used by beginners, right?

If you're up to it, don't let a label like beginner friendly hold you back. If you're not getting anything, you'll know yourself it's too advanced, but I doubt that will be the case with these books

That's some good advice

I mean, even if I don't understand something I can definitely Google it or ask

Very often a cookbook in the title means it has practical examples included, which are used to demonstrate and teach how to accomplish something in full detail. Anything that isn't clear is likely solved by Google. 🙂

Ok thanks, and is there an other book like that ?

Gave +1 Rep to @short carbon

@humble goblet @somber river Hands on Hacking is one that I’ve been working through and I’d say it’s a little past beginner (not a huge section on setting up Linux), and there are a couple of sections I’ll have to rework once I get a little more confortable. All in all, highly recommend.

The thing I liked a lot were the little sections where they explain some things that could possibly have been omitted

But in general as well, great book

And yeah, rereading is great 😄

Thank you :)

Gave +1 Rep to @desert python

I have a couple of books I want to get through first tho, then I can probably dive into more stuff

@everyone do you guys have a book for darkquery

or pdf

I read it (Hacking: The Art of Exploitation 2nd edition) like two months ago and I think it holds up well. It's an older book, but everything it teaches is fundamentals, so it's still relevant and super useful IMO. It doesn't teach you how to deal with, for example, ASLR, but it's still teaching you the stuff you'd need to know before you started grappling with that kind of stuff anyway

That sounds great :)

I can't stop reading it these days X)

I second that. This is very low level book, so it does not get outdated that easy. I learned a lot, and I started understanding a lot going through it.

Need a book suggestion - intermidiate lvl

Could you be more specific about what you're looking to get out of a book?

Pentesting, methodologies and scripting

- The Hacker Play Book [1,2,3]

- Coding For Pentesters [Building Better Tools]

- Perl for Penetration Testing

- Shell Scripting [Expert Recipes for Linux, Bash and More]

Red Team Field Manuals 

- The Web Application Hacker's Handbook 

That's what I had @wispy copper

Happy Hacking!

I need to get it soon lol

I've added so many books thanks to this channel, would you guys recommend taking notes while reading them?

@somber river

we discussed that around those messages, hope it helps

yeah, it does

might get physical copies tho

you can take side notes on the books too then

also, what's up with starch books?

i heard they're good

I love them but it's just my opinion

Well structured and well explained

got any specific books from them?

like 30 hahahaha

I bought humble bundle packs

damn haha

i'm trying to make a collection of stuff to read

aw damnit, its not there anymore

Thnx @chrome parcel

I just got an idea

My laptop has a touch screen, and I can use a pen with it. I can probably just put the kindle version of the book in one side, and notes on the other. Can probably save up more money rather than buying the physical version

Yes, they are great. I did not have 'bad' book from them, and I went through around 20. If you are on budget, and you are ok with ebooks, wait for their HumbleBundle, they are great.

i'm trying to find them, but I'm getting books abt food lol

no starch books are great

and you can't find what you're looking for right now because it's not always on sale

Go to their website, haha. Google 'no starch press'. :)

the last nostarch hacking bundle was december 2020, I don't know when the next one will be

but I don't think there's more than 1 or 2 per year

You do not have to buy all books at once. Observe the website, they have good promos from time to time, and they do HB. Go one book at the time. There is no point to have tones of books and not using them. That 'Hacking' book will keep you busy for some time.

if you get them on humblebundle, you can get like 20 great books for the price of half a book, lol. it's well worth waiting for 😄

It may be a bit more often, along with peogramming books. There is a lot of hacking programming books too.

I have a fat linux fundamentals book which tells me all which i need to know about linux 😄

the only thing I'm salty about is I went top tier on that bundle and the iot book came out a few months after, so it wasn't in the bundle

Sure, that is why I mentiobed HB, but still it is noce to get one or two books, and go through them while waiting, imo :)

sure, if you got the bank

I am pretty sure it will show up in some bundle this or next year. Sometimes they put brand new publishings to the bundles.

If somebody cannot efford at that moment to buy a book, than absolutely, it is better to wait for bundle. In a mean time, there is plenty good quality free resources around.

Also, check local libraries. Some are like little treasuries.

I was googling "starch books" lmfaoo

yeah, that can give you all kinds of cooking books, haha

I'm getting The Linux Command line and Linux basics for hackers

Also, someone recommended this book before:

https://www.amazon.com/Learning-Practicing-Leveraging-Practical-Detection/dp/1731254458#customerReviews

It looks cool

These two are a good choice, definitely. I do not know the third one, but I will take a look :))

Sure :)

I looks interesting, definitely will go on my waiting list 🙂 Thanks!

Anytime

You're Welcome

@south kayak @sick hull thanks for the book recommendation for the operator handbook! Picked up the other one for my personal enjoyment lol.

Gave +1 Rep to @south kayak

ayyy welcome to the club, get some bookmarks/tabs for that sucka

Many tabs required. 🙂

The Linux Command Line is made free to download by the author at the book's official website

https://www.linuxcommand.org/tlcl.php

That's great :)

I think i'd want the physical copy tho ngl

I like physical books but I have very little physical book space left and thanks to things like Humble Bundle, No Starch's own offers and Kindle it's easy to get great books really cheap

Oh, hey, I was looking at it today. Is it good?

Yea it’s great! Just a bunch of examples and covers all sorts of areas for mac, windows, and Linux. Pretty sweet honestly. The fish that ate the whale is also supposed to be really good. Amazing what one man can do with just some bananas lmao

Haha, thanks!

Gave +1 Rep to @unkempt dove

Does anyone know a book that contains the most important RFCs until now, or if such book even exists?

Starting with this badboy today!

ooh nice. Do share your thoughts. Really interested in zero trust concept.

Just finished the first chapter, didnt expected to be dragged in this much! It is really well written, the quality of the book is also great (no leak through while marking important parts).. Probally going to write something about zero trust networks while I am going through this book and making a test setup!

Hello guys,
Any Book recommendation on Nmap Scripting Engine?
if so Kindly DM me.

Thank you! && Happy Hacking!

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Chapter 9

https://nmap.org/book/toc.html

Thanks, they explain it well but I don't think they show you how you can create your own 🤔

Gave +1 Rep to @indigo dragon

Script Writing Tutorial
https://nmap.org/book/nse-tutorial.html

Create Your Own Nmap Scripts Using Lua [Null Byte Video Tutorial]
https://youtu.be/Wb91wpCUx8Q

Thanks man, I appreciate

Does anyone know any good books about cryptocurrencies? I mean the technical/technological part, not the economical one.

masterjn bitcoin textbook
https://www.amazon.co.uk/Mastering-Bitcoin-Programming-Open-Blockchain/dp/1777493803
https://skerritt.blog/a-guide-to-altcoins/
https://www.amazon.co.uk/Mastering-Blockchain-distributed-consensus-cryptocurrencies/dp/1839213191

that's 3 links ^^

Someone any tips for books about buffer overflows ?

Buffer Overflow Attacks: Detect, Exploit, Prevent. 

Isnt that book really outdated ? 2005

Atleast the reviews do say so

- The Shellcoder's Handbook: Discovering and Exploiting Security Holes

xD throw some more at me plss ❤️

sure, most them are ancient

but I've read this one, it's probably good too.

Low level stuff does not get outdated that easily, so do not worry that much about the publication date. Saying that, I did not read this book, so I have no idea how good it is.

Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation Paperback – 30 Nov. 2017

to the people who have read this book, how is it?

Noticed this one to.. Really curious it seems like a nice one..

suggest me any good book about microprocessors which cover from old 8085 to advanced architectures please

It's pretty good. 🙂

one day i will catch up to all the books you’ve read 😅

I have a penchant for collecting No Starch books. The other day I got confirmation of the final pdf version of 'How Cybersecurity Really Works'. It's a nice easy read for beginners. I went through the first six chapters today just to see and it's an easy-going trip. Still available at a discounted rate with the code PREORDER from their website

https://nostarch.com/cybersecurityreallyworks

You're a 🌟

👍

Yo guys, can anyone recommend any intermediate hacking books

The Hacker's Play Book 2nd and 3rd Edition

• The Shellcoder's Handbook: Discovering and Exploiting Security Holes

that's all I'd recommend @silent quartz

thanks man

the hackers play books look interesting i will probably get them. thanks for the recommendation @chrome parcel

Gave +1 Rep to @lilac perch

You're Welcome @silent quartz

Just finished Ghost In The Wires by Kevin Mitnick, such a good book - the best I've ever read! 😀

Ew Kevin Mitnick

For the dutch people here "Cyberellende was nog nooit zo leuk". It is a great read.

what's wrong with him?

what is it about?

I got the three "the art of" ones

basically a biography of his life

Just an egotistical jerk really. Read the book and got that vibe, also just how he acts on Twitter when he gets caught doing something bad

Fair enough, interesting point - I read his books but haven't looked at his twitter

I've liked what I've read/heard from him, maybe he is indeed a little bit too egotistical

He has a really cool business card though

his card is a titanium card of lockpicks

yes for real!

I saw somebody with a business card that was a usb drive and nfc in it as well

I feel like that wouldn't work well for a security person

"Here, plug in this USB"

it would be a great time for everyone to hear the pwnage song or peanut butter jelly time though.

Oh it's an absolute horrible idea for security

but it's still pretty cool

https://320volt.com/en/attiny85-ile-usb-kartvizit/

Now you can just do this: https://www.vistaprint.com/marketing-materials/promotional-giveaways/slim-card-usb?GP=05%2F16%2F2021+15%3A07%3A15&GPS=5973469108&GNF=1
But yes, horrible idea

I need tech specs! that card could be vulnerable to BadUSB compromise

I think the first one he has all the specs on his site. The second, you'd have to ask the company. There are plenty of business card makers like that. Google showed a few

This book just went to the top of my TBR pile:

https://thisishowtheytellmetheworldends.com/

https://www.amazon.com/gp/product/B08P69FT4Q/ref=dbs_a_def_rwt_bibl_vppi_i0

This book looks great tbh

Seems like a really "entree" level book

Still probably has useful info

https://www.humblebundle.com/books/learn-you-more-python-books?hmb_source=&hmb_medium=product_tile&hmb_campaign=mosaic_section_1_layout_index_1_layout_type_threes_tile_index_2_c_learnyoumorepython_bookbundle

do you recommend this one?

insta buy

thanks man!

I haven't read this book but if I can recommend you one book about WebApp Pentesting I'd say this one, it is incredibly useful and you'll learn a lot of thing about how attacking a WebApp ( + enumeration, different kind of exploits and so on ) .

It's definitely a must-have I'd say

It's quite huge but don't be afraid, it's not mandatory ( but very recommended ) to have a look at everything in this book

It's an excellent read. It was superseded by the PortSwigger website, the home of BurpSuite

Mine or @/m1nt's one ?

Yours! 🙂 The Web Application Hacker's Handbook is excellent but the authors wanted something interactive to supersede it. Check out the site! This bit explains why the 3rd edition never happened

https://portswigger.net/web-security/web-application-hackers-handbook

Oh nice I will sure take a look tomorrow, thanks !

Books!

Ooh look, new python bundle

snatched

How Cybersecurity Really Works: A Hands-on Guide for Total Beginners by Sam Grubb. 🥳

Kali Linux Penetration Testing Bible by Gus Khawaja. 🥳

I definitely feel like I'm sort of weak in web exploitation, hopefully this can get me back on track.

I’m looking for recommendations for books for complete beginners

I'd say Linux Basics for Hackers is a really good choice

It's from No Starch Press

cool detail in a bruce schneier autographed book i bought the other day

I think I read that a little while back and was a little disappointed with it. But cool that you got the autograph! What does the cipher decode to?

ENJOY THE BOOK

i haven't taken a crack at the cipher yet!
i've never read any of his books but i keep up with his blog, i like his opinion on most things

I LIKE THE CAPITALIZATION.

You best get crackin' then 😉

Is this book any good?

It's good if you're completely new it's goes through the most basic stuff if you already the most basic stuff then I wouldn't recommend getting it but it's good if you want to refresh through the fundamental stuff now and then

Can I get it's pdf.. Anyone?

the autograph?

I think they want the pdf copy of the book

https://www.amazon.com/Click-Here-Kill-Everybody-Hyper-connected-ebook/dp/B07BLMQKZK/

The book

Not paid

For free?

@clever shell That would be book piracy. We do not tolerate book piracy here.

Oo. Ok. Sorry

Ah okay thank you

Gave +1 Rep to @short carbon

@chrome parcel @sick hull thanks for the recommendation. Just got this today !

Gave +1 Rep to @lilac perch

I'm glad you got it, you're gonna enjoy reading it.

OEhh that looks juicy

Pls send me an update how you like it!!

Hi everyone .Can you suggest books to patch vunls. Their content can be applied to machines similar to king of the hill? Thank you

Nmap Network Scanning_ The Official Nmap Project Guide to Network Discovery and Security Scanning

[2]Mastering the Nmap Scripting Engine- Paulino Calderon Pale

[3]Nmap_ Network Exploration and Security Auditing Cookbook

I do not advise you to waste your time with it, frankly, I benefited from it by writing simple scripts, but I learned the basics of lua, but I never used them. You will not find such modern tools like hydra and a lot of other . I advise you to read this book instead "The TCP IP Guide"

Thank you @gentle basin

Gave +1 Rep to @gentle basin

the reason I wanted to read about it was because I wanted to understand in depth how they work.

this book describe 2 how it work The => TCP IP Guide . even in the nmap book , the original , it's required to read that book

Thanks I'll check it out

u welcome

Hello guys,
Any Book recommendation for oscp ?

Thank you! && Happy Hacking!

The PWK PDF

@gray axle

yo

Hello guys I'm new on discord would please recommend me any books related to information security from where i can start

• Penetration Testing – A Hands-On Introduction to Hacking.

Thanks @chrome parcel I will get back here if I will need more help regarding this.

Gave +1 Rep to @lilac perch

Anytime @chrome parcel

haven't read it but No Starch Press released a new book How Cybersecurity Really Works this May.

https://nostarch.com/cybersecurityreallyworks

If someone has been hacking me for months what can I do to catch and report them? Ive discovered log files with a number of devices i dont recognize connecting to wifi ...

Anyone able to look at these files and discuss?

Thank you @indigo dragon would really like to dive into it.

Gave +1 Rep to @indigo dragon

I read it last week. It's full of great info if you're just starting out. It's short and sweet and should give you a push to move onto more challenging things

Wil Allsopp's Advanced Penetration Testing was very helpfull in discussing the methods and functionality of Advanced Persistent Threats for my postgrad assignment. I got it in two separate Wiley Humble Bundles in recent years

https://www.goodreads.com/book/show/32027337-advanced-penetration-testing

HI! On TryHackMe's Introductory Networing Course, they recommended: CISCO Self-Guide Study by Steve McQuery https://www.amazon.co.uk/Interconnecting-Cisco-Network-Devices-ICND1/dp/1587054620/ref=sr_1_1?keywords=Interconnecting+Cisco+Network+Devices%2C+Part+1&qid=1583683766&sr=8-1

The latest edition I could find was 2013 a version. Do anyone think this would still be a good book to understand more about networking? I am actually thinking about taking the Network+ exam, I assume it will cover most of this stuff anyway?

It's slightly out of date but entry level networking tech hasn't changed all that much. That book covers the ICND1 module that provides the CCENT cert, the first half od the CCNA. There are more recent ICND1/2 and CCNA books out there that will teach you everything for that cert.

If you're considering the Network+ cert you should get one of the Network+ books like the one by Mike Meyers or Todd Lammle but they all cover very similar levels of knowledge. Get the book for the cert you want.

Someone recommended this before:

https://nostarch.com/cyberjutsu#content

I was just wondering if it can be used by someone who's not a complete beginner, but is still in that range.

Absolutely. You should learn a lot from it, especially if you've read some of the other hacking/pentesting books mentioned here or followed courses like PWK/OSCP

I'm still not up to that level of taking a PWK course, but I am planning on buying some of the hacking books here. Nothing too advanced so far, just basics here and there and trying to understand the concept a lot.

My knowledge almost represents my THM level lol, most of my sources are from there. That's why I want to get more and more books.

You don't need to have used any one particular resource to find another one useful. It's an ongoing process. You might find some things easier if you've done the foundational work. Whatever certs you have or books you've read are only a part of what makes you good at what you want to do.

Great, I'll just add it to my list then and order it soon :)

Physical copies >

Even if I don't know something, I can always google it

Yeah Google is probably the most useful tool in your arsenal alongside the work you do. Everything else is a stepping stone

No Starch has just announced pre-order release of Vickie Li's Bug Bounty Bootcamp book with a 35% discount using code BUGHUNTER

https://nostarch.com/bug-bounty-bootcamp

heyo! Which book you will recommend as a CySA+ prep? Is the All-in-one legit?

Yeah, the all-in-one or the Sybex book should cover everything you need

It will be not my only resource, I just need some reference, so i will not go too deep into weeds with things, and not skipping accidentally some simple necessary stuff, etc.

Cool, thank you. Are they pretty much the same, or they complement each other somehow?

Gave +1 Rep to @tidal plume

They're both written to cover the syllabus. The writing style might be slightly different but the objective is the same. They're both highly rated so it really depends on your own style

Oh, ok, so there is no need to get them both? Good. Thank you 🙂

I don't think you'd benefit much from getting them both but you might benefit from their practice question books too if you need more than what you find in the books

They can be, if they're your learning style. Some people prefer courses and course books

Oh, ok, thank you!

Gave +1 Rep to @tidal plume

Gave +1 Rep to @tidal plume

robocop feeling friendly today

I'm looking for a CompTIA Security+: SY0-601 book. I'm aware that not many people have taken the test yet, but if somebody can recommend me a book please?

Based on the reviews I'm looking at these two right now:

CompTIA Security+: SY0-601 Certification Guide
https://www.amazon.com/CompTIA-Security-Certification-Complete-coverage/dp/1800564244/

CompTIA Security+ All-in-One Exam Guide
https://www.amazon.com/CompTIA-Security-Certification-Guide-SY0-601/dp/1260464008

The Get Certified Get Ahead Book by Gibson is pretty good.
I am using it for the 501 exam and heard good things about it from people who have taken the 601

it is only available as a e-book right now. I'm looking for a hardcover/paperback.

Found on their website that the paperback will be released by May 31. This book but for 501 has by far the best reviews so i will probably wait for it.

Yep, its extremely helpful, between that and proffessor Messer, I don't think you would need anything else

Ah cool. Thanks man! I think I should focus on getting my Network+ first and then try to get CCNA as recommended by many on the internet.

Gave +1 Rep to @tidal plume

Well it really depends what you're trying to do. The Network+ provides excellent knowledge for people who aren't working in the networking industry but who need to understand networking basics.

If you're planning to do the CCNA, you should just do the CCNA as it will cover everything in the Network+ and much more. Oh and just an update on my previous comment, it appears Cisco replaced the CCENT with an exam called CCT for entry level knowledge in several fields but that cert isn't essential to getting the CCNA

The All-in-One is good, also this one CompTIA Security+ Study Guide Exam SY0-601, Eighth Edition by Mike Chapple and David Seidl.

I see. I'm still relatively new to the cybersecurity world and from what i gathered so far, having a strong grasp of networking would help if you wish to pursue cybersecurity. Which is why i was planning to get a cert which will give me a good enough foundation in networking. After seeing this, maybe it'll be better for me to get Sec+ after Net+, then get CCNA somewhere further down the line if needed. Feels like the needing to get certs and acquire knowledge is never ending in this world (which is rly fun!)

Yeah it certainly is important to keep acquiring knowledge and pushing yourself further. Net+ and Sec+ are excellent starting points in the field to learn about where you wanna go and there's lots of directions you can push yourself once you have a good broad general knowledge of various topics

thank you both for your recommendations 🙂

Thanks for your advice mate. Now time to go back to study for my A+ 😅

Gave +1 Rep to @tidal plume

Any recommendations for blue teaming books beginner friendly?

Defensive Security Handbook by Lee Brotherston, Amanda Berlin, 2017
https://www.oreilly.com/library/view/defensive-security-handbook/9781491960370/

Blue Team Handbook: SOC, SIEM, and Threat Hunting Use Cases: A condensed field guide for the Security Operations team by Don Murdoch, 2018
https://www.amazon.com/Blue-Team-Handbook-condensed-Operations/dp/1726273989

Thx buddy

Cybersecurity Blue Team Toolkit by Nadean H. Tanner
https://www.amazon.com/Cybersecurity-Blue-Toolkit-Nadean-Tanner/dp/1119552931/

Blue Team Field Manual by Alan J. White
https://www.amazon.com/Blue-Team-Field-Manual-BTFM/dp/154101636X/

Tribe of Hackers blue Team by Marcus J. Carey
https://www.amazon.com/Tribe-Hackers-Blue-Team-Cybersecurity/dp/1119643414/

Thx again❤

Blue Team Field manual is pretty cool tho, if you will use it is a second

Anyone read this book before?

https://www.amazon.com/Operator-Handbook-Team-OSINT-Reference/dp/B085RR67H5/ref=mp_s_a_1_4?dchild=1&keywords=red+team&qid=1621839609&sr=8-4

yup I love that book, always have my copy near by - quite a few other people in this discord have it and seem to like it also

Should add it to the list as well then.

I heard its better than red/blue team manual field

Just finished reading Cult of the Dead Cow by Joseph Menn. It's a bit slow to start, showing how people used to shitpost in the 80's, but man it took off after the first third. As someone who doesn't follow US politics too closely the ending surprised the hell out of me.

Thanks for the review. It's on my list, but haven't picked it up yet

I figured I'd post an excerpt from the book I mentioned above since it's on my mind. For context, it's a senior member of CDC discussing a splinter group that had been drifting from race-baiting and trolling into overt racism.

I don't care about your politics. I don't even care about your racial beliefs, whether they're heartfelt or just trolling. It bothers me that you don't seem to have have any kind of internal editor that can differentiate between amusing, offensive material, and the kind of tedious, boring, lowest common denominator offensive material that shouldn't even make the grade

The audio book is also awesome

Listened to it while working out, even then it can drag you in 😄

I did 501 some time ago and I did use Mike Meyers books for it,I would go with the new one rather Mike Meyers' CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) if you are planning to go for the exam

thank you for your recommendation.

Gave +1 Rep to @ripe trellis

https://twitter.com/nostarch/status/1398338370221359110

My mind says yes, my pocket says no

I really can't read as much as buy

But oh yes I'm buying some

Oh boy don't I know it

Any good book on active directory hacking?

hi @chrome parcel

Check out https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse 🥳

ired.team is pretty great

thanks!

Gave +1 Rep to @west fjord

are there any books instead tho?

packt has some stuff but cant really recommend them

Yeah! It is really great compendium of all kinds of stuff. Very useful.

Not a book, but great thing: https://zer1t0.gitlab.io/posts/attacking_ad/

ty!

https://www.humblebundle.com/books/web-development-design-oreilly-books

@final palm

@chrome parcel

Has anyone read America The Vulnerable by Joel Brenner? it is from 2011 yet I find it such a good information piece. I am on like pg.111 at this point

Finished 2 sections of (one thousand nights and one night) great read

Hello Guys!
if someone wants to enhance their Cryptography Skill with Python, then
I'd Recommend this book **Cracking Codes With Python : An Introduction to Building and Breaking Ciphers ** From NoStarch

I found it very amazing

.

I knew i know that name. That's the author of: https://automatetheboringstuff.com/

exactly

Man this Book is Amazing

That book is also great xD

Absolutely

Yeah it's currently in a Humble Bundle collection with some other great books

https://www.humblebundle.com/books/learn-you-more-python-books

Hello everyone, I got a bunch of technical books to read and study, would you recommend to start by "Hacking, the art of exploitation"? Or is it more advanced?

Start with the book that you like the most

AoE is pretty dense - if you don't know C, that's a bad place to start learning the language

I actually have a good programming knowledge

I know C, I mean not a lot but I've done some, tho I've never done assembly

You should be fine for AoE then.

Cool, thanks!

Gave +1 Rep to @regal pond

@regal pond can I DM you?

About what?

What needs to be a DM that can't be asked here?

I didn't want to flood the chat with a 1 to 1 conversation but sure

What do you think is the best methodology to learn from AoE?

(taking notes, trying things on a lab, etc)

Read, replicate, break, understand

My best experiences on self-study have been when I've included as many learning modalities as possible. Video, Q&A, reading, building, breaking, writing

Of all of them writing is probably the most crucial when I'm building my understanding, because it allows me to work through the material in a way that is understandable to humans who aren't me

A lot of times, I write a report after my learning is 'done'. Then, I review the report when i've forgotten the material. If I understand my report, I've learned the topic. If I don't, back to square one.

This really helps a lot, thank you once again

You welcome

https://book.ethicalhackinghtb.xyz/ an online gitbook written by a university professor

Sounds really interesting, could be a nice "fallback" when you stuck at some service!

I like the fact that it is both practical but also contains enough theory to get a solid foundation and deepen your understanding in some things. I know beginners usually don't want to bother with theory but this is exactly the type of stuff that they should be reading imho

Can someone recommend good book about windows, i am not interested in basics but more in depth knowledge?

How's it going for you so far? I'm thinking of getting The Hacker Playbook 3.

Does it provide some theory and advice other than techniques?

Theory is really important for the foundation

Yup

Hi , Its a great book. It give real examples

it demonstrates all the pentesting activities, shows all the screen shots and code. It also has a git repo you can use to download all the tools

one of the better books for pentesting / ethical hacking.

Sounds good, I hope it can improve my skills :)

Windows Internals, 7th edition is a last one, I believe.

@chrome parcel thank you!

Gave +1 Rep to @strange hearth

np 🙂

Heyyo! I have a question. Did someone used all-in-one books which prepare for GIAC certs? Are they good? Do they really cover all material?To be clear, I am not preparing for these certs because they are simply too expensive for me, but getting that knowledge for a fraction of the price would be great. Any opinions?

I forgot to add, get part 1 and do not be tempted to preorder part 2 - it is in preorder since forever, and nobody knows when it really comes.

@chrome parcel i was just checking that out and you saved me 😁 i did order part one and from what i see here it is exactly what i have beed looking for, i had easy time finding similar books for linux but this is first one for windows that is promising good knowledge 😁

Yeah, Windows is not sexy, so there is not too much solid deep books on it. I wonder if it is somehow associated with licensing? This book is great, and later you have 'Troubleshooting with the Windows Sysinternals Tools', if you need that - another really solid piece.

@chrome parcel let me tell you something, you are golden! I got so excited you have no idea. I am not big fan of windows so i have lack of knowledge and windows rooms come harder to me but this is going to help. I owe you! 😁

no problem :)) I am glad I could help :))

anyone know how this compares to the rtfm from 2014?
https://www.amazon.co.uk/gp/product/B08N37KDPQ/ref=dbs_a_def_rwt_hsch_vapi_tu00_p1_i1

it's by a different author, so not sure if he took the 2014 one and just updated it, or if one is better than the other

looks like the exact same format just updated

so probably better

ye imma just get this one

thanks

Someone a few books that they really really liked? Doesnt need to be hacking related

Just a book before going to bed or whatever

sandworm by andy greenberg

Already read that one xD

count down to zero day?

Nope this one not yet!

Ordered it 😄

Hello everyone, I am looking to forward to read a cybersecurity/hacking related book.
What I am looking for is a hacker mindset/mentality sort of a thing, it doesn't necessarily need to be very technical (it's ok, even if it is).

Can someone recommend me such a book?

Non-technical books :

How Cybersecurity Really Works by Sam Grubb (2021)
The Art of Invisibility by Kevin Mitnick (2019)
Social Engineering: The Science of Human Hacking 2nd Edition by Christopher Hadnagy (2018)
The Pentester BluePrint: Starting a Career as an Ethical Hacker by Phillip L. Wylie (2020)
Cyberjutsu: Cybersecurity for the Modern Ninja by Ben McCarty (2021)

Cybersecurity/hacking related stories :

Permanent Record by Edward Snowden (2019)
**Ghost in the Wires: My Adventures as the World's Most Wanted Hacker ** by Kevin Mitnick (2012)
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers by Andy Greenberg (2019)
Inside Cyber Warfare: Mapping the Cyber Underworld Second Edition by Jeffrey Carr (2012)

Tribe of Hackers by Marcus J. Carey (2019)
Tribe of Hackers Red Team by Marcus J. Carey (2019)
Tribe of Hackers Security Leaders by Marcus J. Carey (2020)
Tribe of Hackers Blue Team by Marcus J. Carey (2020)

Someone pls pin the message xD

Another good book This is how tell me the world ends: The Cyber Weapons Arms Race Nicole Perlroth (2021)

did u take it? how was it? im thinking about buying it

i bought it, it comes tomorrow

Hi. I want to learn how to build up incident response mechanism on Azure cloud.

I am currently reading the book Azure Sentinel by Packt Publishing. And have read some microsoft docs as well. But whenever I use those docs I get lost - there is lots of different stuff. I want to narrow down my focus.

Can anyone suggest more books on incident response stuff (not specifically on Azure/Sentinel).

I am the only guy in my team who is working to build this IR mechanism. Need to really understand the basics.

If there are some certs or trainings that you would recommend, would be nice too.

Thanks 🙂
Sorry for the long msg.

Azure definitely has a lot of built in features that will make IR a bit easier. Certifications would be AZ-900 (Azure Fundamentals) -> Az-104 (Azure Administration) -> AZ-500 (Azure Security). Those 3 certs and training for them should give you the foundation you need

Thanks. :-)
I will follow that 🙂

just studying before the PenTest+ exam next month.

gooood luck @obsidian meteor

Looks like it can be used when you're stuck on a box, plus it provides some good info. I'll definitely bookmark this :)

Only tip I can give focus on web 🙂

About to take the comp tia CySA+ and security + course in a few months, can anyone recommend any good books to get started with??

The Sybex and McGraw hill books tend to be good for CompTIA certs

For sec+ there are some great notes for about 10 dollar

Not sure who publiced it but it is a pretty well known person

Are you talking about Professor Messer?

Yeah think so

Has anyone read We are Bellingcat? Seems like a good read, thinking of buying

Yeah, if you don't want to pay for his notes, he also has a free video course on youtube

new version right?

This book rocks 🚀🚀
Thanks man

Gave +1 Rep to @humble goblet

Guys, what language would you recommend to start in malware development, C, C++ or C#? And why? And any book you find interesting about it?

@chrome parcel Practical Malware Analysis book

https://practicalmalwareanalysis.com/

@chrome parcel https://www.amazon.com/gp/product/1593272901/ref=as_li_qf_sp_asin_il?ie=UTF8&tag=wwwpractica0b-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1593272901

basic level to advanced level easy to learn

You should also check out Malware Analyst's Cookbook and The Art of Memory Forensics

https://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033/ref=sr_1_1

https://www.amazon.com/Art-Memory-Forensics-Detecting-Malware/dp/1118825098/ref=sr_1_1

Hey everyone, hope this is in the right section. Can anyone give me a good book or site recommendation? I'm new to cyber security, I have been working my way through the beginner and defensive security sections of the try hack me site and I have started to attempt some easy CTFs which are giving me difficulty. What I am looking for is not so much a guide to how to use the tools as such, rather the decision making process that happens when deciding why I would use a tool and in which situation. When I read write ups for the rooms I tried they will say they used a certain tool but not why. Is this a trial and error process or is there decision making happening? Can this be learned specifically or is it a case of just years of experience?

Mostly experience and filtering out properly

What do you mean by filtering?

I had in the beginning that I found a port open that could be vulnerable you know edgy version etc etc

Spending 2 hours focusing on it instead of properly inspecting the other ports

That would give me the entree for the first one

Setting timers for yourself will also help with this

Lets say if you start spend at maximum 15 minutes per port

You can probably filter out 90% of the open ports

What makes you decide on the port that you will attack?

If you have several choices?

I start with the protocols that I know the best

So lets say FTP is open and a weird API is open, I suck at APIs but FTP isnt hard

So I would start with enumerating FTP first

Ok I see, start with what you know and learn the new stuff when you have to

With the time you will have your own basket of tools and script that you will use for certain protocols

Im sure I will get better with time. Currently I try an easy CTF room, do a scan and see 1 or 2 open ports and then be not sure what to do next. I read a write up and they use something I've never heard of

If you dont understand why someone uses a tool in situation X try to ask in the THM discord (if it is thm related)

Its like 1001 different tools available but I dont know which one to try or why I should use one over another

this book is great

For most things there isnt a perfect tool

Mostly personal pref

I get that and everyone has their favourites

Just experience which I dont have currently

If there is a writeup available you can always share the writeup and ask people why this or why that

Stay curious and you will understand it in no time 😉

Thanks

Your welcome 😄

Pyhton Blackhat second edition is a great book

Makes learning Python really fun!

Only you do need to have at least a bit of basic understanding of python.

@buoyant sail check out sam bowne's Violent Python 3 workshop, he does this workshop at some cons intermittently and always leaves the labs up
https://samsclass.info/124/VP2020.htm

That looks great thankyou!

http://www.designinganalogchips.com/_count/designinganalogchips.pdf
for the analog hardware shenanigans boys out there

Has anybody read Mike Chapple Security+ Study Guide?

each one new book for SY0-601 has some serious bad reviews (among great ones) such as difficult to understand, missing objectives, etc.

Lots of people have their opinions on study guides, especially for entry-level certs in a field. The guide is not meant to be the be-all, end-all for study. You're supposed to go out and research other things from other resources. Also there's the idea that if something from an entry level security book is difficult to understand, the book might not be the problem

Also, the bad reviews are a tiny percentage from what I can see so I wouldn't take them too seriously

This is true, that is mostly the biggest problem with entry level certs. The bad reviews are for most part because people dont research there stuff

Mike Chapple is overall a great guy

When you're not sure if you want to buy a book, look if there's a way to download a chapter from the official page, have a look at it and then just go with your instinct. We can't all have the same opinions about anything, but looking at a chapter if it's available is a pretty good way to gauge what you will think of the whole thing.

@tidal plume @buoyant sail thank you both. I can only agree with you.

Gave +1 Rep to @tidal plume

Guye its new. The booj

Book*

Black hat python 2nd eddition

It came out in april

I know I have it 😄

Needed to wait a long time on it

It is pretty great tho, not really beginner friendly you atleast need to have some understanding

I wrote a book for the MTA Network Fundamentals. Most of the reviews were positive and said covered everything they needed to know for the exam. Then had one that said didn't cover enough for the exam. Odd that I wrote it in order of the exam objectives and the publisher made sure it covered them all

That's actually ... fantastic news. I have been waiting for this one 🙂

@Mods spammer spotted

How do I tag mods?

@main mauve

Tagged one for you 😄

😄

-ban @neat sigil spam/scam attempt

🔨 Banned Mylo#1559 indefinitely

Any recommendations for getting into IoT hacking?

https://nostarch.com/practical-iot-hacking came out a few months ago and it's great. Also, the technical reviewer for that book, Aaron Guzman, has co-authored this: https://www.packtpub.com/product/iot-penetration-testing-cookbook/9781787280571

and the other co-author of the last book has authored this: https://www.apress.com/gp/book/9781484242995

The NoStarch one is the one I was looking at so I'm happy to see it recommended. I'll take a look at the other books as well. Thanks for the suggestions.

Gave +1 Rep to @humble goblet

Imo that's the best of the 3

No starch books are great

Hi guys. Is Penetration Testing: A Hands-On Introduction to Hacking by Georgia weidman is still worth it in 2021 ?

No - the binary exploitation section is probably still good but the rest is too outdated, you can get far better training for free with a little Googling

Some of the content is a little dated but it's still a good introduction to hacking basics. She's in the process of releasing a new edition

Thanks to both of you for the information !! I'll wait for the new edition! Have a great day @tidal plume @south kayak

Gave +1 Rep to @tidal plume

Hello everyone! Any recommendation for a beginner book for burp suite?

https://portswigger.net/burp/documentation this is the best you can find.

@desert python Hey, I recall you mentioned that you've purchased Hands on Hacking before. How's it going for you so far? I'm about to buy the hardcover version soon.

Heya!! It is going very well. I took a little break because I got confused on the email part, so I started working on THM for a bit. I dip in and out of HoH now, and going to get back to it once I finish the beginner path on THM. You won’t regret buying it!

@somber river

Great! I'll add it to the cart :)

Every review I see has something like "Here's your book script kiddies!" lmao

what are some great books for a begginer?

@spare slate Check the pins

I would like to buy a physical copy of this book. Anyone who currently or done reading it, how was it?

It looks like Packt has a new Humble Bundle with lots of infosec books. Anyone know if they’re any good?

https://www.humblebundle.com/books/cybersecurity-2021-packt-books

Considering there's a "Metasploit 5.0 for beginners" and a "Kali 2019" in there, I suspect they may all be at least a few years outdated.

Some of them will still be relevant though

Counterpoint: Sec+ 601

Aye, true

That was November 2020

It's a vast quantity of books though

That makes sense. I appreciate the thoughts/feedback!

It's very good. 🙂

I was literally just about to repost this same bundle, I tend to stay away from Packt but for $18 why not, all the subjects seemed interesting enough

Second that. Packt books are very hit or miss; some are very good, some are not. For consistency, go with OReilly when possible

I like my NoStarch and Wiley books fwiw

O'Reilly has really good learning paths too (good hacking course by Omar Santos in there) - not sure what schools offer it but I also have unlimited online access to their learning materials with my edu email
https://learning.oreilly.com/learning-paths

https://www.humblebundle.com/books/cybersecurity-2021-packt-books

@somber river I’m probably too green to really understand vs a veteran in the field, but it is explaining some basics clearly enough that I am building a foundation. That’s really what I need, though!

Yeah this is basically my opinion of them as well.

That said, one area Packt does seem to do well with is getting books out very quickly for new stuff. The quality isn’t always consistent, but sometimes I’ll happily take a “maybe good” book over no book when there’s new tech with little approachable documentation

Or even old tech with bad docs

Yeah that’s a good point too 🙂

What do you think about "the web application hacker's handbook" by Dafydd and Stuttard Marcus Pinto, the second edition

This is an excellent book and was always a recommended read. The Portswigger Academy website was built to supersede this book because the rate of change in the industry was hard to keep up with at the rate books are written/published

can book reading help me with polishing my skills? your suggested book ? :-

Yes it does but you have to practice what you learn to get better otherwise it’ll be useless if you’re only reading

Yes it will, in conjunction with a lot of practice, like said above. What subject are you interested in?

offensive security networking, reverse shell,web part

just not a big fan of defensive security

:/

https://imdavidday.com/img/sCQ58wBZLEFICI7d

For networking:
Charles M. Kozierok - The TCP/IP Guide
Bruce Hartpence - Packet Guide to Core Network Protocols
Chris McNab - Network Security Assessment

For reverse shell... I do not really know the book which has all methods. The concept is to have listener on your machine, and how you gather connection from machine you are attacking - method depends on what you are exploiting - services, protocols, vulnerabilities - If you will know networking, systems and potential vulnerabilities well, you will figure it out. Once you exploit a service, once you spawn a shell by uploading a file to app form 😉 Learn Linux and Windows.
For Windows - Windows Internals part 1, 7th edition
For Linux - I honestly recommend go through NDG Linux Essentials course on netacademy at first: https://www.netacad.com/courses/os-it/ndg-linux-essentials
The Linux Command line, 2nd edition by William Shotts is also an excellent book, if you want book, and it goes a bit deeper.

Then:
Jon Ericson - Hacking - The Art of Exploitation - it is quite a low level stuff, gives a great insight on what is going on.
Georgia Weidman - Penetration Testing - wait to fall for new edition

For Web:
Dafydd Stuttard, Marcus Pinto - The Web Application Hacker's Handbook, 2nd edition - it is awesome book. Have in mind that things evolve (but base still works the same pretty much), and currently PortSwigger Academy is probably the best source for web hacking.

Now. You do not need to read them all at once. Also, many will argue with me that 'you do not need to know it all to start'. It depends what is your goal. I think that having solid understanding of systems, networking protocols, services etc. is way more important than knowing what to payload to app. We all were inpatient at some point, and wanted to do cool stuff right away. And we all got our asses brought to us by some holes in knowledge 😉

Also, to be good in offensive sec, you need to know defensive well too, to know how to circumvent it 😉

i don't know how to thank you.!!!

Gave +1 Rep to @strange hearth

but very very thanks to you sir help means alot

You are welcome! I am not sir, btw, I am a female 🙂

ohhh she/her

:))

yep, this 😄

A, here you have 'all' about Active Directory. It is not a book, but it is awesome detailed resource. https://zer1t0.gitlab.io/posts/attacking_ad/

Whoa 🤩

Thank you 😊 divisionbyzero!

np 🙂

https://www.goodreads.com/review/list/68778625-hunter-ezzell?print=true&ref=nav_mybooks&shelf=it-hacking-network-programming ............Here is a curated list of books I will/have read. Figured it could be of use to someone.

These were collected after many hours of searching, reading forums, reviewing resources from people like John Hammond and Nahamsec, numerous YouTube videos, and such

Were these set of books really useful?

I have been studying for Sec+ and currently I am working on implementing authentication controls. This article is just what I have been looking for, as I am about take the attacking Active directory room. Very much appreciated…ma’am 😁

@chrome parcel

I am glad I could help. Good luck!

Kind of looking into cloud pententesting, any recommendations?
I was looking at possibly https://www.amazon.com/AWS-Penetration-Testing-Beginners-Metasploit/dp/1839216921 and/or https://www.amazon.com/Hands-Penetration-Testing-Kali-Linux/dp/1789136725?asin=1789136725&revisionId=&format=4&depth=1 but both of these seem AWS centric and I'm trying to figure out how they differ

I haven't got through them all yet 😂 - I just ordered a bulk of them. I've been really intrigued by Cyber Crisis, Permanent Record, The Art of Deception, Zero Day, and Ghost in the Wires - the bottom two, Hacking Exposed 7 and Web App Hacker's Handbook also look really great too; they're a lot more technical. I've started around 4 or 5 of these simultaneously but I'm not far in because I'm switching to and fro.

From what I've read though, they offer a lot of perspective

It's a good mix of tech books and story driven books

I'm reading Real-World Bug Hunting: A Field Guide to Web Hacking

Author: Peter Yaworski

Okay cool

How is that Elliot?

yeah bro 🙂

Hi, anyone knows if there is any doc or something with book recommendations? I work in IT but not in cybersec so im looking for beginner friendly books

I do remember this post, I don’t know if it’s what you’re looking for but there’s a lot

#bookclub message

• pinned messages also

@chrome parcel thanks! i ll start with that, they look interesting

Gave +1 Rep to @calm bolt

You're welcome

search around this channel it has a lot of recommendations

@wicked lance there you go.

thanks a lot! I’m most interested in that meterpremter recompile

Gave +1 Rep to @coarse gust

Neighbors, please join me in reading this first issue of the International Journal of Proof of Concept or Get
the Fuck Out, a friendly little journal for ladies and gentlemen of distinguished ability and taste in the field
of computer security and the architecture of weird machines

https://www.alchemistowl.org/pocorgtfo/

Humble Bundle has a new cookbook bundle; Not everything is applicable to cybersec, but I think there is enough there to warrant a link. https://www.humblebundle.com/books/definitive-programming-cookbooks-oreilly-books

RegEx, Docker and bash may be of special interest

Thanks for sharing. I love humble bundle they have done some great cyber bundles in the past.

Gave +1 Rep to @regal pond

Hi everyone I just read American Kingpin and wanted to hear your opinion about it? similar book suggestions are welcome tho! cheers!

Hey, how did you like it?
I haven't yet read American Kingpin but it's on my list. The kind of hackery books I've read so far are Permanent record and Sandworm, both of which I like reading

I liked sandworm. There was also: Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. I'm 1/3 done with This Is How They Tell Me the World Ends: The Cyberweapons Arms Race, enjoying it so far. The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age is on my list but haven't read it yet

ah cool!
I have countdown to zero day on my to-do list as well but not the others. Will definitely take a look!

anyone have any good audiobooks? trying to plan ahead for the plane

The only audiobook I've ever listened to was: https://smile.amazon.com/Sea-Stories-Life-Special-Operations-ebook/dp/B07HM8HQQ6
But I enjoyed it

somehow I got a lot of audio book credits so trying to find some

yeah, they keep offering me two free ones if I do an audible trial

but I usually prefer to just read it. I did an audible for a long solo road trip

I don't know if it is supposed to be a comedic book but I did the Phoenix project on audiobook and I was laughing the entire time

is that the one about startups or something?

nah its about an agile transformation of a failing company

okay, yeah. I vaguely recall hearing about that a year or so ago. I think it's meant to be funny

or sad. Maybe both

being in IT for years... it was

yeah, I was partially mixing it up with their other one, Unicorn Project

yeah I've heard of that one, one of those books was enough though

it's on my list, but I haven't read it yet. Kinda figure it will hit too close to home and just piss me off

@fading jewel @flat walrus

🔫 Where the books at

the book was really good, very well written and very different then I've would have expected. highly recommend it. Thanks for the bookworm suggestion, just bought the book 😀 . And permanent record is on my list 🙂

Gave +1 Rep to @scenic rock

thanks for the list, definitely gonna check it out!

if anyone else has any recommendations for audio books, hook me up. We have the Hobbit movies on our ipads, gonna have a variety of course videos downloaded but also still have credits to burn

Ah a good channel to promote my curated list at https://hackerbookshelf.com/ 🙂

Ayy that's a pretty cool site!

Violent Python, is this book about python? I mean is that python3 or old version

Violent Python is old, published in 2012. Black Hat Python Second Edition is more up-to-date for Python 3, published in 2021.

thx

Gave +1 Rep to @west fjord

A lot of the material in VP is going to be useful, but converting it to py3 is going to take some knowledge that newer programmers may not have

for learning about programming and python in general, 2 vs 3 isn't that much of an issue anyway

and as a hacker you will encounter python2 for years so good to know it's out there and how they're different