I write for a living. So if you assume that I enjoy reading, you’re absolutely right! My home office has 9 foot bookcases featuring some of the nerdiest science fiction, manga, magazines, and computer technology books imaginable. And last time I checked my phone, I have several hundred eBooks and PDF book files. If I ever get bored of reading stuff on the web, I have a sizable library of books at home and on the go.
So I definitely have opinions when it comes to books. I’m not going to recommend manga here because this is a blog about hackers and hacking. (Although lots of you love manga as much as I do!) But I thought I would share with you some of my favorite hacking books, if you’re looking for something to read.
Here’s my disclaimer. A few of these books were written by my friends. And two of these books were written by me. So although any list of favorite books is subjective by nature, this list is super biased as well. Just so you know! But I’m sure if you want to learn more about hacking and cybersecurity, you’ll learn a lot from these books and have fun while doing so. We’re all about having fun while learning here at Hack The Box!
Hackers: Heroes of the Computer Revolution is a must read for all hackers. The first edition was published in 1984, and this latest O’Reilly edition was published in 2010 with new content. Levy is one of my favorite nonfiction writers of all time, and he’s also the editor of WIRED Magazine. Levy’s book explores the history of hackers and hacking in great detail. He goes from the Tech Model Railroad Club and very large and very legacy timeshared computers on university campuses in the 1950s and 1960s, to Spacewar!, one of the earliest video games. Then he goes into the 1970s with Steve Wozniak and the Homebrew Computer Club, to Woz and Steve Jobs founding Apple, and Bill Gates and Paul Allen founding Microsoft. The book even goes into the rise of PC games through the 1980s. All throughout, Levy writes about the Hacker Ethic, and hacker culture in general. If you want to understand why hackers are the good guys and how we got to where we are now, this book is one of the best ways to learn.
Tanya Janca is one of the world’s top application security experts, and she spends a lot of her time going from convention to convention giving talks on the topic. I know this not only because I’ve been to some of her talks, but also because she’s my friend. She spent a lot of time working for Microsoft before she decided to start her own business, We Hack Purple. And the cover of Tanya’s book is purple, and she identifies as a purple team hacker because she thinks offensively and defensively equally. But all the knowledge and experience in the world don’t matter much if you can’t teach stuff to newbies. Fortunately, Tanya is great at that, and this is an excellent book for total newcomers to the application security field. And as you learn about application security, Alice and Bob are learning too. You’re not alone!
Eric S. Raymond
Open source software is the backbone of modern computing. A lot of my favorite applications, from Mozilla Firefox to LibreOffice, are open source. A lot of commercial software also has some open source code. A large percentage of code, from consumer endpoints, to hardware drivers, to firmware, to internet servers is open source. And this website is being delivered to you through a lot of different open web and internet technological standards. Even if you’ve never used Linux on the desktop, you can’t escape open source. If it weren’t for open source, our computers and the internet would look very different today. Raymond’s book is the definitive tome of the history of open source software, and some of the friction open source has caused with the developers of closed source proprietary software. Open source software is also a major feature of hacker culture, so definitely check out Raymond’s classic book.
No Starch Press
Georgia Weidman is one of the top penetration testing experts out there. She’s also my friend. If you’re using Hack The Box’s hacker education platform, it’s highly likely the you’re either a pentester or you want to be a pentester. Weidman’s book explains some of the basics of simulating cyber attacks so your clients can learn how they can improve their security. She covers many of the applications that are featured in Pwnbox and Parrot OS, such as Wireshark, Burp Suite, and Nmap. And she explains the methodology behind pentesting in a way that’s accessible to total newcomers. Definitely check this one out.
Phillip L. Wylie and Kim Crawley
Here’s another must read for newcomers to pentesting. How the heck do I review my own book? Well, the one I wrote with pentester extraordinaire Phil Wylie? I’ll do my best, I suppose. This book was actually Phil’s idea. For the past few years, he’s been giving his Pentester Blueprint talks at various cybersecurity events. His talk is all about the Hacker Mindset and how to succeed in your pentesting career. When he started writing this book inspired by his talks, he found that he needed a collaborator. So he asked me. I was honored. Our collaboration was a smashing success. We ended up each having written about half the book. The parts he wrote and the parts I wrote might not be obvious. Phil wrote the parts which reflect his Pentester Blueprint curriculum, and I wrote the complimentary content such as the basics of cybersecurity. If you’re curious about pentesting careers and don’t know where to start, this book is for you. We wrote it to be newcomer friendly. As you read our book, you can enjoy Hack The Box’s educational platform and fully immerse yourself in the professional hacking experience!
Most cyber attacks involve social engineering at some point or another. Social engineering is all about fooling human beings, and Hadnagy’s book explores the topic in great detail. Social engineering shows how human psychology is such an important part of cybersecurity. Learn all about phishing, Trojans, and asking people for authentication credentials and other sensitive information that you’re not entitled to have. Not only will this book make you a better pentester, but you’ll also learn how to resist being socially engineered yourself. And contrary to popular belief, cybersecurity professionals and other types of hackers do indeed succumb to social engineering! Even I can be fooled. So don’t get overconfident and make sure to think critically.
Here’s an upcoming book that’s designed to show businesses why they should care about cybersecurity and how they can implement it. I wrote this one all by myself this time. As you become a professional hacker, you will have business clients. So my book can also teach you more about the corporate side of cybersecurity. 8 Steps will be published in a few monthst, but you can pre-order it now. Each of my 8 Steps covers a component of how to improve a business’ cybersecurity, from hiring the right team, to cybersecurity frameworks and incident response, to all kinds of security testing (including pentesting), to building redundancy and resilience in a corporate computer network in the cloud and on premises. And if you really like my personality, every single page of this book is dripping in it. If you don’t like my personality, at least you may learn something from my anecdotes. I’ve also thoroughly researched security policy and cyber defense for this book.
Senior Community Manager Soti Giannitsari (@r0adrunn3r) loves reading as much as I do. Here are her picks:
RTFM (A Cheatsheet )
So there’s a lot of good stuff for hackers to read. But learning through reading isn’t sufficient, you also need to learn by doing. So I’m going to finish by recommending some of my favorite HTB Academy modules. Enjoy!
Network Enumeration with Nmap is the best Nmap introduction out there. You will definitely use Nmap a lot when you’re hacking networks. This module will show you how to be an Nmap pro. Learn all about how to evade firewalls and other network security devices, how to discover hosts and scan ports, and even how to use Nmap’s scripting language. You’re in for a treat.
Login Brute Forcing is a lot of fun. The great variety of vectors on the internet and within applications that are designed for username and password authentication are often vulnerable to brute force attacks. If you want to learn why some passwords are better than others and how passwords are an imperfect method of authentication, you will have hands-on education here. And you’ll feel really badass while doing it.
Intro to Assembly Language is well suited for intermediate level hackers. Many of the programming languages we interact with everyday are human readable and easier to grasp. But assembly languages are hexadecimal and very challenging. It’s the code that goes straight to the CPU. Learn all about x86_64 assembly, shellcoding, and debugging assembly code. When you’re done with this module, you’ll be well on your way to being an advanced hacker.