Adres
Polska, Warszawa
Cybersecurity enthusiasts and professionals alike benefit from having the right resources at their disposal. Below is a detailed guide to essential hacking books and resources, complete with direct links for easy access.
Hacking Books and Learning Resources
1. The Web Application Hacker’s Handbook
• Authors: Dafydd Stuttard and Marcus Pinto
• Summary: A foundational guide to web application security, covering key vulnerabilities and attack methods.
• Why Read It: Ideal for beginners and intermediate learners.
• Link: The Web Application Hacker’s Handbook
2. WebSec Academy (PortSwigger)
• Overview: A free learning platform offering hands-on labs and courses on web application security.
• Link: WebSec Academy
3. OWASP Web Security Testing Guide
• Description: A community-driven guide to web application security testing.
• Link to Latest Version: OWASP Web Security Testing Guide
• Version 4.2 by Ellie Saad and Rick Mitchell: Web Security Testing Guide v4.2
4. Real World Bug Hunting
• Author: Peter Yaworski
• Summary: Insights into vulnerabilities discovered in real-world applications, such as Uber and Starbucks.
• Link: Real World Bug Hunting
5. Bug Bounty Bootcamp
• Author: Vickie Li
• Summary: A comprehensive guide to starting and succeeding in bug bounty hunting.
• Link: Bug Bounty Bootcamp
6. The Red Team Field Manual
• Author: Ben Clark
• Summary: A practical, command-focused manual for red teamers.
• Link: The Red Team Field Manual
7. Red Team Development and Operations: A Practical Guide
• Authors: Joe Vest and James Tubberville
• Summary: Guidance on building and managing effective red teams.
• Link: Red Team Development and Operations
8. Operator Handbook
• Author: Joshua Picolet
• Summary: Covers red, blue, and OSINT commands, making it a versatile reference.
• Link: Operator Handbook
9. Tribe of Hackers Red Team
• Authors: Marcus Carey and Jennifer Jin
• Summary: Features interviews with top hackers on career advice, tools, and philosophies.
• Link: Tribe of Hackers Red Team
10. The Pentester Blueprint
• Authors: Phillip Wylie and Kim Crawley
• Summary: A roadmap for aspiring penetration testers.
• Link: The Pentester Blueprint
11. OSINT Techniques: Resources for Uncovering Online Information
• Author: Michael Bazzel
• Summary: Explores techniques for gathering intelligence using open-source tools.
• Link: OSINT Techniques
12. Evading EDR
• Author: Matt Hand
• Summary: A guide to bypassing endpoint detection systems during red team engagements.
• Link: Evading EDR
13. Attacking Network Protocols
• Author: James Forshaw
• Summary: A detailed exploration of network protocol vulnerabilities and exploits.
• Link: Attacking Network Protocols
14. Black Hat GraphQL
• Author: Nick Aleks
• Summary: Focused on exploiting vulnerabilities in GraphQL APIs.
• Link: Black Hat GraphQL
15. Hacking APIs
• Author: Corey Ball
• Summary: Comprehensive coverage of API vulnerabilities, supported by online labs.
• Link: Hacking APIs
• Companion Labs: APISEC University
16. Black Hat Go
• Authors: Tom Steele, Chris Patten, and Dan Kottmann
• Summary: A programming guide for creating offensive security tools using Go.
• Link: Black Hat Go
17. Black Hat Python
• Author: Justin Seitz
• Summary: Advanced Python techniques for pentesting and security automation.
• Link: Black Hat Python
18. Black Hat Bash
• Authors: Dov and Nick Aleks
• Summary: A forthcoming book focusing on scripting for offensive security using Bash.
• Link: Black Hat Bash
19. Zseano’s Methodology
• Author: Zseano
• Summary: A free methodology guide for bug bounty hunting.
• Link: Zseano’s Methodology
20. Breaking Into Information Security
• Author: Andy Gill
• Summary: A practical career guide for newcomers to cybersecurity.
• Link: Breaking Into Information Security
21. Expanding Your Security Horizons
• Author: Andy Gill
• Summary: The sequel to “Breaking Into Information Security,” focusing on advanced career planning.
• Link: Expanding Your Security Horizons
Online Platforms and Wikis
1. Wiki Book Pentest (Living Document)
• Overview: A comprehensive resource for penetration testing techniques.
• Link: Pentest Wiki
2. HackTRICKS
• Overview: A living document offering methodologies for penetration testing, defensive strategies, and OSINT.
• Link: HackTRICKS
3. Fuzzing Lists
• Overview: A curated repository of fuzzing payloads for testing applications.
• Link: Fuzzing Lists
4. SecLists
• Overview: A collection of common passwords, payloads, and fuzzing strings.
• Link: SecLists
5. Payloads All The Things
• Overview: A repository combining fuzzing payloads with tutorials on exploiting vulnerabilities.
• Link: Payloads All The Things
Hands-On Labs and CTF Platforms
1. Pentester Lab
• Overview: Offers hands-on exercises and labs for learning web vulnerabilities.
• Link: Pentester Lab
2. Try Hack Me
• Overview: An interactive platform for learning cybersecurity skills, with a focus on practical challenges.
• Red Team Fundamentals Module: Try Hack Me
3. HTB Academy
• Overview: Hack The Box’s learning platform offering structured tracks in various cybersecurity topics.
• Link: HTB Academy
4. Hacktivity (HackerOne)
• Overview: Public bug bounty disclosures showcasing real-world vulnerabilities.
• Link: Hacktivity
5. Vulnerable U
• Overview: A newsletter and resource hub focused on vulnerabilities and mental health in cybersecurity.
• Link: Vulnerable U
Newsletters
1. Sharing What Matters in Security
• Overview: A newsletter by Securibee covering critical updates in cybersecurity.
• Link: Securibee Newsletter
2. Intigriti
• Overview: Bug bounty news and methodologies from the Intigriti platform.
• Link: [Intigriti]
