The Art of Mac Malware, Volume 2
The Art of Mac Malware, Volume 2 is a comprehensive guide to the programmatic approaches you can use to detect and protect against macOS malware.
Hacking & Computer Security
Black Hat Bash
Master the art of offensive bash scripting. This highly practical hands-on guide covers chaining commands together, automating tasks, crafting living-off-the-land attacks, and more!
Windows Security Internals
Power up your Windows security skills with expert guidance, in-depth technical insights, and lots of real-world vulnerability examples.
Engineering Secure Devices
An essential resource for current and future developers tasked with protecting users from the potential threats of these ubiquitous devices.
Evasive Malware
The first-ever guide to analyzing malicious Windows software designed to avoid detection and forensic tools.
The Android Malware Handbook
An all-star guide to tackling the analysis and detection of malware that targets the Android operating system.
Evading EDR
A guide to understanding the attack-detection software running on Microsoft systems, and how to evade it.
Black Hat GraphQL
Written by hackers for hackers, this hands-on book shows how to identify vulnerabilities in apps that use GraphQL.
Hacks, Leaks, and Revelations
Learn the tools and develop the skills for uncovering big secrets hiding in public datasets.
Codebreaking
A tour through history’s real codes and ciphers written by two of today’s best cipher crackers.
Hacking APIs
Learn how to test APIs for security vulnerabilities so you can uncover high-payout bugs and improve the security of web apps.
The Art of Cyberwarfare
A detailed guide to nation-state hacking methods that shows how to track, analyze, and attribute advanced attacks.
Locksport
This hands-on guide to the art of lockpicking will take you from noob to competition-ready.
Designing Secure Software
An elegant, team-oriented guide for building security into the software design process.
Practical Doomsday
Outlines a model for evaluating risks in your life, as well as preparing for a wide range of potential crises.
The Art of Mac Malware
A handbook for Apple infection methods, malicious script analysis, and Mach-O malware.
Go H*ck Yourself
A hands-on intro to hacking that guides you through executing every major type of attack (from the safety of a virtual lab).
Practical Linux Forensics
A practitioner’s guide focused on postmortem analysis of modern Linux installations.
Bug Bounty Bootcamp
A beginner's guide to web hacking, bug hunting, reporting vulnerabilities – and getting paid for it.
Ethical Hacking
A crash course in modern hacking techniques, with lots of hands-on labs for aspiring offensive security experts.
How to Hack Like a Legend
Puts you in the mind of a master hacker, as you plan and launch a stealth attack on Microsoft’s best security systems.
Cybersecurity for Small Networks
A guide to implementing DIY security solutions and readily available technologies to protect home and small-office networks from attack.
Crypto Dictionary
Crypto Dictionary is your full reference resource for all things cryptography.
Black Hat Python, 2nd Edition
Explore the stealthier side of programming with Black Hat Python, 2nd Edition – fully updated for Python 3, with all new strategies for your hacking projects!
How to Hack Like a Ghost
How to Hack Like a Ghost is a fast-paced adventure that lets you shadow a master hacker targeting a shady foe with advanced cloud security.
How Cybersecurity Really Works
A hands-on guide targeted at total beginners, How Cybersecurity Really Works will teach you everything you need to know about cyber defenses.
Practical IoT Hacking
Written by all-star security experts, Practical IoT Hacking is a quick-start conceptual guide to testing and exploiting IoT systems and devices.
PoC||GTFO, Volume 3
PoC||GTFO (Proof of Concept or Get The Fuck Out), Volume 3 continues the series of wildly popular collections of this hacker journal.
Cyberjutsu
Based on techniques adapted from authentic Japanese ninja scrolls, Cyberjutsu teaches ancient approaches to modern security problems.
Practical Social Engineering
A hands-on look at the cyber attacks that target human nature, with pentesting templates for performing SE ops, and tips for defending against them.
The Ghidra Book
The Ghidra Book is a practical introduction to Ghidra, a comprehensive, open-source tool suite for reverse engineers.
Practical Vulnerability Management
Practical Vulnerability Management shows you how to weed out system security weaknesses and squash cyber threats in their tracks.
Web Security for Developers
Web Security for Developers explores the most common ways websites get hacked and how web developers can defend themselves.
Foundations of Information Security
Foundations of Information Security provides a high-level overview of the information security field.
The Hardware Hacker (Paperback edition)
The Hardware Hacker is an illuminating career retrospective from Andrew “bunnie” Huang, one of the world’s most esteemed hackers.
Practical Binary Analysis
Practical Binary Analysis covers advanced binary analysis topics like binary instrumentation, dynamic taint analysis, and symbolic execution.
PoC||GTFO, Volume 2
PoC||GTFO (Proof of Concept or Get The Fuck Out), Volume 2 follows-up the wildly popular first volume with issues 9 through 13 of the eponymous hacker zine. Contributions range from humorous poems to deeply technical essays.
Malware Data Science
Malware Data Science explains how to identify, analyze, and classify large-scale malware using machine learning and data visualization.
Linux Basics for Hackers
Linux Basics for Hackers uses the Kali Linux distribution to explain core Linux topics like filesystems, networking, package management, and BASH.
The Hardware Hacking Handbook
Cracks open embedded security to show how hardware attacks work from the inside out.
Pentesting Azure Applications
Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure.
Black Hat Go
Black Hat Go will help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset.
Real-World Bug Hunting
Real-World Bug Hunting uses real-world bug reports to teach programmers how to discover and protect vulnerabilities in web applications.
Serious Cryptography
Serious Cryptography is a practical guide to the past, present, and future of cryptographic systems and algorithms.
PoC||GTFO
PoC||GTFO (Proof of Concept or Get The Fuck Out) is a compilation of the wildly popular hacker zine of the same name. Contributions range from humorous poems to deeply technical essays.
Practical Packet Analysis, 3rd Edition
Practical Packet Analysis, 3rd Ed. teaches you how to use Wireshark for packet capture and analysis.
Gray Hat C#
Gray Hat C# shows you how to use C#'s powerful set of core libraries to create and automate security tools.
Attacking Network Protocols
Attacking Network Protocols is a deep dive into network protocol security from James Forshaw, one of the world’s leading bug hunters.
Practical Forensic Imaging
Practical Forensic Imaging takes a detailed look at how to secure digital evidence using Linux-based command line tools.
Car Hacker's Handbook
The Car Hacker’s Handbook shows how to identify and exploit vulnerabilities in modern vehicles.
Rootkits and Bootkits
Rootkits and Bootkits shows you how to analyze, identify, and defend against rootkits and bootkits.
Game Hacking
Game Hacking shows programmers how to dissect computer games and create bots.
Smart Girl's Guide to Privacy
The Smart Girl's Guide to Privacy teaches you how to protect yourself online.
iOS Application Security
iOS Application Security covers everything you need to know to design secure iOS apps from the ground up.
Book of PF, 3rd Edition
The Book of PF, 3rd Edition is the essential guide to building a secure network with PF, the OpenBSD packet filtering tool.
Android Security Internals
Android Security Internals gives you a complete understanding of the security internals of Android devices.
Penetration Testing
Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses. In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs.
The Practice of Network Security Monitoring
The Practice of Network Security Monitoring teaches IT and security staff how to leverage powerful NSM tools to identify threats quickly and effectively.
Tangled Web
The Tangled Web sheds light on the security challenges that engineers, developers, and users face on the Web today. Join security expert Michal Zalewski for an in-depth look at how browsers actually work, and what pitfalls lurk in the shadows.
A Bug Hunter's Diary
A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software.
Practical Malware Analysis
- Download Chapter 12: "Covert Malware Launching" (PDF)
- Download the labs
- Visit the authors' website for news and other resources
"The book every malware analyst should keep handy." —Richard Bejtlich, CSO of Mandiant & Founder of TaoSecurity
IDA Pro Book, 2nd Edition
No source code? No problem! This second edition of the The IDA Pro Book is the definitive guide to IDA Pro, arguably the most sophisticated disassembler in the world.
Metasploit
Whether your goal is to secure your own network or discover vulnerabilities for a client, Metasploit: The Penetration Tester's Guide is the definitive guide to using this dynamic and powerful tool.
Linux Firewalls
"Between 2000 and mid-2008, I've read and reviewed nearly 250 technical books. I've also written several books, so I believe I can recognize a great book when I see it. Linux Firewalls is a great book."
—Richard Bejtlich, TaoSecurity.com, from the foreword to Linux Firewalls
View a sample chapter, Chapter 10: Deploying fwsnort
Silence on the Wire
View a sample chapter, Chapter 5: Blinkenlights
Designing BSD Rootkits
"If you understand C and want to learn how to manipulate the FreeBSD kernel, Designing BSD Rootkits is for you. Peer into the depths of a powerful operating system and bend it to your will!"
Richard Bejtlich, TaoSecurity
- View a sample chapter, Chapter 2: Hooking
- Download the source code files here (.tgz archive)
Gray Hat Python
The first Python book written for security analysts, Gray Hat Python explains the intricacies of using Python to assist in security analysis tasks. You'll learn how to design your own debuggers, create powerful fuzzers, utilize open source libraries to automate tedious tasks, interface with security tools, and more.
