Reading list

I have gathered a few books from my own 'early-days' that I recommend to anyone just starting out. These books will help someone new to understand some foundational pen testing concepts. Good luck!..


 Hacking: The art of exploitation  is a substantial and worthwhile book. This book is often recommended, and for good reason! Chapters on scripting and BOF are particularly worth while.

As the title suggests; the book attempts to provide a high level grounding in the principles of exploitation. Early in the book the reader is given a brief history of exploitation and then introduced to exploit examples with code examples. The book progresses at a steady and informative pace and provides ample examples throughout.

---------------------------------------------------



 Red Team Field Manual  is purely a reference book. The book is essentially an aide memoir for an engagment. It basicaly lists commonly used commands and switches as well as stuff we should all remember but still, you-know - segmentation fault. Have it in your bag.

---------------------------------------------------





 Blue Team Field Manual  is another reference book. Regardless if your a red teamer or a blue teamer, BTFM is extremely useful. Understanding common methods of defence and detection are essential for any attacker. Likewise, for a defender this book provides a checklist for areas and techniques you should be considering when defending any network.

---------------------------------------------------





 Social Engineering: The Art of Human Hacking  is a fascinating book filled with anecdotes and practical instruction on social engineering. The word 'art' is in the title - if you were in any doubt, after reading this book you will be convinced of the artistry of social engineering. The book is written by Christopher Hadnagy master of all things SE. Chris founded the much celebrated SEvillage and SECTF at DEFCON.


---------------------------------------------------


 Metasploit: The penetration Tester's Guide  is another no starch press book (noticing a theme here?). This book is a step by step hands on introduction to (a now earlier version of) metasploit. The layout and format of this book makes understanding the core functionality of MSF simple. 

Among the authors are the creator of the Social-Engineer Toolkit, The lead developer of Kali and lead trainer at Offensive Security and  These authors should be enough to convince you that this is a worth while read.


---------------------------------------------------


 Penetration Testing; A Hands-On Introduction to Hacking  This book provides a step-by-step guide with examples and explanations. The book covers allot of ground and gives a great overview of pen test engagements. The author is Georgina Weidman; a professional pen-tester and founder of Bulb Security. Georgina has presented talks at Black Hat, ShmooCon and DerbyCon on various topics. Georgina was also given a grant by DARPA to work on mobile device security. - She knows her stuff.

---------------------------------------------------



 The Linux Command Line  is not a hacking/pen-testing book by any means. It is however a gold mine of knowledge (get good at bash scripting!). I'm fairly confident even the most experienced *nix user would benefit from reading this book.