Books and Reading
Book Lists
Essential Desk Reference
RTFM: Red Team Field Manual - Ben Clark
One of the few books that stay on my desk and never go back to the bookshelf. Absolute gold if you are like me and cannot remember every single command ever written.
BFTM: Blue Team Field Manuel - Ben Clark
Counterpart to the RTFM, this book still provides great context for both offense and defense.
PTFM: Purple Team Field Manual - Tim Bryant
It is essential that attackers and defenders know each others methodology and how to counter it. This book helps put this into perspective.
Operator Handbook - Netmux
Similar style to the field manual series with tons of various other references, command lists and lookup tables. Beyond handy.
Cyber Operations - Mike O'Leary
The biggest friggin book I own. It is dense with references and information on just about every aspect of Cyber. Quite handy for installing and managing specific tools.
Blue Team/Security Analysis
BFTM: Blue Team Field Manuel - Ben Clark
Counterpart to the RTFM, this book still provides great context for both offense and defense.
Blue Team Handbook: Incident Response Edition (BTHb: INRE)- Murdoch
Like the above but with more details on processes and documentation for proper incidence response. Must have for anyone in IR or defensive consulting roles.
Blue Team Handbook: SOC, SIEM, and Threat Hunting Use Cases - Murdoch
Offensive Countermeasures: The Art of Active Defense by John Strand -
This is THE guide for active defense. Short, detailed, and full of both tools and theory.
Crafting the InfoSec Playbook - Jeff Bollinger
Written by members of the Cisco CSIRT team, this is a wealth of knowledge for processes and procedures for IR teams, defenders, and anyone in security operations.
Tribe of Hackers Series - Marcus J. Carey
While focusing on the Blue Team edition for this section, this is an incredible collection of thoughts and opinions on different aspects of defensive operations by some of the biggest names in our industry.
Applied Network Security Monitoring - Chris Sanders and Jason Smith
Incredible resource for every step of collection, detection, and analysis. Absolutely essential for serious blueteamers.
Threat Hunting with Elastic Stack - Andrew Pease
While the technical content is focused on Elastic Stack, it is chocked full of threat hunting theory. Well worth it even if you use a different SIEM.
Defensive Security Handbook - Brotherston and Berlin
Covers many tasks and operations needed to sucessfully run a SOC. Also covers many hardening topics for various network devices.
Security Engineering: A guide to building dependable distributed systems - Anderson
Third Edition -
The Art of Monitoring - J. Turnbull
Practice of Network Security Monitoring - Bejtlich
Practical Packet Analysis - Sanders
Logging and Log management - Chavakin
DNS Security: Defending the DNS - Liska
Penetration Testing
RTFM: Red Team Field Manual - Ben Clark
One of the few books that stay on my desk and never go back to the bookshelf. Absolute gold if you are like me and cannot remember every single command ever written.
Red Team: Development and Operations - Joe Vest and James Tubberville
Great guide for processes of red teaming and some of the tools to use.
Hacker Playbook 1, 2, and 3 - Peter Kim
While 1 might be a bit out dated, the newer versions have updated tactics and techniques with practical application in offensive scenarios. The theory of penetration testing provided in these books is quite valuable for developing your own offensive playbook.
Attacking Network Protocols - James Foreshaw
A fantastic guide to the guts of popular networking protocols and how attacks against them are made and defended.
Penetration Testing - Georgie Weidman
The original pentesting book. Dated on some tools, but incredible at explaining methodology and theory.
Advanced Penetration Testing - Wil Alsopp
Great book for awesome tricks to add to your arsenal.
Hacking: The Next Generation - Nitesh Dhanjani
Older book (2009) but has some great examples of practical exploitation of certain attack vectors.
Database hacker's Handbook - Alcorn
Shellcoder's Handbook - Alcorn
Hacking: the art of exploitation - Jon Erikson
Physical Pen Testing
Unauthorized Access - Allsop
Burglar's guide to the city - Manaugh
Red Teaming
Red team - Zenko
Red Team Development and Operations - Vest
Hands-on Red Team - Sharma
Intelligence
OpenSource Intelligence Techniques - Bazzell
Effective Threat Intelligence - J. Dietler
Hacking Web Intelligence - Chauhan
Google hacking for penetration testers - Long
Web
Web Application Hackers Handbook (Depreciated) - A great resource, but everything that is in it and more has been posted up with labs at https://portswigger.net/web-security
Operator Handbook - Netmux
Burp Suite Essentials - Mahajan
Browser Hackers Handbook - Alcorn
Bug Bounty Hunting Essentials - Lozano/Amir
Malware Analysis/Reverse Engineering
Reversing: Secrets of Reverse Engineering
Hacker Dissasembling uncovered - Kaspersky
Social Engineering
Social Engineering - Hadnagy
Influence - Cialdini
What everbody else is saying - Navarro
Human Hacking - Hadnagy
Windows
Troubleshooting with Sysinternals - Mark Russinovich
Coding and Scripting
Linux Basics for Hackers
The Linux Command Line 2nd edition
Shellcoder's Handbook - Alcorn
Violent Python
Blackhat Python
Secure Coding/DevSecOps
Art of Software Security Assessments - Dowd
Fuzzing for Software Security Testing and QA - Takenen
IDA pro Book - Eagle
General Cyber - Non-Fiction
Hunting Cyber Criminals - Troia
Practical Cryptography - Schneier
Secrets and Lies - Schneier
Data and Goliath - Schneier
Count Down to Zero Day - Zetter
Sandworm - Greenberg
American Kingpin - Bilton
Fatal System Error - Menn
Cult of the Dead Cow - Menn
Hackers - Levy
Kingpin - Paulsen
Little BRother Doctorow
Playing to the Edge - Hayden
Spies among us - Winkler
Crash Override - Zoe Quinn
Worm - Bowden
Crimedotcom - White
Psycho.com - Ormsby
The Perfect Weapon - Sanger
Hacking the Hacker - Grimes
Fiction
Cuckoo's Egg - Stoll
Silence on the Wire - Zalewski
Misc.
Building Secure & Reliable Systems Best Practices for Designing, Implementing and Maintaining Systems (O'Reilly) By Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski, Adam Stubblefield https://landing.google.com/sre/books/
Security Engineering By Ross Anderson - A guide to building dependable distributed systems. (and Ross Anderson is brilliant //OP editorial) https://www.cl.cam.ac.uk/~rja14/book.html
The Cyber Skill Gap By Vagner Nunes - The Cyber Skill Gap: How To Become A Highly Paid And Sought After Information Security Specialist! (Use COUPON CODE: W4VSPTW8G7 to make it free) https://payhip.com/b/PdkW
The Beginner’s Guide to Information Security By Limor Elbaz - Offers insight and resources to help readers embark on a career in one of the 21st century’s most important—and potentially lucrative—fields. https://www.amazon.com/Beginners-Guide-Information-Security-Kickstart-ebook/dp/B01JTDDSAM
Texas A&M Security Courses The web-based courses are designed to ensure that the privacy, reliability, and integrity of the information systems that power the global economy remain intact and secure. The web-based courses are offered through three discipline-specific tracks: general, non-technical computer users; technical IT professionals; and business managers and professionals. https://teex.org/program/dhs-cybersecurity/
Last updated