Thanos Stantzouris

Posted on Feb 13, 2021 • Originally published at sudorealm.com

The Books that Made me a Hacker

#hacking #kalilinux #books #pentesting

There is a myth, that great hackers didn't make it to the top just by hacking their way into highly secure systems. The myth consists of the following: Great hackers before glorious fame, based on their legendary victories in the cyber wars, they hit the books!

My name is Thanos and I go by @DevThanos on the surface net, and d3ad_R1nger on the interwebs, I am a web developer and a security researcher I love the thrill of penetration testing and books is a huge affection of mine.
I really wanted to write a blog post about Hacking Books, but I couldn't write it before reading them. So I finally decided to just start a list with the best hacking books that I have actually read, and occasionally update it with new ones.

Without further delay: The Greatest Hacking Books, that every Hacker should read before getting married! 😂

Black Hat Python: Python Programming for Hackers and Pentesters 2nd Edition

You are a newb, but you hate the word skid... Skids... Always taking credit with code other people wrote... You don't want to be that! You want to learn how to code, how to write custom malware, network sniffers, stealthy trojans! You want to be a real Hacker. Hacker's don't really need to be coders, but there are some crazy scenarios in hackerLife where you might not have the opportunity to install any of your favorite port scanners. But you can easily code one yourself. If you know how that is... 😉

Penetration Testing: A Hands-On Introduction to Hacking

Arguably, one of the best books I have ever read as a beginner. I learned about different domains of security and penetration testing, and the Author never slipped from the point and got distracted.
Overall, an excellent informational resource, a great introduction to penetration testing, and the author provides all the tools necessary for the book, but kinda outdated nowadays. Also pretty cool study material for the OSCP.

The Tangled Web: A Guide to Securing Modern Web Applications

My focus started leaning towards web app hacking whilst I was going through this specific book. And I will only tell you one thing about this and I will leave it at that.
It is pretty horrifying to find out how insecure and broken the web was 10 years ago.

Web Security for Developers: Real Threats, Practical Defense

My master's dissertation was about web security, and one of my sources was this book. It was published in 2020 so in contrast to the aforementioned books, this one also lists some cool techniques and also goes deep into some modern internet topics like the deep web. Overall a very fun book to read if you are interested in Web App Security, not really recommended to security professionals, but if you are just starting your journey and want something to get you started, I couldn't recommend this book enough.

Web Hacking 101

By Peter Yaworksi

This book is the real deal, With over 30 examples, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties. In addition, the examples are publicly disclosed vulnerabilities.
I really 💜 these types of books, because their place on the shelf is only temporary, you always remember something helpful that you read and you open it again.

Real-World Bug Hunting: A Field Guide to Web Hacking

By Peter Yaworski

From the same author of the book Web Hacking 101, Real-World Bug Hunting kept the fire alive on my web hacking mentality.

Open Redirect
HTTP Parameter Pollution
Cross-Site Request Forgery
HTML Injection
Carriage Return Line Feed Injection
Cross-Site Scripting
SQL Injection
SSRF
XEE
RCE's
IDOR's

What the hell are those you asked? These are some of the most common vulnerabilities out on the modern web given the fact that the book was released in 2019.
This book is very young, but I am quite sure that it's going to be one of the most recommended books for web app pen-testing. If it is not already.

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws

TWAHH was my main go-to source while writing my master's and in the end, I had to read it again! This book is written by the guys who developed Burp Suite, the most popular web application testing framework out in the wild.
There are so many exploits listed and explained that you wouldn't imagine. If you have a basic understanding of web pen-testing. This is a book you want to read. There is also a Second Edition released with updated content! 💪
Highly recommended!

How to Hack Like a PORNSTAR: A step by step process for breaking into a BANK (Hacking the planet)

By Sparc Flow

This book was nothing less than enjoyable to read, I remember finishing it in two nights and laughing in the meantime. With a great title, not clickbait at all, Hack Like a Pornstar, is not a book about information security, nor about IT, It's a book about Hacking, like Mr. Robot, if you catch my drift. From phishing email to exfiltrating data, doing everything in a hot and sexy way 😍.

This book literally demonstrated a Bank hacking red team operation! Truly amazing!
Sometimes we read books primarily to have fun, and secondarily to learn something.
Being a hacker apprentice sometimes leads you to a path of reading strictly highly technical books, which is not bad but you need to always have some free time for pure entertainment. And this book is a pure hacktertainment! And please don't get me wrong this book can get quite technical too.

Sparc Flow has also written the following books, which I have not read yet but they are on their way.

HYPE! 🥳

Ghost in the Wires, The Art of Deception & The Art of Invisibility

Why 3 at once? Because I have indeed read all 3 of them, and they share a common author, Kevin Mitnick. The hacker with a life story right out of a Hollywood movie. Don't believe me? Believe him, by reading the first book Ghost in the Wires, the Adventures of Kevin Mitnick as the World's Most Wanted Hacker! This book is amazing! First of all, it is an amazing story, which by being real it becomes even more chilling, staggering, and breathtaking! I remember how I had a more rebellious spirit awakened in me just by reading the, more than one, catch me if you can real stories that this book contains. Whenever I see the sentence "A Great Hacking Book" this one comes to mind. Not penetration testing, not information security, pure old classic Hacking!
Damn Kevin. Tying up the phone line again. They're all alike. 😉

Next up we got The Art of Deception, written by Mitnick, William L. Simon, & Steve Wozniak. This book is about Mitnick's true skill, Social Engineering. By reading this book you will get an idea of how to hack the most dangerous, and "unpatchable" vulnerability of the cybersecurity world, the human mind!

The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data. Very Interesting already. 🤔
What is the one superpower you would want to have if you could only choose one? Mine is Telepathy 🔮, but many people's answer is Invisibility. And if you think about it, nowadays, invisibility is indeed a very powerful power to possess. Our privacy is always a concern but after Snowden's revelation, some people have started to fear that their governments are spying on them. You may not care about that, but you probably have nothing to hide right? Why though? Why should they know? Even the smallest detail of your day, that you really don't care about people knowing... Why should they be able to know, and... if they are able to, then who else is? Think about it, and if you actually care about maintaining your private life, private. Give The Art of Invisibility a go, you will surely not regret it!

Hash Crack: Password Cracking Manual (v3)

This book as well as the next one is not a book to keep on your shelf, this book has always a special place inside every hacker's bag, because you know, as a hacker, you may face the challenge of cracking some passwords. There is no better cheatsheet than Hash Crack and v3 is an even greater help!
If you are a cracker you should take a look at this cool post I wrote about How to Hack a GoPro, password cracking was a huge part of it!

RTFM: Red Team Field Manual

Just buy it... It's cheap and its value is immeasurable. Definitely a book for your hacker bag, RTFM is THE cheatsheet to always carry around:

*NIX
Windows
Networking
Tips & Tricks
Tool Syntax
WEB
Databases
Programming

What more do you need?

The Hackers Playbook 3

By Peter Kim

Who said epic trilogies can't keep getting better and better? Ok... The Matrix didn't actually succeed, but The Hackers Playbook Trilogy certainly did!

Personally, this book series taught me how to hack and how to think like a hacker. Not that the other books in the list can't teach you that, it's just that the first hacking book I ever bought was The Hackers Playbook.

Peter Kim takes you on a journey through all the different phases of a penetration test and even helps you set up your pen-testing environment. But the greatest lesson this book has to offer is reporting your findings to your clients, now that is true hacking guys, just so you know. NodeJS attacks, SQL Injections, advanced XSS might seem very cool, but if you want to get paid, you need to know how to write a report!

Maybe overall the best resource for all-around hacking techniques. I highly recommend this book to every beginner hacker out there.

Couldn't help it 😁

Hacking: The Art of Exploitation, 2nd Edition

Last on this list, the most important book on a real hacker's library.
This book took me years to actually finish. Definitely not a book for beginners. BUT! It helped me to grow as a hacker and always stay humble and rooted in reality no matter how much I learned, and it still has that effect on me, to be honest. When I first bought that book I remember I was sooooo overhyped! Until I started reading it, unknown words and concepts kept coming at me with supersonic speed, I couldn't handle the amount of new information. This book demands a solid understanding of the machine as a whole. But that gave me the drive, to buy easier Hacking books, play around with programming languages, networks, and Virtual Machines, and in the end, it keeps giving me knowledge whenever I open it up to remember things I forgot.

This book will not get you started. It will definitely help you understand why a buffer overflow script written in python works, and how.
I like to think that this book resembles the Holy Grail of Hacking.

A few words

You have reached the end of my Hacking Booklist, and first of all, thank you for that!
I know that many essential books are missing from this list, but this list is not that kind of list. Any book that did not make the final cut is just a book I have not read yet, as simple as that.

I really like making lists and posting them online, I actually believe that someone somewhere may find some value in it, and that warms my heart.
I am open to conversation, to chat about hacking stuff, coding, projects, movies, whatever nerdy actually.

You can find me on:

🐤 Twitter @DevThanos
🤖 Reddit u/stantz16
[Fb] Facebook
☕ BuyMeaCoffee

If you like my content for some curious reason there are some more lists like this one:

Give 'em a try! You won't be disappointed! Trust a nerd!

Oh, last but not least! If you are one of those super cool guys that really like to hype people up with crazy acts of kindness And keep the Hacking Spirit awake.