There's many ways to learn ethical hacking. You can learn to hack through online hacking tutorials, watch YouTube videos on hacking, learn by hacking deliberately vulnerable websites or you can learn from books.
Trust me though, there's a lot of hacking books out there, some good, some not so good. So what I've done is select the twenty best hacking books based on popularity and the general consensus on some of the hacking subreddits.
This is the best of the best if you like, but they're not in any specific order. I do however have a favourite that I will reveal at the end ;)
So without further ado, here they are:
Hacking: Computer Hacking Beginners Guide How to Hack Wireless Network, Basic Security and Penetration Testing, Kali Linux, Your First Hack
This book focuses on teaching you how to protect yourself from common hacking attacks by teaching you how hacking works and how to stay ahead of criminal (black hat) hackers.
Contained within this book are the tools and techniques that are used by both criminal and ethical hackers. The book also shows you how to spot an attack on your system so that you can minimize any potential damage.
Hacking: The Art of Exploitation
This book is a must if you're a beginner and covers everything from programming, to machine architecture through to network communications and the latest hacking techniques.
The book doesn't just show you how to run existing exploits, it also explains how hackers exploit programs and come up with original exploits.
Included with the book is a LiveCD which provides you with a Linux environment without having to modify your existing OS setup. You can follow along in the book's examples, debug code, overflow buffers, exploit cryptographic weaknesses, and it even shows you how to invent your own new exploits. Awesome book.
The Hacker Playbook 2: Practical Guide To Penetration Testing
This book has been written by a longtime security professional and CEO of Secure Planet, LLC and provides a step-by-step guide to penetration testing, treating it like a "game" of sorts.
Through this unique method of teaching penetration testing (like a series of football-style "plays"), the book addresses the main problems and roadblocks that many people face while penetration testing.
The book teaches how to attack different types of networks, how to escalate privileges and evade antivirus software using hands-on examples and helpful advice from the top pen testers in the field.
Hash Crack: Password Cracking Manual
This book is a must for anyone wanting to know how to crack passwords. The book contains a compilation of basic and advanced techniques which penetration testers and network security professionals can use to evaluate the security of an organization from a password viewpoint.
The manual contains the most popular password cracking and analysis tools and basic password cracking methodologies. The manual also contains all the tables, commands and online resources you're going to need to crack passwords and also protect against password attacks.
Hacking: Computer Hacking, Security Testing, Penetration Testing, and Basic Security
This book emphasises that you need to learn how to hack in order to stop someone from hacking you, which I agree with.
By reading this book, you'll learn about hackers themselves, different types of attacks and the exact steps and techniques that the world's best hackers use to attack systems.
The book is suitable for beginners and experts alike because it takes you from basic principles, through to more advanced techniques which you can use to either hack or protect yourself and your devices from being hacked.
The Hardware Hacker: Adventures in Making and Breaking Hardware
If you're interested in hacking hardware, then this book by one of the world's most prolific hackers Andrew "bunnie" Huang, will help inspire you.
In this book, the author (and author of Hacking the Xbox) takes you through the ins and outs of hardware manufacturing and shares a collection of personal essays on his visits to the electronics markets in Shenzhen and interviews on topics such as reverse engineering.
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
The book takes you from the basics of the internet, through to how to find the most vulnerable areas of an application and finally through to finding vulnerabilities themselves within a web application.
The book teaches you step-by-step how to attack and defend web applications and also covers the latest technology designed to defend web application from attacks.
This is a hefty book, with 21 chapters in total, but the bulk of it is dedicated to explaining web technologies, how to exploit them and it explains the tools and techniques which can be used to break any web application.
This book is an absolute must for any aspiring ethical hacker in my opinion.
The Browser Hacker's Handbook
As the title of the book suggests, this book gives you a practical understanding of hacking web browsers so that you can launch further attacks into corporate networks.
The book provides hands-on, practical tutorials and covers complex security issues such as bypassing the Same Origin Policy, exploiting the browsers and its plugins/extensions, DNS tunneling and proxying directly from the browser.
Gray Hat Hacking The Ethical Hacker's Handbook
The first part of the book starts by mentioning important laws, so that as a pentester, you don't get in trouble with the law, after all there is a fine line when it comes to hacking websites. The second part is highly technical, with topics ranging from network scanning, fingerprinting through to shellcode writing and vulnerability exploitation.
In addition, the book covers the writing of exploits, addressing fundamentals such as buffer overflows (Linux and Windows platforms), heap overflows, and format string overflows. The book also goes into detail around lesser-known vulnerability detection methods, such as "fuzzing", reverse engineering, and mentions some commercial tools which are useful to pentesters such as Core Impact and Canvas.
This book is an excellent, informative book, but highly technical at times. But I would recommend it to any reader interested in learning how to do security penetration testing.
Hacking Exposed 7: Network Security Secrets and Solutions
The book will teach you how to bolster your system’s security to help you defeat the tools and tactics of cyber-criminals. It will provide you with expert advice and defense strategies from the world-renowned Hacking Exposed team.
Contained within the book are some awesome case studies which expose the hacker's latest methods and illustrate field-tested remedies. By reading this book you will find out how to block infrastructure hacks, minimize advanced persistent threats, neutralize malicious code, secure web and database applications, and fortify UNIX networks.
RTFM: Red Team Field Manual
The Red Team Field Manual is an incredibly useful and concise book and is an essential read for Red Teamers. The book a reference guide and is filled with lots of commands, scripts, and tables for a variety of devices, operating systems, and application software.
The book mainly contains the basic syntax for commonly used Linux and Windows command line tools, but it does provide some unique use cases which can be used with the Python programming language and and Windows PowerShell. Because the book is a reference guide, it will repeatedly save you time when it comes to looking up hard to remember Windows command line tools and scripting.
Blue Team Handbook: Incident Response Edition
The Blue Team Handbook is another reference guide like the Red Team manual above and is written for cyber security incident responders, security engineers, and InfoSec pros alike.
The main topics covered in this book include the incident response process, how attackers work, common tools for incident response, a methodology for network analysis, common indicators of compromise, Windows and Linux analysis processes, tcpdump usage examples, Snort IDS usage, packet headers, and lots of other quick reference topics.
The book is filled with practical techniques from the authors' extensive career in handling incidents. So no matter what your job role is, whether it's writing up your cases notes, analyzing potentially suspicious traffic, or looking over a misbehaving server – this book should help and will teach you some new techniques along the way.
Black Hat Python: Python Programming for Hackers and Pentesters
When it comes to hacking, hackers often turn to popular hacking tools such as Burp Suite to find their vunlerabilities. Despite these tools, hackers also create their own powerful and effective hacking tools on the fly and often, Python is the language of choice because it's easy to use, versatile and you build proof of concepts in minutes with relatively few lines of code.
In Black Hat Python, the latest book from Justin Seitz (and author of the best-selling Gray Hat Python), you'll explore the darker side of Python's capabilities. It will teach you how to write network sniffers, manipulate packets, infect virtual machines, create stealthy trojans, and much more.
Other things this book covers are how to create a trojan command-and-control using GitHub, how to detect sandboxing and automate common malware tasks, like keylogging and screenshotting and how to escalate Windows privileges with creative process control.
One of the best things about this book is that it teaches you how to extend the popular Burp Suite web-hacking tool so you can create your own custom plugins and extensions to help you find potentially lucrative and critical vulnerabilities faster.
Network Security Assessment 2nd Edition
Let's face it, the best form of defence is attack, so if you want to secure your network or find out how secure it really is, then probably the best way to find out is to attack it.
Network Security Assessment provides you with the tricks and tools you need to use as an ethical hacker to identify and assess risks in internet-based networks. Outlined in this book is the same penetration testing model used to secure government, military, and commercial networks. And with this book, you can adopt, refine, and reuse this testing model to design and deploy your own networks that are hardened and immune from attack.
This book demonstrates how a determined attacker browses around Internet-based networks to find vulnerable components, not only at the network level but also at the application level too. This latest edition contains all the latest hacking techniques, but also teaches you how to create defensive strategies against entire attack categories which will help you secure your networks both in the short term and the long term.
When it comes to offensive computing concepts, Violent Python takes you from theory right through to a practical implementation. Rather than relying on another attacker's tools, this book will teach build your own attack weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts.
It also shows you how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and also how to data-mine popular social media websites. It even shows you how to evade modern anti-virus.
By reading this book you will gain a better understanding of IT security as a whole and also a good understanding of the Python language. Violent Python is really aimed at beginners and so more advanced readers may not find the book as useful.
Metasploit: The Penetration Tester's Guide
The Metasploit Framework is a well known tool for quickly discovering, exploiting, and sharing vulnerabilities and is used by security professionals everywhere. But it's not really for those just getting started in the field as it can be hard to grasp. This book however fills that gap by teaching you how to use the Framework and help you to interact with the community of Metasploit contributors.
By reading this book, you'll learn the Framework's conventions, interfaces, and module system. You'll also learn advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.
The book even touches on exploit discovery for zero-day research, it will teach you how to write a fuzzer, port existing exploits into the Framework, and it will also teach you how to cover your tracks so you don't get caught!
This guide is useful to anyone wishing to secure their own networks or test someone else's.
The Basics of Hacking and Penetration Testing
The Basics of Hacking and Penetration Testing provides you with the steps you need to take to complete a penetration test or perform an ethical hack from beginning to end without any previous hacking experience, so it's aimed at the complete beginner.
You will learn how to properly utilize and interpret the results of modern day tools such as Backtrack and Kali Linux, Google reconnaissance, MetaGooFil, DNS interrogation, Nmap, Nessus, Metasploit, the Social Engineer Toolkit (SET), w3af, Netcat, post exploitation tactics, the Hacker Defender rootkit, and more.
The book provides simple and clean explanations with step-by-step guides for conducting a penetration test or hack and by reading the book you will gain a better understanding of offensive security which will help your career as a pentester.
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
This is a classic book that explains how exploits work such as stack overflow, heap overflow and format string vulnerabilities. The book also talks about stack protection and how to evade stack protection. The book is expertly written, covers some very advanced concepts and contains a lot of hex bytes, code, and memory addresses. So you're going to need a good understanding of languages such as C and C++ and assembly language to be able to understand this book.
So if you're looking for a beginners book, this is probably not for you. But if you take the time to read it properly, research around each of the concepts independently, then you'll be well on your way to thinking like a pro.
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Nmap Network Scanning is the official guide to the Nmap Security Scanner, which is a free and open source utility used by millions of pentesters the world over for network discovery, administration, and security auditing.
This book starts with port scanning basics, so it's suitable for novices but then it starts going into detail around low-level packet crafting methods which are used by advanced hackers. So there's something in it for all levels of security and networking professionals.
Contained within the book is a reference guide which documents every Nmap feature and option, but the book also demonstrates how to apply them to quickly solve real-world tasks such as subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine.
Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
I've included this book not because it will make you a better hacker, but to serve as an inspiration to those who aspire to get into this field. The book is a book about Kevin Mitnick - one of the most elusive hackers/social engineers in history. He accessed computers and networks at the world's biggest companies and was able to hack into phone switches, computer systems, and cellular networks.
This book covers everything Mitnick did, from the time he started hacking until the time he was finally arrested by the feds, and a little after that. It's a book that's going to hold your attention, is humorous, and overall is a very good read.
OK so there you go, twenty of the best books on the market at the moment for ethical hacking. I promised you I'd reveal my favourite, which is The Web Application Hacker's Handbook. This is a fantastic book that starts with the basics and gets you to a point where you can start finding vulnerabilities in web applications using tools such as Burp Suite. That's my personal favourite, but the other books that I've listed are great in other areas of ethical hacking.