70+ hacking books to level up your skills and thinking
We all crave more time to spend it on the things we enjoy, like reading a good (security) book. Maybe you've missed on some great releases from recent years or maybe you've been overwhelmed with how many great ones there are.
Whatever brought you here, your next great read might just be on this list (which we keep updated with new great finds!).
Ethical hacking books
Whether you’re a n00b or just want to brush up on your ethical hacking skills, these books cover everything from web app security to pentesting tools, techniques, and career tips.
Here are ten ethical hacking books to start with - listed in no particular order:
Gray hat hacking: The ethical hacker's handbook by Allen Harper & co
A hacker's mind by Bruce Schneier
Cybersecurity first principles: a reboot of strategies and tactics by Rick Howard
Hacking: The art of exploitation. by Jon Erickson
Breaking into information security: Learning the ropes 101 by Andy Gill
Hacking for beginners by Julian James McKinnon
Hands-on ethical hacking and network defense by Michael T. Simpson
Mastering hacking: The art of information gathering & scanning by Harsh Bothra
Cybersecurity career guide by Alyssa Miller
Ethical hacking: A hands-on introduction to breaking in by Daniel G. Graham
Cybersecurity mindset books
Why people do the things they do in cybersecurity is just as it important as how these things happen, when, and what they impact.
This selection of books focuses on helping you build and develop your own mindset as a cybersecurity practitioner - through real-life stories and experiences. They might just inspire you to become a better specialist (and human being).
If it's smart, it's vulnerable by Mikko Hypponen
Understand the cyber attacker mindset by Sarah Armstrong-Smith
The art of attack: attacker mindset for security professionals by Maxie Reynolds
Security engineering: a guide to building dependable distributed systems by Ross J. Anderson
Ghost in the wires: My adventures as the world's most wanted hacker by Kevin D. Mitnick
Cult of the dead cow: How the original hacking supergroup might just save the world by Joseph Menn
Philosophy of Cybersecurity by Lukasz Olejnik, Artur Kurasiński
Social engineering books
Behind it all, cybersecurity is made up of people hacking other people. Technology is how this happens.
That's why social engineering is always part of the mix, whether we're talking about threat actors or ethical hackers trying to support their colleagues to develop stronger cybersecurity skills.
There are some truly fantastic books in this category which pack captivating stories which will likely keep you digging deeper down the rabbit hole!
People hacker by Jenny Radcliffe
Human hacking: Win friends, influence people, and leave them better off for having met you by Christopher Hadnagy
Learn social engineering: learn the art of human hacking with an internationally renowned expert by Erdal Özkaya
The social engineer's playbook: a practical guide to pretexting by Jeremiah Talamantes
Practical social engineering: A primer for the ethical hacker by Joe Gray
How I rob banks: And other such places by FC
OSINT (Open source intelligence) books
If your main focus is to take your OSINT skills to the next level, go through this selection of books, which will satisfy your curiosity and/or add jet fuel to it.
These OSINT books break down key techniques and strategies for gathering, analyzing, and using open-source data in creative and helpful ways.
Deep dive: Exploring the real-world value of open source intelligence by Rae Baker
Open source intelligence techniques: Resources for searching and analyzing online information by Michael Bazzell
Hunting cyber criminals: A hacker's guide to online intelligence gathering tools and techniques by Vinny Troia
Open source intelligence methods and tools: A practical guide to online intelligence by Nihad A Hassan, Rami Hijazi
Down the rabbit hole: An OSINT journey open source intelligence gathering for penetration testing by Chris Kubecka
We are Bellingcat: An intelligence agency for the people by Eliot Higgins
How to find out anything: From extreme Google searches to scouring government documents, a guide to uncovering anything about everyone and everything by Don MacLeod
Operator handbook: Red team + OSINT + Blue team reference by Joshua Picolet
OSINT: The art of collecting open information: digital society: the growing impact of online information collection by David Anderson
Hiding from the internet: eliminating personal online information by Michael Bazzell
Penetration testing books
Our bread and butter, penetration testing is one of the most misunderstood and most undervalued practices of the security world.
These books do it justice and these veteran pentesters give it their all to help pave a better, clearer path forward for those who want to get into it and make a dent.
From starting a career in penetration testing to learning about physical pentesting, and defining your contribution to this practice, these pentesting books have plenty of wisdom to soak up.
Penetration testing: A hands-on introduction to hacking by Georgia Weidman
The Pentester BluePrint: Starting a career as an ethical hacker by Phillip Wylie & Kim Crawley
Metasploit: The penetration tester's guide by David Kennedy & Jim O'Gorman
The hacker playbook: Practical guide to penetration testing by Peter Kim
Rtfm: Red team field manual by Ben Clark
The web application hacker's handbook: finding and exploiting security flaws by Dafyfdd Sttutard & David Pinto
Unauthorised access: Physical penetration testing for IT security teams by Wil Allsopp
The Shellcoder's handbook: discovering and exploiting security holes by Chris Anley
Network security books
Technical walkthroughs, riveting stories, and easter eggs are all densely packed into these books.
It's probably the most exciting time to learn or deepen your knowledge of network security, and these books provide! It makes it even more exciting to know these authors are some of the OGs of netsec.
Network security assessment: Know your network by Chris McNab
Attacking network protocols: A Hacker's guide to capture, analysis, and exploitation by James Forshaw
Linux basics for hackers: Getting started with networking, scripting, and security in Kali by Occupy the Web
Network security essentials: applications and standards by William Stallings
Applied network security monitoring: collection, detection, and analysis by Chris Sanders & Jason Smith
Dissecting the hack: The F0rb1dd3n network by Jayson E. Street
Stealing the network: how to own a continent by Ryan Russell
Cryptography and network security: Principles and practice by William Stallings
Network security through data analysis: building situational awareness by Michael S. Collins
The Tao of network security monitoring: beyond intrusion detection by Richard Bejtlich
Bug bounty books
Books are probably not the first thing you have in mind for becoming a stronger bug bounty hunter, but maybe that's what makes them particularly interesting.
Taking a page from Sparc Flow's or Peter Yaworski's books might be just what you need to broaden your skillset, toolset, and mindset.
Bug bounty bootcamp: the guide to finding and reporting web vulnerabilities by Vickie Li
Real-world bug hunting: A field guide to web hacking by Peter Yaworski
The tangled web: A guide to securing modern web applications by Michal Zalewski
Bounty hunting essentials: Quick-paced guide to help white-hat hackers get through bug bounty programs by Carlos A. Lozano, Shahmeer Amir
A bug bounty hunting journey: Overcome your limits and become a successful hunter by The hackerish
Web hacking 101 by Peter Yaworski
A bug hunter’s diary: A guided tour through the wilds of software security by Tobias Klein
Black Hat Python: Python programming for hackers and pentesters by Justin Seitz
How to hack like a ghost: Breaching the cloud by Sparc Flow
Bug bounty hunting for web security: find and exploit vulnerabilities in websites and applications by Sanjib Sinha
Cybercrime books
The technicalities and intricacies of ethical hacking are just as captivating as the real-world changes they provoke.
Offensive security is a particularly strong driver of change in our world.
The smarter the attacker and the more widespread the vulnerability, the more pressure on vendors to make safer software - and the environment people work in - safer.
These books on cybercrime offer far-reaching insights into game-changing vulnerabilities and apply expert analysis to topics whose ramifications can be jaw-dropping.
From investigations into notorious vulnerabilities (like Stuxnet) to impactful cyberwar tactics (like the Lazarus heist), these books urge us to dig deeper for answering tough questions about the role of technology in our lives.
The Lazarus heist: From Hollywood to high finance: Inside North Korea's global cyber war by Geoff White
Spam nation: the inside story of organized cybercrime — from global epidemic to your front door by Brian Krebs
The Cuckoo’s egg: Tracking a spy through the maze of computer espionage by Cliff Stoll
Countdown to zero day: Stuxnet and the launch of the world's digital weapon by Kim Zetter
Hacker, Hoaxer, Whistleblower, Spy: The many faces of anonymous by Gabriella Coleman
Sandworm: A new era of cyberwar and the hunt for the kremlin's most dangerous hackers by Andy Greenberg
The hacker and the state: Cyber attacks and the new normal of geopolitics by Ben Buchanan
Future crimes: inside the digital underground and the battle for our connected world by Marc Goodman
Cybercrime and society by Majid Yar, Kevin F. Steinmetz
The art of cyberwarfare: an investigator's guide to espionage, ransomware, and organized cybercrime by Jon DiMaggio
This is how they tell me the world ends: The cyberweapons arms race by Nicole Perlroth
Your Face Belongs to Us: A Secretive Startup's Quest to End Privacy as We Know It by Kashmir Hill
How books can cultivate your hacker mindset
Books are excellent teachers.
They create space for us to think, they help us see how the puzzle pieces connect, and they inspire us to broaden our perspective beyond what we thought we were capable of.
They also provide in-depth ethical hacking knowledge and real-life examples that capture nuance and details social media just can't fit. They encourage us to think more creatively about how we can use our knowledge and skills to hack the world and make it better.
And what’s even better is to see what happens when actually apply what we learn from them.
