Recommended Books


Metasploit: Penetration Testers Guide
by Dave Kennedy, Jim O'Gorman, Devon Kearns and Mati Aharoni

Great book on using Metasploit while doing Penetration tests.  You can read my full review here, but I definitely recommend picking this book up and keeping it.  Its a quick read, but I have gone back to it several times already.  There is even a cheat sheet in the back with nearly every Metasploit command and its usage.


Nmap Network Scanning
by Gordon "Fyodor" Lyon

Another great book about an indispensable security tool written by the developer.  There is so much you can do to tune Nmap for speed and detection avoidance and Fyodor explains it all in this self-published book.  The Nmap Scripting Engine (NSE) is a powerful weapon in automating scanning and enumerating tasks during penetration tests.  






Programming in Lua
by Roberto Ierusalimschy

Lua is the simple and powerful language that NSE scripts are written in.  Fyodor recommended this book during his Blackhat talk a few years ago. Its well-written and combined with the hundreds of existing NSE scripts, it makes writing new scripts a much less daunting task for even the most inexperienced programmers. Lua is also commonly found on embedded devices and is a very useful language to know for home automation projects involving Open-WRT.

The Web Application Hacker's Handbook
by Dafydd Stuttard and Marcus Pinto

If you develop web applications or are a pentester, you must read this book.  I reference it regularly. Pick a chapter, work through it and then practice on one of the many online hacking challenges.










Gray Hat Python
by Justin Seitz

Python is great for a lot of uses, but this book shows you how valuable it is for security professionals.  The author does a good job explaining the examples in the book and its a must read for penetration testers. The remote access tool written in python discussed in the book is so simple its scary.


Hacking Exposed
By Stuart McClure, Joel Scambray and George Kurtz

If you know very little about hacking or penetration testing, this is where you should start.  It is written at a level that is easy to understand and comprehend.  It covers a lot of ground and there are more specialized books for Windows, Linux, Wireless, Web Applications, etc... if you like the book.








Netcat Power Tools
by Jan Kanclirz, Brain Baskin and Thomas Wilhelm

Most of the information in this book can be found on various blogs, but its great to have it all in one place for easy reference.  If you are taking Offensive Security's Pentesting with Backtrack course, you will probably want this book on hand.









Windows PowerShell Cookbook
by Lee Holmes

This probably isn't the best book for diving into PowerShell unless you have a strong C# and scripting background (which I have neither), but I really enjoy the examples.  If you are serious about making administrative tasks easier and more efficient, its a must have reference for advanced tasks.









Learn PowerShell 3 In a Month of Lunches
by Don Jones and Jeffery Hicks

If you are new to PowerShell, this is where you should start. This is the latest in the series and it takes you step-by-step through the process of increasing your productivity using PowerShell. It also thoroughly covers topics that many other scripting books ignore such as error handling and organization. If you pick one book to read about PowerShell, this is it.



Learn PowerShell Toolmaking In a Month of Lunches
by Don Jones and Jeffery Hicks

This book shows you how to make a polished script worthy of sharing. I think that anyone who reads both of the "In a Month" books will be able to apply what they learn immediately and will want to. I really hope that more people read this book and begin contributing to projects like PowerSploit or releasing their own security-related PowerShell scripts.




SQL Injection Attacks and Defense
by Justin Clarke

After performing numerous successful SQL-i attacks as a penetration tester, I though I knew SQL-i pretty well.  This book showed me I was wrong and opened up a new world of advanced attacks. If you are a web developer or pentester, buy this book!

Violent Python
by TJ O'Connor

If you are an infosec professional and aren't familiar with a scripting language, you should pick this book up to see how powerful Python can be. You can read my full review here, but this book targets those that are relatively new to scripting. The stories are very useful for giving context as well.