Recommendations

Some handpicked recommendations for books and online courses.

Books

Real-World Bug Hunting: A Field Guide to Web Hacking
Authors: Peter Yaworski
Content: A very practical guide to bug hunting and bug bounties
Career: Penetration Tester, Bug Bounty
Level: Beginner, Intermediate

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Authors: Michael Sikorski, Andrew Honig
Content: Malware Analysis with lot’s of hands-on
Career: Blue Team, Malware Analyst, Forensic Experts
Level: Beginner, Intermediate

The Hacker Playbook 3 (Review)
Authors: Peter Kim
Content: Main focus is on Red Teaming
Career: Penetration Tester
Level: Intermediate, Expert

The Art of Memory Forensics
Authors: Michael Hale Ligh, Andrew Case, Jamie Levy, AAron Walters
Content: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Career: Blue Team, Malware Analyst, Forensic Experts
Level: Beginner, Intermediate

Hands-On Bug Hunting for Penetration Testers (Review)
Author: Joseph Marshall
Content: Go through common bugs in Webapps and introduction to bug bounties
Career: Penetration Tester, Bug Bounty
Level: Beginner

Metasploit: A Penetration Tester’s Guide
Authors: David Kennedy, Jim O’Gorman, Devon Kearns, Mati Aharoni
Content: Introduction to Metasploit and penetration testing
Career: Penetration Tester
Level: Beginner, Intermediate

Penetration Testing: A Hands-On Introduction to Hacking
Author: Georgia Weidman
Content: A great introduction into penetration testing.
Career: Penetration Tester
Level: Beginner

Advanced Penetration Testing
Author: Will Allsopp
Content: Goes through different penetration testing scenarios on a high level.
Career: Penetration Tester, Red Teamer
Level: Professional, Expert

The Hacker Playbook 2
Author: Peter Kim
Content: Book for penetration testing, hands on hacking, pivoting, evasion and so on.
Career: Penetration Tester
Level: All

Security Metrics
Author: Andrew Jaquith
Content: If you need to present KPIs and measures in the security field this will be the best book.
Career: All, Management
Level: Professional, Expert

Psychology of Intelligence Analysis
Author: Richards J. Heuer, Jr.
Content: Analysing new and complex circumstances and how to avoid the pitfalls from a psychologist point of view.
Career: All Analysis Jobs
Level: All
Free

The Official CHFI Study Guide (Exam 312-49): for Computer Hacking Forensic Investigator
Author: Dave Kleiman
Career: Digital Forensics, Incident Response
Content: Covers the CHFI exam, comes with review questions after each chapter and an online test exam.
Level: Beginners

Network Security Assessment
Author: Chris McNab
Content: Assessment of various network services.
Career: Penetration Tester
Level: All

The Shellcoder’s Handbook
Authors: Chris Anley, John Heasman, Felix “FX” Lindner, Gerardo Richarte
Content: Exploiting security holes for Windows, Solaris, MacOSX, Cisco. Although from 2007 still worth reading.
Career: Penetration Tester, Exploiter
Level: Intermediate, Experts

The Web Application Hackers Handbook
Authors: Daffy Stuttard, Marcus Pinto
Content: The standard book about hacking Web Applications, goes into depth about the most important topics. Authors also created the BurpSuit.
Career: Penetration Tester
Level: Good for beginners, but also useful for experienced penetration testers

The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage
Author: Clifford Stoll
Content: The famous story about one of the first hacks from spies into US networks before the Internet was known as today. Great insight of defending, see also below the course from Chris Sanders.
Career: All
Level: All

Hacking: The Art of Exploitation
Author: Jon Erickson
Content: Goes from the first steps in Bash and C to in depth exploitation and debugging on Linux.
Career: Penetration Tester, Exploit Developer
Level: Beginner, Intermediate, Expert

German Book: Hacking mit Metasploit
Author: Michael Messner
Content: Great Introduction to Penetration Testing and Metasploit.
Career: Penetration Tester
Level: Beginner/Intermediate

Mike Meyers’ CompTIA Security+ Certification Passport
Author: Dawn Dunkerley
Content: For preparing the CompTIA Security+ Certification this book is recommended. It covers every topic from the exam and also includes review questions as well as a practice exam.
Career: All
Level: Beginner

CCNA Routing and Switching Complete Study Guide: Exam 100-105, Exam 200-105, Exam 200-125
Author: Todd Lammle
Content: I have an older edition, but content should be the same but for the new exam. Everything that is needed for the exam can be found here, including exam simulation and questions for each chapter.
Career: All
Level: Beginner

All in One CompTIA Network+
Author: Mike Meyers
Content: Coverage of the CompTIA Network+ certification exam objectives, goes into the topics in depth. I liked the questions after each chapter. Came with a CD with an exam simulator long ago, now the content is online.
Career: All
Level: Beginner

Online Courses

Cyberwar, Surveillance and Security
Content: This is not a technical course, but explains the topics cyberwar, surveillance and security from the perspective of the law.
Career: All
Pice: Free or with certificate

Malicious Software and its Underground Economy: Two Sides to Every Story
Content: Malware, malware analysis, botnets, take down of botnets
Career: Defenders
Level: Beginner
Price: Free or with certificate

Port Swigger: Web Security Academy
Content: Teaches the basics of Web Application Security, so far SQL Injection, XSS, OS command injection and File Path traversal. Comes with small labs.
Career: Penetration Tester but I recommend it also for everyone interested in security
Level: Beginner
Price: Free

The Cuckoo’s Egg Decompiled Course
Content: Highly recommended course by Chris Sanders, teaching the basics of attacking and defending networks through the lens of the famous “The cuckoos Egg” book by Clifford Stoll.
Career: All
Level: Beginner
Price: Free

Introducion to Cybersecurity
Content: Short non technical introduction course for everyone who is curious about cybersecurity. Explains the basic concepts from a higher level.
Career: All
Level: Beginner
Price: Free or with certificate

Build a Modern Computer from First Principles: From Nand to Tetris
Content: Teaches the basics of computer sience by building a computer from ground up. There is also a great TED talk about the course.
Career: All
Level: Beginner
Price: Free or with certificate

Professor Messer’s CompTIA N10-007 Network+ Course
Content: Great and free video course for preparing the CompTIA Network+ exam, I recommend to add a book nevertheless.
Career: All
Level: Beginner
Price: Videos are free

Professor Messer’s CompTIA SY0-501 Security+ Course
Content: Same as the Network+ course for Security+, I also recommend to read a book additional for preparation.
Career: All
Level: Beginner
Price: Videos are free

Security in Office 365
Content: For an in depth review have a look here.
Career: Blue Team, Administrators
Price: Free or with certificate