Some handpicked recommendations for books and online courses.
Books
Real-World Bug Hunting: A Field Guide to Web Hacking
Authors: Peter Yaworski
Content: A very practical guide to bug hunting and bug bounties
Career: Penetration Tester, Bug Bounty
Level: Beginner, Intermediate
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Authors: Michael Sikorski, Andrew Honig
Content: Malware Analysis with lot’s of hands-on
Career: Blue Team, Malware Analyst, Forensic Experts
Level: Beginner, Intermediate
The Hacker Playbook 3 (Review)
Authors: Peter Kim
Content: Main focus is on Red Teaming
Career: Penetration Tester
Level: Intermediate, Expert
The Art of Memory Forensics
Authors: Michael Hale Ligh, Andrew Case, Jamie Levy, AAron Walters
Content: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Career: Blue Team, Malware Analyst, Forensic Experts
Level: Beginner, Intermediate
Hands-On Bug Hunting for Penetration Testers (Review)
Author: Joseph Marshall
Content: Go through common bugs in Webapps and introduction to bug bounties
Career: Penetration Tester, Bug Bounty
Level: Beginner
Metasploit: A Penetration Tester’s Guide
Authors: David Kennedy, Jim O’Gorman, Devon Kearns, Mati Aharoni
Content: Introduction to Metasploit and penetration testing
Career: Penetration Tester
Level: Beginner, Intermediate
Penetration Testing: A Hands-On Introduction to Hacking
Author: Georgia Weidman
Content: A great introduction into penetration testing.
Career: Penetration Tester
Level: Beginner
Advanced Penetration Testing
Author: Will Allsopp
Content: Goes through different penetration testing scenarios on a high level.
Career: Penetration Tester, Red Teamer
Level: Professional, Expert
The Hacker Playbook 2
Author: Peter Kim
Content: Book for penetration testing, hands on hacking, pivoting, evasion and so on.
Career: Penetration Tester
Level: All
Security Metrics
Author: Andrew Jaquith
Content: If you need to present KPIs and measures in the security field this will be the best book.
Career: All, Management
Level: Professional, Expert
Psychology of Intelligence Analysis
Author: Richards J. Heuer, Jr.
Content: Analysing new and complex circumstances and how to avoid the pitfalls from a psychologist point of view.
Career: All Analysis Jobs
Level: All
Free
The Official CHFI Study Guide (Exam 312-49): for Computer Hacking Forensic Investigator
Author: Dave Kleiman
Career: Digital Forensics, Incident Response
Content: Covers the CHFI exam, comes with review questions after each chapter and an online test exam.
Level: Beginners
Network Security Assessment
Author: Chris McNab
Content: Assessment of various network services.
Career: Penetration Tester
Level: All
The Shellcoder’s Handbook
Authors: Chris Anley, John Heasman, Felix “FX” Lindner, Gerardo Richarte
Content: Exploiting security holes for Windows, Solaris, MacOSX, Cisco. Although from 2007 still worth reading.
Career: Penetration Tester, Exploiter
Level: Intermediate, Experts
The Web Application Hackers Handbook
Authors: Daffy Stuttard, Marcus Pinto
Content: The standard book about hacking Web Applications, goes into depth about the most important topics. Authors also created the BurpSuit.
Career: Penetration Tester
Level: Good for beginners, but also useful for experienced penetration testers
The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage
Author: Clifford Stoll
Content: The famous story about one of the first hacks from spies into US networks before the Internet was known as today. Great insight of defending, see also below the course from Chris Sanders.
Career: All
Level: All
Hacking: The Art of Exploitation
Author: Jon Erickson
Content: Goes from the first steps in Bash and C to in depth exploitation and debugging on Linux.
Career: Penetration Tester, Exploit Developer
Level: Beginner, Intermediate, Expert
German Book: Hacking mit Metasploit
Author: Michael Messner
Content: Great Introduction to Penetration Testing and Metasploit.
Career: Penetration Tester
Level: Beginner/Intermediate
Mike Meyers’ CompTIA Security+ Certification Passport
Author: Dawn Dunkerley
Content: For preparing the CompTIA Security+ Certification this book is recommended. It covers every topic from the exam and also includes review questions as well as a practice exam.
Career: All
Level: Beginner
CCNA Routing and Switching Complete Study Guide: Exam 100-105, Exam 200-105, Exam 200-125
Author: Todd Lammle
Content: I have an older edition, but content should be the same but for the new exam. Everything that is needed for the exam can be found here, including exam simulation and questions for each chapter.
Career: All
Level: Beginner
All in One CompTIA Network+
Author: Mike Meyers
Content: Coverage of the CompTIA Network+ certification exam objectives, goes into the topics in depth. I liked the questions after each chapter. Came with a CD with an exam simulator long ago, now the content is online.
Career: All
Level: Beginner
Online Courses
Cyberwar, Surveillance and Security
Content: This is not a technical course, but explains the topics cyberwar, surveillance and security from the perspective of the law.
Career: All
Pice: Free or with certificate
Malicious Software and its Underground Economy: Two Sides to Every Story
Content: Malware, malware analysis, botnets, take down of botnets
Career: Defenders
Level: Beginner
Price: Free or with certificate
Port Swigger: Web Security Academy
Content: Teaches the basics of Web Application Security, so far SQL Injection, XSS, OS command injection and File Path traversal. Comes with small labs.
Career: Penetration Tester but I recommend it also for everyone interested in security
Level: Beginner
Price: Free
The Cuckoo’s Egg Decompiled Course
Content: Highly recommended course by Chris Sanders, teaching the basics of attacking and defending networks through the lens of the famous “The cuckoos Egg” book by Clifford Stoll.
Career: All
Level: Beginner
Price: Free
Introducion to Cybersecurity
Content: Short non technical introduction course for everyone who is curious about cybersecurity. Explains the basic concepts from a higher level.
Career: All
Level: Beginner
Price: Free or with certificate
Build a Modern Computer from First Principles: From Nand to Tetris
Content: Teaches the basics of computer sience by building a computer from ground up. There is also a great TED talk about the course.
Career: All
Level: Beginner
Price: Free or with certificate
Professor Messer’s CompTIA N10-007 Network+ Course
Content: Great and free video course for preparing the CompTIA Network+ exam, I recommend to add a book nevertheless.
Career: All
Level: Beginner
Price: Videos are free
Professor Messer’s CompTIA SY0-501 Security+ Course
Content: Same as the Network+ course for Security+, I also recommend to read a book additional for preparation.
Career: All
Level: Beginner
Price: Videos are free
Security in Office 365
Content: For an in depth review have a look here.
Career: Blue Team, Administrators
Price: Free or with certificate
We learn Security! 