Books

Top 5 books every pentester should read

Books are a valuable resource to improve your ethical hacking and penetration testing skills. Here is a curated list of the top 5 books every penetration tester should read.

Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman

Regarded by many as one of the best books about penetration testing, the “Penetration Testing: A Hands-On Introduction to Hacking” is a must read for anyone who is just starting out in this field. This book covers several techniques and tools commonly used by professionals all over the world, including how to crack passwords, hack wireless networks, use the Metasploit framework, bypass antivirus software, and much more. 

The only downside to this book is that some of the material is a bit dated. However most of the content is still very relevant and until a new edition comes out, this is an excellent book for beginners and for anyone who needs a refresher.

The Hackers Playbook 2 and The Hackers Playbook 3 by Peter Kim

        

Two more books that every penetration tester should read are The Hackers Playbook 2 and The Hackers Playbook 3. The first book goes over the tools and techniques to exploit your victim’s machine and gain access, while the second one covers newer and more advanced attacks like NodeJS injections, XXE attacks, advanced XSS techniques, and many useful Active Directory attacks.
Although it is not strictly necessary to get both books, I recommend to do so and to read them sequentially. In fact, The Hackers Playbook 2 is much more beginner friendly and it is a great resource for learning a handful of things about OSINT techniques, password cracking, vulnerability scanning, social engineering, and exploitation. While, The Hackers Playbook 3 is a book that shows you how to set up a lab and take you through all the steps of a penetration test (e.g. reconnaissance, web application exploitation, social engineering, physical attacks, etc.). Get both books and you won’t regret it. 😉

Metasploit: The Penetration Tester’s Guide by David Kennedy, Devon Kearns, Jim O’Gorman and Mati Aharoni

It’s no secret that hackers love Metasploit. As the most powerful open source penetration testing tool out there, Metasploit is one of those tools that you will likely use many times in your career. This book will help you familiarize yourself with the most popular features of Metasploit as well as the ones not very well known or documented. After reading this book, one will know how to use Metasploit at its full potential.

The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws by Dafydd Stuttard & Marcus Pinto

When it comes to Web application penetration testing, there is one book that stands out: The Web Application Hacker’s Handbook. Considered by many as the Web hacking bible, this book will guide you through every step of a Web penetration test and show you how to map a Web application and how to attack every part of it, such as the authentication, the session management, the application logic, and the back-end components just to name a few. 

This book is great for anyone who is seriously interested in Web penetration testing and although the 2nd edition has been released in 2011, it has plenty of examples still very relevant today.

Honorable mentions

Gray Hat Hacking 5th Edition by by Allen Harper, Daniel Regalado, Ryan Linn, Stephen Sims, Branko Spasojevic, Linda Martinez, Michael Baucom, Chris Eagle, and Shon Harris

This book is not strictly about penetration testing, however it covers a number of important topics, including reverse engineering, fuzzing, exploit development, IoT security, and malware analysis. If you intend to learn more about these subjects, the Gray Hat Hacking 5th Edition is an excellent starting point. 

Rtfm: Red Team Field Manual by Ben Clark

As penetration testers, we use dozens, if not hundreds, of tools and scripts to complete our assessments. Therefore, it can be very useful to have a reference guide with the information you are likely to need the most during a penetration test. The RTFM is exactly that: a reference guide that shows you the syntax of hundreds of commands and tools commonly used in penetration testing.

Kali Linux Revealed: Mastering the Penetration Testing Distribution by Raphael Hertzog & Jim O’ Gorman

Nowadays, there are a number of penetration testing distributions available out there, Kali Linux, Parrot OS, BackBox, BlackArch, and Pentoo just to name a few. Among them, the most popular one is Kali Linux. This book goes through everything you need to know about Kali Linux, from how to install Kali on your machine to how to customize the kernel for your needs.

If you use or intend to use Kali Linux as your main penetration testing distribution, this book will be extremely helpful. Please be aware that the Kali Linux Revealed: Mastering the Penetration Testing Distribution is not a book about penetration testing, but a book about a penetration testing distribution.

That said, you can download a free version of the book here (https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf) or get a hard copy on Amazon.