Linux Security

Top 10 Ethical Hacking Books

Hacking is an ongoing process of information gathering and exploitation of any target. The hackers are consistent, practical and stay updated with daily appearing vulnerabilities. The first step to exploitation is always reconnaissance. The more information you gather, the better there are chances that you will make your way through the victim boundary. The attack should be very structured and verified in a local environment before being implemented on live target. The pre requisites are Networking skills, programming languages, Linux, Bash scripting and a reasonable workstation.Ethical hacking is the application of hacking knowledge for the benefit of society through good morals, and is usually defensive in nature, based on good knowledge of the core principles.

Many books are available on hacking, but we will discuss today the top 10 which are appreciated and recommended by the hacking community. Note: The books are in no particular order.

1. Penetration Testing with Kali Linux By OffSec (PWK)

Offensive security (OffSec) is the organization responsible for Kali Linux distro which combines more than 300 information gathering, scanning, vulnerability analysis, forensics, wireless hacking, web app exploitation and post exploitation tools. PWK has been officially compiled by OffSec. It’s more like a story book which takes a virtual organization megacorpone.com & gives you a walkthrough of the complete exploitation procedure. It starts with basic intro to Kali tools, Networking, Reverse & Bind shells then discusses advance topics like Buffer Overflows, privilege escalation & malware evasion. You can only get this book if you register for OSCP certification.
Its table of contents are:

  • Intro to Pen Testing
  • Intro to Kali
  • Some Essential Tools
  • Reconnaissance/ Enumeration
  • Exploitation
  • Privilege Escalation
  • Tunneling
  • Post Exploitation

2. The Web Application Hacker’s Handbook

If you are a beginner and looking for insights of hacking, this is the book for you. It has been authored by Daffy Stuttard who developed Burp Suite, a very handy Proxy for exploitation testing. The focus of this book is highly practical. It breaks down web application vulnerabilities and teaches its exploitation and the correct configuration. The contents explain the key topics for carrying out a comprehensive web application attack.

Topics Covered:

  • Web Application (In)Security
  • Core Defense Mechanisms
  • Mapping Applications
  • Client Side Attacks
  • Backend Attack Mechanisms
  • Attacking Application Logic
  • Attack Automation
  • Source Code Vulnerabilities
  • Hackers’ Toolkit

3. Hacking: The Art of Exploitation

A book to enable you to think out of the box. It does not mainly focus on commonly used exploitation techniques. The main focus is the construction and testing of exploit code. It teaches you the advanced secure coding skills including Assembly. The topics discussed are networking, cryptography, programming, Buffer overflows, stacks & global offsets. If you are learning shell codes, spawning, buffer restrictions bypass and camouflage techniques, this book is your guideline.

Contents:

  • Intro to Hacking
  • Programming
  • Networking
  • Shellcode
  • Cryptology
  • Conclusions

4. Reversing: Secrets of Reverse Engineering

Deconstruction of developed software to reveal its innermost details is the focus of the book. You will learn the details of how a software works by digging deep into binaries and retrieving information. This book works on Microsoft Windows environment and uses OllyDbg.  Binary reverse engineering, data reverse engineering, techniques for prevention of reverse engineering of any code and explanation of decompilers are the main focus.

Its main topics are:

  • Intro to Reversing
  • Low level Software
  • Reversing Tools
  • Applied Reversing
  • Deciphering File Formats
  • Reversing Malware
  • Cracking
  • Anti-reversing
  • Beyond Disassembly
  • Decompilation

5. Hacking Exposed 7: Network Security Secrets & Solutions

If you want to harden your networks and secure your applications from cyber security breaches, this book is for you. Hacking is a double edged sword. You can never breach a system unless you fully understand how it works. Only then you can both secure and breach it. Hacking exposed is a series of books and this release focuses on networks.

Table of contents are:

  • Defense Against UNIX Root Access
  • Block SQL injection, Embedded Code Attacks
  • Detect & Terminate Rootkits
  • Protects 802.11 WLANs
  • Multilayered Encryption
  • Plugholes in VoIP, Social Networking, Gateways

6. Mastering Modern Web Penetration Testing

As obvious, this book will give you a walkthrough on modern web hacking techniques. This book is an essential read for web developers. The procedures discuss practical exploitation techniques and automation. Source code vulnerabilities like Php object Serialization vulnerabilities are discussed in detail.

Table of contents are:

  • Common security protocols
  • Information gathering
  • XSS
  • SQL Injection
  • CSRF
  • File Upload Vulnerabilities
  • Emerging Attack Vectors
  • API Testing Methodology

7. Phishing Dark Waters: The offensive & Defensive Sides of Malicious Emails

You can break into any system through the front door. But to get you through, you will need strong convincing skills. Phishing is a companion which will get you through when others won’t. This book will explain you the tricks to phish successfully.  The contents will enlighten you about the offensive as well as defensive techniques used for phishing. After giving it a read, you will be able to recognize a cloned website, a spam email and a spoofed id.

Table of contents are:

  • Intro to Wild World of Phishing
  • Psychological Principles of Decision Making
  • Influence & Manipulation
  • Planning Phishing Trips
  • Professional Phisher’s Tackle Bag
  • Phishing Like a Boss
  • The Good, Bad & the Ugly

8. Android Security Cook Book

85% of smart phone users rely on android. 90% of the android devices are vulnerable to malware. Understanding and protecting android infrastructure is a growing concern now. With major focus on Web Applications, android security often stays ignored. This book will explain you how to protect the android devices against hackers. The focus is exploitation, protection and reversing android applications.

Table of contents are:

  • Android Development Tools
  • Engaging with Application Security
  • Android Security Assessment Tools
  • Exploiting Applications
  • Protecting Applications
  • Reverse Engineering Applications
  • Native Exploitation & Analysis
  • Encryption & Device Development Policies

9. Offensive Security Wireless Attacks By OffSec (WiFu)

If you want to master the skill of Wi-Fi penetration & audit this is a recommended book for you. The books starts with the basic WEP, WPA and WPA 2 protocol. It explains the Wi-Fi beacons & handshakes. Then the vulnerability scanning and exploitation phase comes. In the end you are advised how to protect your Wi-Fi networks. You can only get this book if you opt for OSWP Certification course.

Its table of contents are:

  • IEEE 802.11
  • Wireless Networks
  • Aircrack-ng Suite
  • Cracking WEP via a Client/Connected Clients
  • Cracking Clientless WEP Networks
  • Bypassing Shared Key Authentication
  • coWPatty
  • Pyrit
  • Wireless Reconnaissance
  • Rogue Access Points

10. The Hacker Playbook 3: Practical Guide to Penetration Testing

Strong teams come up with new strategies in every game. This book is about the latest tips of penetration testing. The strategies are updated and will take you to the pro level. It will improve your thought process and offensive testing techniques.

Table of contents are:

  • Pregame- The Setup
  • Before the Snap- Red Team Recon
  • The Throw- Web Application Exploitation
  • The Drive- Compromising The Network
  • The Screen- Social Engineering
  • The Onside Kicks- Physical Attacks
  • The Quarterback Sneak- Evading AV & Network Detection
  • Special Teams- Cracking, Exploitation, Tricks
  • Two Minute Drill- From Zero to Hero

CONCLUSION

Investing in learning ethical hacking will enable you to help keep the world safe.  Your career skills and personal satisfaction will always be in place.

About the author

Avatar

Usama Azad

A security enthusiast who loves Terminal and Open Source. My area of expertise is Python, Linux (Debian), Bash, Penetration testing, and Firewalls. I’m born and raised in Wazirabad, Pakistan and currently doing Undergraduation from National University of Science and Technology (NUST). On Twitter i go by @UsamaAzad14