From Day Zero to Zero Day
Find security holes before the bad guys do.
Find security holes before the bad guys do.
A deep dive into advanced hardware hacking with detailed examples of real-world techniques and a comprehensive survey of vulnerabilities.
The complete start-to-finish guide for planning and delivering successful cybersecurity tabletop exercises.
This first-of-its-kind guide to detecting stealthy Mac malware gives you the tools and techniques to counter even the most sophisticated threats targeting the Apple ecosystem.
Master the art of offensive bash scripting. This highly practical hands-on guide covers chaining commands together, automating tasks, crafting living-off-the-land attacks, and more!
Power up your Windows security skills with expert guidance, in-depth technical insights, and lots of real-world vulnerability examples.
An essential resource for current and future developers tasked with protecting users from the potential threats of these ubiquitous devices.
The first-ever guide to analyzing malicious Windows software designed to avoid detection and forensic tools.
An all-star guide to tackling the analysis and detection of malware that targets the Android operating system.
A guide to understanding the attack-detection software running on Microsoft systems, and how to evade it.
Written by hackers for hackers, this hands-on book shows how to identify vulnerabilities in apps that use GraphQL.
Learn the tools and develop the skills for uncovering big secrets hiding in public datasets.
The second edition of the international bestseller Metasploit is written by some of the world’s best hackers and is the only introduction you’ll ever need to the legendary Framework.
A tour through history’s real codes and ciphers written by two of today’s best cipher crackers.
Learn how to test APIs for security vulnerabilities so you can uncover high-payout bugs and improve the security of web apps.
A detailed guide to nation-state hacking methods that shows how to track, analyze, and attribute advanced attacks.
This hands-on guide to the art of lockpicking will take you from noob to competition-ready.
An elegant, team-oriented guide for building security into the software design process.
Outlines a model for evaluating risks in your life, as well as preparing for a wide range of potential crises.
A handbook for Apple infection methods, malicious script analysis, and Mach-O malware.
A hands-on intro to hacking that guides you through executing every major type of attack (from the safety of a virtual lab).
A practitioner’s guide focused on postmortem analysis of modern Linux installations.
A beginner's guide to web hacking, bug hunting, reporting vulnerabilities – and getting paid for it.
A crash course in modern hacking techniques, with lots of hands-on labs for aspiring offensive security experts.
Puts you in the mind of a master hacker, as you plan and launch a stealth attack on Microsoft’s best security systems.
A guide to implementing DIY security solutions and readily available technologies to protect home and small-office networks from attack.
Crypto Dictionary is your full reference resource for all things cryptography.
Explore the stealthier side of programming with Black Hat Python, 2nd Edition – fully updated for Python 3, with all new strategies for your hacking projects!
How to Hack Like a Ghost is a fast-paced adventure that lets you shadow a master hacker targeting a shady foe with advanced cloud security.
A hands-on guide targeted at total beginners, How Cybersecurity Really Works will teach you everything you need to know about cyber defenses.
Written by all-star security experts, Practical IoT Hacking is a quick-start conceptual guide to testing and exploiting IoT systems and devices.
PoC||GTFO (Proof of Concept or Get The Fuck Out), Volume 3 continues the series of wildly popular collections of this hacker journal.
Based on techniques adapted from authentic Japanese ninja scrolls, Cyberjutsu teaches ancient approaches to modern security problems.
A hands-on look at the cyber attacks that target human nature, with pentesting templates for performing SE ops, and tips for defending against them.
The Ghidra Book is a practical introduction to Ghidra, a comprehensive, open-source tool suite for reverse engineers.
Practical Vulnerability Management shows you how to weed out system security weaknesses and squash cyber threats in their tracks.
Web Security for Developers explores the most common ways websites get hacked and how web developers can defend themselves.
Foundations of Information Security provides a high-level overview of the information security field.
The Hardware Hacker is an illuminating career retrospective from Andrew “bunnie” Huang, one of the world’s most esteemed hackers.
Practical Binary Analysis covers advanced binary analysis topics like binary instrumentation, dynamic taint analysis, and symbolic execution.
PoC||GTFO (Proof of Concept or Get The Fuck Out), Volume 2 follows-up the wildly popular first volume with issues 9 through 13 of the eponymous hacker zine. Contributions range from humorous poems to deeply technical essays.
Malware Data Science explains how to identify, analyze, and classify large-scale malware using machine learning and data visualization.
Linux Basics for Hackers uses the Kali Linux distribution to explain core Linux topics like filesystems, networking, package management, and BASH.
Cracks open embedded security to show how hardware attacks work from the inside out.
Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure.
Black Hat Go will help you test your systems, build and automate tools to fit your needs, and improve your offensive security skillset.
Real-World Bug Hunting uses real-world bug reports to teach programmers how to discover and protect vulnerabilities in web applications.
Serious Cryptography is a practical guide to the past, present, and future of cryptographic systems and algorithms.
PoC||GTFO (Proof of Concept or Get The Fuck Out) is a compilation of the wildly popular hacker zine of the same name. Contributions range from humorous poems to deeply technical essays.
Practical Packet Analysis, 3rd Ed. teaches you how to use Wireshark for packet capture and analysis.
Gray Hat C# shows you how to use C#'s powerful set of core libraries to create and automate security tools.
Attacking Network Protocols is a deep dive into network protocol security from James Forshaw, one of the world’s leading bug hunters.
Practical Forensic Imaging takes a detailed look at how to secure digital evidence using Linux-based command line tools.
The Car Hacker’s Handbook shows how to identify and exploit vulnerabilities in modern vehicles.
Rootkits and Bootkits shows you how to analyze, identify, and defend against rootkits and bootkits.
Game Hacking shows programmers how to dissect computer games and create bots.
The Smart Girl's Guide to Privacy teaches you how to protect yourself online.
iOS Application Security covers everything you need to know to design secure iOS apps from the ground up.
The Book of PF, 3rd Edition is the essential guide to building a secure network with PF, the OpenBSD packet filtering tool.
Android Security Internals gives you a complete understanding of the security internals of Android devices.
Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses. In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs.
The Practice of Network Security Monitoring teaches IT and security staff how to leverage powerful NSM tools to identify threats quickly and effectively.
The Tangled Web sheds light on the security challenges that engineers, developers, and users face on the Web today. Join security expert Michal Zalewski for an in-depth look at how browsers actually work, and what pitfalls lurk in the shadows.
A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software.
Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.
No source code? No problem! This second edition of the The IDA Pro Book is the definitive guide to IDA Pro, arguably the most sophisticated disassembler in the world.
Whether your goal is to secure your own network or discover vulnerabilities for a client, Metasploit: The Penetration Tester's Guide is the definitive guide to using this dynamic and powerful tool.
If you thought hacking was just about mischief-makers hunched over computers in the basement, think again.
If you're responsible for keeping a network secure, you'll find Linux Firewalls invaluable in your attempt to understand attacks and to detect and even prevent compromises.
View a sample chapter, Chapter 5: Blinkenlights
Hacking VoIP is your map and guidebook to where VoIP's biggest weaknesses lie and how to shore up your security
Hack the FreeBSD kernel for yourself!
The first Python book written for security analysts, Gray Hat Python explains the intricacies of using Python to assist in security analysis tasks. You'll learn how to design your own debuggers, create powerful fuzzers, utilize open source libraries to automate tedious tasks, interface with security tools, and more.
Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.