Hacking & Computer Security

A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software.

Attacking Network Protocols is a deep dive into network protocol security from James Forshaw, one of the world’s leading bug ­hunters.

Written by hackers for hackers, this hands-on book shows how to identify vulnerabilities in apps that use GraphQL.

The Book of PF, 3rd Edition is the essential guide to building a secure network with PF, the OpenBSD packet filtering tool.

A beginner's guide to web hacking, bug hunting, reporting vulnerabilities – and getting paid for it.

The Car Hacker’s Handbook shows how to identify and exploit vulnerabilities in modern vehicles.

A tour through history’s real codes and ciphers written by two of today’s best cipher crackers.

Crypto Dictionary is your full reference resource for all things cryptography.

A guide to implementing DIY security solutions and readily available technologies to protect home and small-office networks from attack.

The complete start-to-finish guide for planning and delivering successful cybersecurity tabletop exercises.

"If you understand C and want to learn how to manipulate the FreeBSD kernel, Designing BSD Rootkits is for you. Peer into the depths of a powerful operating system and bend it to your will!"
—Richard Bejtlich, TaoSecurity

• View a sample chapter, Chapter 2: Hooking
• Download the source code files here (.tgz archive)

An elegant, team-oriented guide for building security into the software design process.

A crash course in modern hacking techniques, with lots of hands-on labs for aspiring offensive security experts.

The first-ever guide to analyzing malicious Windows software designed to avoid detection and forensic tools.

A hands-on intro to hacking that guides you through executing every major type of attack (from the safety of a virtual lab).

Gray Hat C# shows you how to use C#'s powerful set of core libraries to create and automate security tools.

Learn how to test APIs for security vulnerabilities so you can uncover high-payout bugs and improve the security of web apps.

A hands-on guide targeted at total beginners, How Cybersecurity Really Works will teach you everything you need to know about cyber defenses.

Puts you in the mind of a master hacker, as you plan and launch a stealth attack on Microsoft’s best security systems.

Linux Basics for Hackers uses the Kali Linux distribution to explain core Linux topics like filesystems, networking, package management, and BASH.

Malware Data Science explains how to identify, analyze, and classify large-scale malware using machine learning and data visualization.

The second edition of the international bestseller Metasploit is written by some of the world’s best hackers and is the only introduction you’ll ever need to the legendary Framework.

Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses. In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs.

Pentesting Azure Applications is a comprehensive guide to penetration testing cloud services deployed in Microsoft Azure.

PoC||GTFO (Proof of Concept or Get The Fuck Out) is a compilation of the wildly popular hacker zine of the same name. Contributions range from humorous poems to deeply technical essays.

PoC||GTFO (Proof of Concept or Get The Fuck Out), Volume 2 follows-up the wildly popular first volume with issues 9 through 13 of the eponymous hacker zine. Contributions range from humorous poems to deeply technical essays.

Outlines a model for evaluating risks in your life, as well as preparing for a wide range of potential crises.

A practitioner’s guide focused on postmortem analysis of modern Linux installations.

• Download Chapter 12: "Covert Malware Launching" (PDF)
• Download the labs
• Visit the authors' website for news and other resources

"The book every malware analyst should keep handy." —Richard Bejtlich, CSO of Mandiant & Founder of TaoSecurity

Practical Packet Analysis, 3rd Ed. teaches you how to use Wireshark for packet capture and analysis.

A hands-on look at the cyber attacks that target human nature, with pentesting templates for performing SE ops, and tips for defending against them.

Serious Cryptography is a practical guide to the past, present, and future of cryptographic systems and algorithms.

Serious Cryptography, 2nd edition, is a practical guide to the past, present, and future of cryptographic systems and algorithms.

An all-star guide to tackling the analysis and detection of malware that targets the Android operating system.

A handbook for Apple infection methods, malicious script analysis, and Mach-O malware.

The Art of Mac Malware, Volume 2 is a comprehensive guide to the programmatic approaches you can use to detect and protect against macOS malware. 

Cracks open embedded security to show how hardware attacks work from the inside out.

The Practice of Network Security Monitoring teaches IT and security staff how to leverage powerful NSM tools to identify threats quickly and effectively.