#445: Top Hacking Books for 2024 (plus Resources): FREE and Paid
Jan 6, 2024
auto_awesome
In this podcast, guest Jason Haddix shares his top hacking book recommendations for 2024. Topics discussed include resources for learning application security, recommended books for offensive security, playing Capture the Flag competitions, various resources for offensive security testing, transitioning into penetration testing and web application penetration testing, and understanding network protocols and exploiting their security.
The Web Application Hacker's Handbook is a must-read for web hacking and offensive security testing.
Newsletters like 'Unsupervised Learning' and 'TL;DR sec' provide valuable updates and case studies in the field of security.
SecLists and PayloadAllTheThings are essential resources for fuzzing and finding vulnerabilities in web applications and red teaming.
Deep dives
Top Books and Resources for Security in 2024
In this podcast episode, Jason and David discuss the best books and resources for security in 2024. They cover a range of topics such as bug bounty hunting, offensive security, web application hacking, and red teaming. Jason recommends several books including 'The Web Application Hacker's Handbook' which is considered a Bible for web hacking, 'Real World Bug Hunting' which provides real-world examples of finding vulnerabilities, and 'The Red Team Field Manual' which is a handy reference for red teaming. They also mention online resources like the OWASP Testing Guide, the Operator Handbook, and HackerOne and Bugcrowd's feed of disclosed vulnerabilities.
Valuable Newsletters and Feeds for Staying Informed
Jason shares his top newsletter recommendations for staying up to date with security news and trends. He recommends 'Unsupervised Learning' by Daniel Miessler, 'TL;DR sec' by Clint Gibler, 'Bug Bites' by Integrity, 'High Five' by SecureABiz, and 'Bug Bounty Reports Explained' by Greg. These newsletters cover bug bounty updates, conference talks, tools, vulnerability case studies, and more. In addition, Jason highlights the hacker one and bug crowd feeds, which showcase publicized bug bounty reports and disclosed vulnerabilities.
Fuzzing Lists and Online Resources for Offensive Security
Jason discusses the importance of fuzzing in offensive security testing and highlights two valuable resources: 'SecLists' and 'PayloadAllTheThings'. 'SecLists' is a collection of fuzzing lists, including SQL injection payloads and common passwords, and it comes pre-installed in Kali Linux. 'PayloadAllTheThings' provides not only fuzzing payloads but also comprehensive context and tools for various vulnerabilities found in web applications and red teaming. These resources are essential for new web security testers and red teamers to enhance their knowledge and effectiveness.
Great resources for offensive security learning
There are several great resources available for individuals interested in offensive security. One of the recommended options is the Pentester's Pentest Book by Six2Dose, an all-encompassing public wiki book that provides knowledge on offensive security testing. Another popular resource is the HackTricks wiki book, which covers methodologies for different types of security testing. For those looking to explore open-source tools, Offsec.Tools by Gwen de LeCluic is recommended. Additionally, platforms like Hack The Box Academy and Try Hack Me offer comprehensive learning tracks and labs for individuals looking to enhance their offensive security skills.
Recommended books by Jason Haddix
Jason Haddix recommends several useful books for individuals interested in offensive security. For those focusing on web application penetration testing, 'The Web Application Hacker's Handbook' is highly recommended as a companion to the free WebSec Academy. 'The Red Team Field Manual' and 'The Hacker Playbook' series are suitable for practitioners interested in red teaming. James Forshaw's 'Attacking Network Protocols' is recommended for those seeking knowledge on hacking custom network protocols. These resources provide valuable insights and methodologies for different areas of offensive security.
Get Proton Mail for FREE: https://davidbombal.wiki/protonmail2
Big thanks to Proton for Sponsoring the video!
This is an amazing collection of books and resources - both free and paid. Big thanks to Jason Haddix for sharing his knowledge to help us learn in 2024!
// Books and Resources //
Web application hacker's handbook: https://amzn.to/48sUNYb
Web security academy, Port Swigger: https://portswigger.net/web-security
OWASP Web Security Testing Guide: https://owasp.org/www-project-web-sec...
Web Security Testing Guide Ellie Saad and Rick Mitchell v4.2: https://owasp.org/www-project-web-sec...
Real world bug hunting: https://amzn.to/3TK1mSd
Bug Bounty Bootcamp: https://amzn.to/41DW38B
Red Team Field Manual: https://amzn.to/48ul0pl
Red Team Development and Operations: A practical guide: https://amzn.to/3vez1Jl
Operator Handbook: Red Team + OSINT + Blue Team Reference: https://amzn.to/3vemAgC
Tribe of Hackers Red Team: https://amzn.to/47ef8zv
The Pentester Blueprint: https://amzn.to/3tvA8E6
OSINT Techniques: Resources for uncovering online information: https://amzn.to/3S6xw9j
Evading EDR: https://amzn.to/3toESeL
Attacking Network Protocols: https://amzn.to/3TEFvv7
Black Hat GraphQL: https://amzn.to/47gHl8C
Hacking API’s: https://amzn.to/3TzS0Z5
APISEC University: https://www.apisecuniversity.com/
Black Hat Go: https://amzn.to/3RXV13W
Black Hat Python: https://amzn.to/3NHFnHo
Black Hat Bash: https://nostarch.com/black-hat-bash
Zseano’s methodology: https://www.bugbountyhunter.com/metho...
Breaking into information security: https://amzn.to/3TI4n5h
Expanding your security horizons: https://amzn.to/3GU07Iq
Wiki Book Pentest living document: https://github.com/nixawk/pentest-wik...
HackTRICKS: https://book.hacktricks.xyz/welcome/r...
Fuzzing lists: https://github.com/secfigo/Awesome-Fu...
Sec Lists: https://github.com/danielmiessler/Sec...
Payloads all the things: https://github.com/swisskyrepo/Payloa...
Pentester Lab: https://pentesterlab.com/
Try Hack Me: Red Team Fundamentals: https://tryhackme.com/module/red-team...
HTB Academy: https://academy.hackthebox.com/
Hacktivity: https://hackerone.com/hacktivity/over...
Vulnerable U: https://vulnu.mattjay.com/
Grzegorz Niedziela: https://members.bugbountyexplained.co...
Or https://www.youtube.com/c/BugBountyRe...
Sharing what matters in security: https://securib.ee/newsletter/
Intigriti: https://www.intigriti.com/
tl;dr sec: https://tldrsec.com/
Unsupervised learning: https://danielmiessler.com/subscribe
Pentest Book: https://pentestbook.six2dez.com/
Bugcrowd: https://bugcrowd.com/crowdstream
Trickest: https://trickest.com/
// Jason Haddix SOCIAL //
Youtube: https://www.youtube.com/c/jhaddix
LinkedIn: https://www.linkedin.com/in/jhaddix
Twitter: https://twitter.com/Jhaddix
Github: https://github.com/jhaddix
Boddobot: https://buddobot.com/
The Bug Hunters Methodology Live: https://tbhmlive.com/56
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X / Twitter: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
hacking books
hack
python
linux
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#hacking #hack #cybersecurity
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
