Hacking is something we'd all wish we could do. Fortunately, you might just be able to master hacking some day with help from the books I'm about to recommend you in this article. None of these books cover toy concepts that won't get you in trouble, please don't get arrested because of me.
Here is our list for the Top 10 Books on Hacking, in no particular order.
Hacking: The Art of Exploitation, Jon Erickson
This is one of the most "OG" hacking books. Released in 2008, this book has taught legions of young hackers for over a decade. Hacking: The Art of Exploitation is a very dense, technical book which makes for some heavy reading. Though it may seem like a beginners book, it can be very hard to keep up with at times because it has a difficulty curve that gets very steep after the first few chapters.
The information contained within, though severely out of date, is very well explained and demonstrated thoroughly. Personally, I would go as far as to say this is the most quintessential book on hacking. The book teaches about low-level programming in C and Assembly, shell-scripting, networking, common vulnerabilities, a crash course in system architecture, Linux system administration and a short introduction to cryptography. This book is truly a great resource to have regardless of its age.
A quick word of warning: if you pirate the PDF version of the book, the live CD that comes with the physical copy of the book is not included. You will have to download the bootable .iso file off No Starch's website.
Bootable ISO — https://nostarch.com/hackingCD
The Shellcoder's Handbook, Chris Anley
The Shellcoder's Handbook is in some ways the next logical step after reading Hacking: The Art of Exploitation. The book educates the reader on common vulnerabilities in software and how to exploit them not just to pop a shell, but to influence the victim machine in ways limited only to the attacker's imagination. Being able to write your own custom shellcode makes you much more advanced as a hacker and can be very relevant to crafting custom payloads for your complicated engagements.
The Hacker Playbook, Peter Kim
The Hacker Playbook editions explore a unique approach in how it teaches hacking. Each step in a penetration test engagement is broken down using plays in a football game as an analogy. All the popular tool usage and common engagement strategies are covered with clear explanations and good demonstrations. Each edition of The Hacker Playbook offers an updated look at the common security measures in place within companies during the time of publishing. This means that the books get progressively harder as us hackers adapt to modern security practices to subvert.
This book is not as technical and more beginner-friendly.
Penetration Testing: A Hands-on Introduction to Hacking, Georgia Weidman
Penetration Testing: A Hands-On Introduction to Hacking is a beginners guide to ethical hacking using older versions of Windows and Linux. You are taught the penetration test engagement process, common attacks, an introduction to exploit development and how to prevent your applications from being exploited.
A common problem with this book is not being able to find the exact versions of the operating systems used in the book's virtual machine labs. So, I've gone the extra mile by contacting Georgia and obtaining the exact files needed to complete the book's labs. She was very kind and fulfilled my request within 2 days. The link is given below.
The Art of Memory Forensics, Michael Hale Ligh, et al.
The Art of Memory Forensics is an incredible book on computer forensics and the detection of malware on Linux, Mac and Windows systems. The book is based on the 5 day course the authors have given to hundreds of students and is the only book that solely covers memory forensics "done right". This book is relevant to you as a hacker regardless of which side of the spectrum you reside on. If catching or creating threats is your thing, having a solid foundation in computer forensics is essential to finding and hiding threats. The book covers ways on how to acquire and analyze memory on suspect machines, how to use free and open-source tools to conduct thorough memory forensics and common techniques of hiding data.
The Web Application Hacker's Handbook, Dafydd Stuttard and Marcus Pinto
The Web Application Hacker's Handbook is credited as being one of the greatest books ever written on web exploitation. This book, like most of the books on this list, is also not updated for 2019. However, old does not mean dead; new does not mean best.
This book offers extensive coverage of web application vulnerabilities and the attacks available to exploit them that are still relevant as of 2019. If there were two books you really should read before trying some CTFs, they should be Penetration Testing and The Web Application Hacker's Handbook in my opinion. I recommend this because of the knowledge in web exploitation and the penetration testing process necessary to gain a foothold in many of these challenges.
Practical Malware Analysis, Michael Sikorski and Andrew Honig
Practical Malware Analysis focuses on dissecting malicious programs and studying how they work under the hood and behave in the large. This book explains many common techniques malware employs in order to remain undetected and resist analysis—causing the book to be very technical and heavy read at some points.
The book covers some basic reverse engineering and Assembly language; static and dynamic analysis; usage of popular tools such as IDA Pro and OllyDBG; packed and obfuscated malware, malware on Linux and Windows; and finally, the most common functionality of malware in the wild that is relevant to you whether you are analysing or creating it. This book really packs in a lot of information despite looking like a beginner's book from the cover.
Be extremely careful with the programs you'll be analyzing, they are REAL and do still work. Make sure to only download and tinker with them inside a virtual environment and follow the guidelines for handling them in the book very closely. All of the labs in the book can be found here: https://practicalmalwareanalysis.com/labs/
The Art of Invisibility, Kevin Mitnick
The Art of Invisibility aims to guide the reader into becoming a ghost and win back their privacy. Kevin Mitnick is known as "The FBI's Most Wanted Hacker" and has had a very prolific career in hacking. This guy knows his stuff and is one of the best if I might add. The book mainly focuses on having good OpSec (Operational Security) but also serves as an anecdote of Kevin's personal experiences and how he overcame obstacles put in his way by law enforcement. The book isn't incredibly technical, which should make you at least a little fearful of what a few low-tech things can do to preserve your privacy if you only followed them.
I also recommend Mitnick's other books: The Art of Deception and The Art of Intrusion. Both of these books are very useful for learning about social engineering and how concepts were applied in real situations. He also wrote an incredible autobiography titled "Ghost in the Wires", check it out if you want to know the full story of the FBI's most wanted hacker.
Reverse Engineering for Beginners, Dennis Yurichev
Reverse Engineering for Beginners is the most comprehensive book on reverse engineering in existence. It contains over 1000 pages packed with information about different instruction sets, output from different compilers, different operating systems and even different programming languages. Needless to say, this is probably the most technical book listed on this article and requires a lot of effort by the reader to understand the subject matter.
The book covers everything you need to know to be a competent reverse engineer and is absolutely free. The book is available for download in 9 languages below.
The Rootkit Arsenal, Bill Blunden
The Rootkit Arsenal attempts to teach the "zen" of Rootkit development in the real world. If you're interested in creating highly covert malware, this is the book for you. Books on malware development are a very rare occurrence in general and despite this book being 6 years old, it is still relevant in our current threat ecosystem. Rootkits are still a very real threat that continues to grow as the criminal underground shifts to more and more covert methods of operation.
The book provides you with a background in Assembly language, kernel behaviours, and evasion techniques that are applicable universally. This is a pretty advanced book so I recommend reading it after the less demanding ones. You will have a much easier time with this book if you have prior experience to C programming, debugging and knowledge of lower-level concepts.
You may be dishearted by the fact that I did not include any of the "Hacking with Python"-type books that are extremely popular at the time of writing. To actually become an effective hacker, you cannot be tied to one technology and must learn the concepts in a way that is applicable to different environments. Python is great and can be learned very quickly anywhere else; by all means learn it and use it in the exercises of these books. The goal of this list is to provide you with a well rounded background in many areas of hacking and have you exposed to all that is available to be used in the wild.
This is merely a short list of the most interesting and relevant books to get you started. There are obviously many more great books in existence that you might find value in reading. It takes more than a bunch of books to become an honest-to-goodness hacker. Remember to participate in the labs found in the books and also practice on your own. Take time to understand the material and run multiple tests for yourself.
I wish you safe travels and happy hacking!