Top Hacking Books for 2024 (plus Resources): FREE and Paid
interesting that you say go rather than python would you start with python then go to go or just like go straight to go so I think python is easier on the Syntax for new people right I think that um python is sometimes easier to understand there's a million examples of writing all kinds of software in python as well it is our uh our next book which is black half thought you you're always ahead of me Jason that's great I'm sorry I'm sorry yeah uh that's brilliant that's brilliant go on sorry and really these topics don't get talked about a lot um when people are like oh I want to get into security right and there areund little offshoots of what you can do and and no conference talk I've ever seen Maps it out really well to say okay well like if you're interested in this kind of stuff maybe you could be one of these people and if you're interested in this kind of stuff maybe you could be one of these people you've got to ask yourself a question who do you trust would you trust a company such as Google with your private data that's a choice you got to make for me personally when I am looking at a product I see what the experts in the field recommend experts in the Privacy space use and recommend proton mail that's why I'm happy to have them as a sponsor on my channel and what's really interesting when I read books such as this how to hack like a legend or ethical hacking a Hands-On introduction to breaking in or Linux basics for hackers or extreme privacy what it takes to disappear Michael basil wrote this book highly respect it occupy the web wrote this book and when I interact with occupy the web that's the email service that he's actually using and we discussed that in multiple videos on my channel proton mail secures your email to protect your privacy I don't know but it's insane the way the world's going where governments or companies have access to so much data about us I think it's time that we pull that back and have our privacy as much as we can once again proton is based in Switzerland privacy laws data protection laws are a lot stronger in Switzerland than there are in the United States so that's a really good thing they are open source wellknown provide endtoend encryption have millions of users using their products but for me the reason why I'd recommend them the reason why I have them as a sponsor is because of books such as these because of the people in the cyber security space that I interact with that actually use proton mail so big thanks to them once again for sponsoring this video big thanks to them for sponsoring my channel use my link below to sign up to proten mail and get a 20% discount hey everyone it's David Bumble back with the amazing Jason Jason welcome hey everyone how you doing it's great to have you Jason you've done so amazing videos but I'm really excited about this one it's 2024 I want to know and I'm sure many many people want to know what are the best books and resources that I should get or you know buy or have a look at in 2024 I know that we talked about this a little bit off stream uh at the end of the last kind of uh segment we did together and it is something I'm I'm super passionate about you know I see so many of these lists out there that omit a couple of like my really favorite resources and so today I brought so much stuff for everybody it's a little bit of information overload but uh I promise you if you if if you looked at every single resource I'm going to give you today and you were you know in that cusp of being like a network engineer or an IT person and you can grasp all of these learning resources and at least try them each one of them a little bit I promise that you you will be well on your way into working in application security pen testing information security you know um into Security in general so um this is what I recommend straight out of my own class that I teach to my students is the resources they should bookmark and so I brought you everything today out of that I love that I me we'll I'll I'll link your course below everyone who's watching if you can afford it Go and sign up Jason does an amazing job live training right that you do like four times a year is it yeah four times a year for bug bounty hunters and pentesters it's uh it's pretty cool and then this is the same kind of stuff that we teach all of our Juniors at bobot to when we're getting them on the red team and it's like have these things bookmarked ready to go because you never know when you're going to need to refer to a print resource of some sort so and you mentioned the word PRS and we were discussing offline you don't have all of the books physical books with you for some reason right no so I wanted to like hold them up you know and be like hey I have this book but uh the problem is is that especially this one the first one on the screen is the web application hackers handbook many of my books you know when I have Juniors or new people that I'm trying to Mentor in the scene like they end up giving you know I end up giving them to borrow to the to the people right and then I never get them back which makes me supremely happy supremely happy as like an educator that I don't get them back but I never have physical copy in my house um you know the funny story is is one of my one of my best friends is Daniel misler who's been in information security forever and the the way I met Daniel was through this book that uh we're going to talk about right now is I went to the live class Associated to this book many many years ago at black hat the security conference and at the end of that class they do a CTF they have you pair up with another person in the CTF and so I looked around the room to see like who I wanted to pair up with and I saw this dude who had this book the web location hackers handbook and The Binding was just like you could tell he had cracked this book thousands of times right and it's just like it's so it is so worn The Binding of the book I was like that's the dude I want to do the class with and so um that's how we met actually was was that black hat through this book so I love that story I've heard criticism of this book though that it's outdated yeah so we're going to talk about that a little bit so the web application hackers handbook uh Second Edition is what most of us in the application hacking world would say is like kind of like the Bible of web hacking right and so at this point yes it was published in 2011 um it is it is you know very old um you know as far as you know publishing date the thing is is that application security BS haven't really you know done a ton as far as you know how complex they are how how interesting or you know how novel the new stuff is so I always recommend people to start with the web location hackers handbook it has like a wonderful um pleth Thora of intro topics and um and also technical depth for the base level of vulnerabilities right so you're not going to find another book that's published today that does probably a better job of talking about SQL injection or cross-site scripting or some of these vulnerabilities that you're going to find as an appsc person you can start with this and then you can realize yes there have been some novel vulnerability classes that have come out that are not in this book but that is why we're going to talk about kind of what this book turned into um you know for kind of the world so uh the authors of this book are dafid stutter stuttered and Marcus Pinto um dafit runs portswigger and portswigger is the company that makes burp Suite A quintessential tool that all web application hackers will use um and then Marcus Pinto is um is either the owner or um you know on the leadership team at MDC which is one of the best pent testing companies uh in the world based out of the UK and so when they got together and made this book uh you know after they made V2 you know many people requested a V3 and just keep on you know bringing out and so what this morphed into is that actually dafid at portswigger they decided that hey you know another print resource might not be the best answer to get people the learning that they need to do and it might not be updatable as we need it right and so what they created at portswigger is the webc academy and so that is what is really version three of this book and what a lot of people go to these days and so on portswigger Donnet you can go down to uh get a whole bunch of free resources basically but um if you go to like latest content or all content and you just go all topics basically the web security courses they have here are all templatized and modularized and you can go into here and learn about your favorite web security topics and so this is the next version of the book I don't know if there will ever be a new print version but they offer it all online for free as a as a resource you could go in here and look at crossy request forgery you can see that they do a ton of explanation with sample post requests they walk you through the vulnerability and then webc Academy also gives um labs for each section so they are CTF style Labs that you can do for each one of these modules and so this is what the book has morphed into these days but you'd still get the book I would still get the book yeah I I find it useful to read the original content right like none of these web pages can beat a chapter a whole chapter of research on Cross site request forgery so I would still get the web application hackers handbook I would still own it and I would still lend it out to a lot of people who are learning that's great I think it's what's great about this is if you can afford a book or you prefer reading in a book then that's fantastic but if you haven't got any money then you know you can go and study it for free on the website absolutely yeah so Web webc Academy portswigger doet is um fantastic resource in fact I would say you know one of the probably the best resource right now for learning web hacking out there um that you can you can consume right now as as a new person for sure that's great so the next one that I have is um is the oos testing guide and this one is um if you've never wor you never heard of OAS before basically the open web application security project but it's it's basically a Consortium of people who care about web application security get together they run this nonprofit called oasp and they have a whole bunch of projects under it to help further application security and this project the testing guide the web security testing guide it is a whole encompassing guide on how to test web applications it's been through several iterations um in its life started off at version one and currently being developed um to release version 5 and so if you go to uh the OAS page for it you know they can they talk about a little bit about this but um eventually you can get to a link which has their most recently published pdf version of the web security testing guide which is 4.2 um and so they're working on 4.2 and a major revamp into 5.0 but the web security testing guide is a dense piece of um content so it's got a ton about you know pretty much every vulnerability it's got uh basically a checklist for testing each section of an application and it really should be in your bookmarks and and you should review it you know at some point it's got specific Technologies and methodologies to test those Technologies um and it is a it is a dense resource the only small criticism I have about the OAS testing guide is is sometimes it's it's even too dense of a resource for just like to read right even if you enjoy reading right like it's it's a pretty dense resource it's sometimes better used as a cheat sheet is having it bookmarked and then when you are looking to do a specific thing seeing what content you have in the OAS testing guide um available to you so that's kind of how I tell my students to use it and so this is 4.2 4.2 is the latest pdf version if you go on the GitHub though um the OAS wstg web security testing guide 5.0 is
actually in the works right now and so you can you know if you go to the commits here you can see there's people writing new content um pretty much every month and making edits and so the in progress version 5.0 is actually available for everyone to see as a GitHub repository on their GitHub and so um I you can also use this and just search inside of GitHub here and try to find the topic that you're looking at um and so here you know we're looking at the SQL injection page which has been revamped for the newest 5.0 and so if you want to get the newest um information um I would look at this I think that they're looking to have the newest version of the um aason guide probably out by next year they have hundreds hundreds or maybe not thousands but you know High hundreds of numbers of hackers and absec people contributing to this guide so it is a tremendous resource to have in your pocket so that's sometime in 2024 right yes sometime in 2024 I would say and again I have to ask the beginner question just to make sure because I'm sure some people are thinking about this it's this stuff's all free right yeah all free yeah so so far all of the resources I've talked about are free well I mean not the books right if you want to buy the physical book obviously that costs you to buy a book right um but this is free the OS testing guide PDF is free and then webc Academy which we talked about is also free okay so if we go back to kind of the print book resources um the next one I really enjoy is real world bug hunting by Peter yorski so Peter was a a bug bounty hunter or still is a bug bounty hunter in the bug Bounty scene uh and he's been to like of hacker one Live Events and Bug crowd Live Events and um you know he's he's really in that scene you know very similar to myself he did a book on basically taking vulnerabilities that existed in real websites so like uber and um you know like a whole bunch of these companies that had bug bounties and breaking them down piece by piece and talking about how the tester approached finding the bug on a real real world website because what you get a lot is is you have like you have people learning about finding bugs um whatever kinds of bugs but they have it you know they have experience testing in a CTF lab environment where you know exactly where the bug is because they give you the place where it is and so this is a really good view of um you know looking at like an Enterprise application right where you can land on it and have really no idea about where you would go look for a bug and reading these writeups and having Peter break them down to you is really useful for you as a new person to understand kind of where they took place and how the the hacker approached that um that giant website basically that's great and this is another one that I end up lending out a ton so uh yeah for sure all right so next up on our list we have bug Bounty boot camp and um a lot you know like the first four of these are bug Bounty related Vicki is amazing hacker amazing person too and um this one is a little bit more recent than um Peter's book it basically goes over becoming like a bug Bounty Hunter you know through like some very general skill sets you need as well as finding the programs you want to work on and then an introduction to the most common types of vulnerabilities bug Bounty programs are subject to and a lot of bug Bounty stuff is web applications so there's a lot of web application stuff in here there's also a lot of reconnaissance methodology in here which I'm a very big proponent of and so Vicki has a lot of that in here too so this is a really good book if you're just getting started into bug Bounty or web hacking um to to pick up as well so next we have um the red team Field Manual so the red team field is a little dated at this point but luckily a lot of the tools and techniques when it comes to command line syntax um you know don't change a ton and so the red team Field Manual is basically a collection of useful Syntax for red teamers to do things when they're on internal assessments or assume breach assessments and how to use you know the most common tools and so while it is you know a slightly bit old at this point it is still a desk reference for a lot of uh cool attacks um we'll talk a little bit about you know kind of what the modern versions of this are as well but it never hurts to um to have this um you know kind of on your bookshelf and it's got a lot of Po shell in it a lot of bash in it which are you know two key skill sets for someone when they're going to you know attack an internal Network a lot of times you end up having to build your own tools and script them up yourself and so uh and then you have to know which tools to use on the internal test and so this is a great uh well field manual for uh for a lot of people it's the problem is written books right as soon as they printed the out of date yeah hacking books are really weird because as soon as you print them you know there could be a new tool right um that's that's a big problem so it's it's why I love books that talk about the underlying methodology of what you're trying to do rather than focus on a specific tool I mean the only tools that have made it through you know the life cycle is like like nmap right nmap is a pretty simple staple there's a couple others that really lasted many many years but there's always new tools coming out on GitHub and stuff like that so talking about the methodology is is somewhat more useful than talking about a specific syntax or tool sometimes times but this one has more of like the you want to write it yourself style so like bash and Powershell and that actually is kind of Evergreen as well the next one is uh red team development and operations by Joe vest and uh James tuberville and this talks about kind of um how to put together a team um how you manage it how you keep tribal knowledge you know together as far as far as building a red team so I really enjoyed this book read reading about how other you know people who build red teams grow them and stuff like that this is more of like a meta book about the industry so you know if you're not on a red team may not be for you but I really enjoyed this book because it was it was more of a discussion around like what are the stages you need certain types of roles on your red team right you need a web application specialist I mean an external specialist an internal specialist a fishing Specialist or social I guess and then you know at what point do you graduate to a tools developer right like someone Who develops your own tools for you and stuff like that and it was a really um interesting conversation book that I liked a lot I'm glad you said that because the books to dates that you shown us are bug Bounty related and or web hacking and it's I was one one of my questions was like what about other hacks you other types of hacks so looking forward to seeing what you what you what you know what you have in the pipeline of books yeah yeah I've got I've got some others that are um focused on some other stuff um I'm thinking of one now that I might not have opened up here but maybe we'll get to it so so this next one is the operator handbook and so it is more holistic than just kind of the red team field manual so it covers red blue and ENT you know kind of domains but it is very similar to um the red team Field Manual as it's a syntax collection um and basically all these useful like you know bash commands and Powershell commands and things that you can do not only on a red team side but also on a blue team side and also from an Osan side and so um this is a very handy cheat sheet in fact on The Blue Team side some of that syntax I actually haven't seen categorized really a lot on the web um as much as the red team stuff is and so I liked this book for a lot of its uh purple and blue and ENT style uh syntax collection for common things you do when you're a blue teamer um and so I like this one a lot so this is by Joshua picolet the next one is the tribe of hackers set of books and so uh tribe of hackers is by Marcus kery he's one of the ogs in the hacking scene has been doing it forever and tribe of hackers is not a technical um book uh per se it is and it's also by Jennifer jyn um and it is it is basically a collection of origin stories of different types of hackers and so they do one for tribe of hackers red team they do one for tribe of hackers blue team and so basically it's it's all these non-standard ways that all of these really popular and um gifted security people ended up being who they are like what steps did they take what jobs did they have what bit what big hacks Define their careers what tools did they write and it is a really awesome way to like get exposed to the career side and the origin story side of kind of our industry and so I really enjoyed reading the tribe of hackers um Red Team edition but also The Blue Team edition too that's great our next one is pentester the pentester blueprint by Phil Wy and Kim Crawley um and the pentester blueprint is also in that vein of you're like how do you start your career as an offensive security person and what steps do you take what uh what do you need you know as prere prerequisites to get into security um Phil has you know done a ton of interviews as part of his podcast and Kim has been in the industry for a long long time and led several teams and Phil has been you know leading teams and stuff like that too so what they tried to distill in this book is you know like if you're absolutely new and you want to get into offensive security here's the prerequisites here's you know uh how you interview here is you know how you conduct yourself and it really is a a really beneficial like soft skills books around being an offensive security professional that I enjoyed and and a whole bunch of new people I've given this to also really enjoyed next up is osen techniques and resources for uncovering online information Michael basil in our industry is kind of The Godfather of ENT basically he leads a class at black hat this is the 10th edition of his book that's out right now on ENT and I know you've had a lot of ENT people on your show have you had Michael before I haven't unfortunately there's a reason for that which I won't share here but nothing nothing bad just uh some stuff that has has stopped that happening but hopefully sometime someday I'll be able to interview I mean Michael has a black hat course that's been going for years now and um his book ENT techniques walks through you know basically fresh techniques to get information about people businesses um different types of entities um and so ENT comes into play both in red teaming bug bounty hunting and is just a valuable tool for pretty much any offensive security um that you're going to end up doing um even defensive security too A lot of people make their you know careers I I have a buddy who works at a big company who his whole job is when a new executive on boards he has to do a bunch of ents on them to make sure that they're not subject to a whole bunch of um kinds of attacks where you know they could be threatened or they have too much information online or their family could be at risk and so having ENT chops is really important and this is probably one of the best print resources for ENT techniques that exists online but next one is a new one and it's more in the red teaming kind of vein of things so this is evading EDR the definitive guide to defeating end endpoint Protection Systems so this is by Matt hand I am three4 of the way through this one I really enjoy it because my current job at bobot is red teaming and so one of the things is when you when you get the red team job and you're attacking an organization the first exploit or fish that you succeed at it's not really the end of the chain the next part of the chain is that you have to bypass you know the fancy antivirus or as we call these days the endpoint protection and so this book goes through tiers of EDR and how they detect uh what you're doing as a hacker and then what to do to your payloads and your attacks to bypass um some of these uh methods and so as an introduction to this topic and it this topic gets very down the rabbit hole um when you get into red Halloween this is a very good introduction to this topic for this kind of thing when you're in red teaming for offensive security our next print resources is uh a print resource is black hat graphql by um Nick Alex and so really what you see in in general in the appsc world is that uh a number of vulnerability classes that we've been seeing a lot of times in bug Bounty as or absc tests are starting to decline in prevalence because the Frameworks that we work with get better and better and better each year and so you still do see SQL injection and cross-site scripting what we're starting to see is that newer technologies that have ausc some of the frontend code that we used to to use in appc basically they're Opus skating you know the front- end code but they're part of apis now and so there are there are still ways to execute similar attacks against apis and so this is one um where specifically it's focusing on graphql graphql is you know hot hot hot way to build your apis right now and so uh basically Nick goes over you know kind of all of the ways to enumerate an API find out if it can leak data um and uh you know basically look at a graphql endpoint if you find one and what it looks like and he explains all the technology around it and so this is one I really recommend because you're going to find more and more apis in your offensive security work that you're going to need to hack and so it's um it's not readily familiar as a absc tester you probably you're used to poking out forms and parameters and this gives you um a lot of uh a lot of ammo to go after an API especially graphql one would you use it with Cory's book or is it like can you get to that book straight away that's uh that's the next one on our list here is uh hacking apis by Corey so uh so the next one on our list is another API hacking book um by Corey ball probably the most influential just general API hacking book that has come out ever I would say and the biggest collection of research on how to hack apis I had seen until I read his book is this book and so Corey um goes over not you know in in the previous book it's very graphql Focus all graphql Focus this one is all API structure Focus so it could be a rest API you know that gets defined by a Swagger file or something like that it could be even an XML base API which is kind of dying nowadays not a lot of people do that but Corey goes over everything um and this is absolutely one that people should subscribe to and the great thing about Cory's book too is he also offers a companion lab and learning certificate program and online learning platform alongside his book um called I think it's called apis University that's right yeah accompanying that with this book is the absolute place you should start if you're ever going to touch an API in an offensive security way um it is a fantastic so next on the list are some of the um books I recommend if you're going to do any offensive security work because eventually you will need to learn how to script um you don't have to learn how to code a lot of people say do you need to code in offensive security and the answer is no you don't need to be a front-end developer or backend developer but in many instances of your career you will need to know how to script together some output or a tool or to tie together a whole bunch of tools to build a methodology etc etc and so choosing a scripting language that you're going to use um and then learning about it is really important so many people these days choose go because of its concurrency it's it's basically more stable and so a lot of people who write offensive security tools are writing them in go these days many many of the top hacking tools are written in go and so um if you want to learn how to edit those tools to do things that you need them to do if you want to learn how to tie together large Frameworks of tools or just get around on the command line writing some go code black hat go is you know my preferred book for hackers specifically learning go interesting that you say go rather than python would you start with python then go to go or just like go straight to go so I think python is easier on Syntax for new people right I think that um python is sometimes easier to understand there's a million examples of writing all kinds of software in python as well it is our uh our next book which is black half thought you you're always ahead of me Jason that's great I'm sorry I'm sorry yeah uh that's brilant that's brilliant go on sorry so Justin seats is um is a longtime OG um in and Tim Arnold longtime OG's and kind of the offensive security world and so yes so if you're going to learn a scripting language you have basically three options you can use the built-in scripting language in you know in Linux and Unix which is most predominantly bash and you can try to script things together with that using command line tools then you know you have that choice of either choosing python or go usually are the two predominant languages that most red teamers and Bug bounty hunters will choose one that they like better if you want to be on The Cutting Edge and you just want to dive into that probably go if you want to be if you want an introduction to scripting that GR ues from just using the command line um it would be python that would be what I would tell new people basically so black at python is one of the best resources when you get into python coding for offensive security basically for for pent testers and the last one is black hat bash yeah that's coming out well hopefully soon if it's not out already at the to of to this video goes live yeah it's going to be out in Fall 2024 I think you can get it for pre-order Early Access too right now so like you can get the revieww copy it may not be exactly the same as the release copy but Dov and Nick who again wrote the other book the black hat um graph all one are writing a A bash book and Bash is my love I love scripting things together in bash I am highly excited for this book I talked to Nick when I went to RSA earlier this last year when he was in development of this book and he was talking about some of the things he was covered and um I can't wait for it to come out honestly um it'll be it'll be sitting on my desk and um I can't wait for this one to come out because a lot of times you know writing a whole Pro program or or or um or script in offensive security to do one thing one thing very well it you know it might be a waste of you know kind of effort in some cases in some cases you just want to use bash and and basically you know with bubble gum and popsicle sticks put something together and uh script together two two tools or work with some output for some tools change it into other output that other tools can use bash is the ultimate um scripting language for pretty much pent testers and hackers okay so this one I can almost guarantee that you didn't have on any of your lists yet um that nobody talked about but um this one is Zano's methodology have you heard of this one yet Y no oh you have no okay no no I was going to say I haven't it's not it's not on my list no so Z shano is uh one of the million-dollar hackers on hacker one uh he is a phenomenal web application tester basically and he's very well known in the bug bounty hunting scene um and he runs his own site um with a CTF challenge but he gives out this version It's a 71 page version of his methodology absolutely free talking about how he approaches um finding input validation bugs and cross-site scripting and you know all kinds of other web bugs um but he is really a master at cross-site scripting his methodology very similar to the one I teach in my class too so this is a free resource where you can get you know one of the best um security testers in the world has written kind of about how he he approaches things and it is very down to earth like uh Sean is is so down to earth when he tries to explain how you find these things he's not overly using technical jargon he's just like hey I look at a website and I think about like where things will be and then this is how I choose that thing and then this is what I do to that thing and um it's a really fresh way of teaching as well nice um and so I like his methodology many of my students also love this me this print Resource as well so it is available at bugbounty hunter.com under his methodology Zano's methodology I know he's doing a revamp of it too he's going to add some stuff coming up I think in 2024 so that's that's coming up that's great back into the soft skills arena is um is actually one of my acquaintances and Friends Andy Gil less soft skills but more of like industry kind of stuff and so uh Andy wrote uh Andy is a longtime pentester been part of many of the most successful consultancies in the world and um also has been a long time Defcon goon as well so you know one of the people who walks around the hallways and you know tells you to get back in line and helps you find where to go and stuff like that so um so Andy wrote this book called breaking into information security learning the ropes just like the pentester BL blueprint from Phil um it's very much accompanies your journey into being a junior or having zero knowledge finding a job you know getting your foot in the door understanding what your first assignments will be um How To Succeed in those things how to you know uh basically put yourself forward as like a professional in the offensive security world and so um Andy has two books he has this one breaking into information security learning the road 101 and it's a you know it's a pay what you can book so that's really valuable for people who don't have a high budget and then he has the new one which just come out which is called expanding your security Horizons um learning the RS of 102 which came out recently and so this is the sequel to that with kind of wider topics uh you know basically diving into like okay you want to specialize now in your career maybe you'll want to be a mobile application tester maybe you'll want to specialize in web maybe you'll specialize in databases you know there's a lot of offshoots of security that you can end up in um and so he talks about that and really these topics don't get talked about a lot um when people are like oh I want to get into security right and there are a hundred little offshoots of what you can do and and no conference talk I've ever seen Maps it out really well to say okay well like if you're interested in this kind of stuff maybe you could be one of these people and if you're interested in this kind of stuff maybe you could be one of these people a story I have around here is is I was uh I was a career pentester as part of HP for many years and and um I led as the Director um of offensive security at HP I led our pen testing teams our mobile app assent teams but I had also played a lot of CTF and so I had played CTF with uh with a group called shellfish which is uh you know back in the day it was mostly um the University of California Santa Barbara which was where I lived so I played CTF with them many years one of the guys there who was the head of um of their stuff uh the head of their hacking lab and the head of their CTF team at the time um I I was really good friends with him and so you know I kept on we'd go I'd go to his house after work and talk about you know kind of the stuff I was doing hacking into these networks and stuff and he was amazed because there was a big Delta between what they were learning in college and um doing for ctfs which is mostly binary exploitation and what I was doing in the real world which was Network penetration testing and so they you know he didn't really know any of this stuff but then you know the day came when he got out of college and he wanted you know a real job and so I said come work for us and and it turned out that he hated career pentesting because it's Consulting and he didn't really want to deal with people that much and um and then like the type of work that we did wasn't what he was used to and and really not the specialty of we wanted to do and so these books as well as Phil's books will try to guide you into understanding what you might like and what you can make a sustainable career as well I like that because it's confusing when you start out right yeah it's really confusing yeah and you only know after you've been in it for a little while that you maybe hate something so yeah yeah exactly I mean there's so many options and I I've got a bunch of questions near the end so you you carry on Jason and then I'll throw some questions at you all right so I know you asked me to bring my books right and so those are print resources that you know are PDFs or books but I brought a whole bunch more and I hope that's okay with everyone of course yeah of course there was just a whole bunch of stuff in my slides and things that I have bookmarked that I think I think everybody should really you know use and and most of them are free so hopefully that's that's a good benefit here that's amazing Jason I really appreciate you sh your your experience no it's great no no worries uh the next one I have is um it's it's a Weeki so basically we have a couple of these really great all-encompassing Weeki projects in the offensive security realm and the first one I want to talk about is pentex pentest book by six toz now six toz in our industry he writes a whole bunch of tools he's a career pentester um he writes one of the best Recon Frameworks out there which is called Recon for the win but he has basically taken all of this information and knowledge on the internet for offensive security testing and turn it into a public Weeki book and so you can go to his site and there is a ton of like notes and information around um different web attacks he's got a whole bunch of resources bookmarked in here he's got a whole bunch of syntax and so it's a living document for using certain tools and doing certain taxs and collecting resources this is one that I keep bookmarked um because he's he's got a lot a lot of information about fuzzing strings and way to ways to execute different attacks and so and he just puts all of his knowledge in here so this one is kept up to date when you talk about things like this like these weaky books the first one most people will talk about other than pentest book is hack tricks and hack tricks is also the same kind of idea it's a weaky book online uh totally free and it's got methodology for you know what you do for an external pentest an internal pentest a Wi-Fi pentest a fishing methodology and these resources unlike the books that we've talked about they're always always getting updated by multiple people um and so these are really useful even in the defensive stuff I mean um the guys at hack tricks put a whole bunch of hardening guides to together from Linux as well as uh mobile testing so whatever they're into as their career progresses they start putting into this book and they invite other people to um to grab it to grab you know like this information from their from their wey which is absolutely free so it's it's it's really cool you can also like search exploits on here like you can you can use the search bar to like search a certain style of exploit there's a whole bunch of pre-built searches here that you can ask it to so it's uh hack trick is very well known inside of the offensive security Community as being kind of a great Desk Reference to to have around that's brilliant so the next two are actually fuzzing lists and um one I work with um and it's hosted by my friend Daniel misler and another one um is is very similar but when you get into offensive security testing eventually you end up having to fuzz something which which means throw a whole bunch of attack traffic at it and see what happens and that's a lot of what hacking is actually it's just throwing stuff against the wall and seeing what happens a lot of people don't like to hear that but that actually is what it is sometimes and so uh one of the resources that you know two of the resources that you should have uh bookmarked for this is seist and um the other one I'm going to talk about is payload all the things but um I'll tell you the story around how seist came to be and how most of these fuzzing projects came to be was um I told in my class and people couldn't believe it so so Dan and I were career pent testers at uh h Pete we were basically hired uh by a a client to do um an internal penetration test of a whole bunch of applications and their Network and so we get on site and this is many many years ago and we get on site and the clients you know we bring our laptops as consultants and we get on site and the client says you can't use those we're like what and they're like yeah we're a controlled environment you cannot use your own laptops here here are these laptops you can use for testing so there out the window goes all of our tools all of our stuff right we can't use a a VPS or a cloud hosted box um because that doesn't have access to the interal Network and no way were they going to let that happen so we get these new laptops and they're the only ones we can use and um they don't have anything on them then we say hey like we need these tools we need like burp suite and we need um some other stuff to do our work and they're like no it takes six months for us to requisition new tools installed to the image and so me and Dan are just sitting there like okay what do we what do we do we had a team with us to it wasn't just me and Dan it was a whole bunch of awesome people on the HP team and so we're like What we what do we do like you know like I mean you can hack things manually without burp Suite but to hack a whole app manually and feel like you got great coverage and to hack a network and write all your stuff for scratch it is a tremendous workload what we ended up doing was like Hey Okay so we need this one tool we need we need burp suite at the very least um and so we ended up convincing them that was like the only tool we we would need and so they were okay with that and this is before burps would even came with built-in fuzzing lists and so we we did is we went out to the community and all these open- source security scanning projects and some Clos sourced commercial ones too and we dumped all of their attack strings out of their products and into text files and then we could reinstitute the type of scanning that a Enterprise scanner would do would just burp and these text files and so that's how seist was born basically um and so we use that to great success on this test um and that's hacker engenuity right is like figure out and so seist is a collection of fuzzing lists common passwords it's got a whole buch of stuff in it and so you can it comes by default installed on uh Cali now so if you look in Cali SE list will come pre-installed and if you go inside you know some of these things you can see that we're categorizing like um different text files you can use to Brute Force things or to fuzz things and so we go to uh like web payloads or fuzzing here you can see that we have SQL injection payloads so you know a quick scan of SQL injection should include sending these types of spr strings to the application and you can use burp to do all this kind of stuff and U next time I come back maybe I'll show you guys kind of like what that workflow works like looks like in Bur great so this we started this and this continues to be run to this day mostly by a friend of ours got milk and he's a a very well-known hacker in the community Dan and I you know kind of sit back and um just moderate a little bit of the project but a derivative of our project is called payload all the things and payload all the things is not only useful because it does that fuzzing uh payload collection like we do but they also offer a ton of context around vulnerabilities and you can learn a lot about specific vulnerability types in web application and Red Team testing by just looking at the um at their markdown so if you go in here and you look at payload all the things and you go to like mimic cats they're more of a holistic like guide on how to use the tool and how to do certain things with the tool and with syntax and stuff like that so this is one of the most upto-date GitHub projects for offensive security when it comes to this kind of stuff um you can go down to like let me see here if I go to directory traversal and appc it's got a big summary um you know what tools you can use the basic explanation the type of fuzz strings you can use and so payload all the things is a really valuable resource to have bookmarked as a new web security tester or a new red Tamer basically that's amazing Jason yeah so these are the kind of things I keep bookmarked and then there's some other stuff which I just generally use to keep me informed there are a whole bunch of newsletters that exist in security that personally I read every week uh so you subscribe to them they're free you get an email every week and so the the first one is actually I mentioned Dan and I've worked a lot with Dan is his newsletter on supervised learning I you know I read every week for security news um so understanding like who got popped this week you know what big you know methods and security were bid this week breaches and stuff like that he also does a tremendous amount of research on AI which you know as a security person I know that our industry is about to become heavily entwined with AI and so Dan does a ton of on on AI and so I have to keep up to date with that too Dan's newsletter uh is one of the ones I absolutely it's so bite-sized too he tries to make it so digestible so that you could listen to it in your car um he has an audio version of it you can listen to it in your car and um you know by the time you get to work you could have pretty much got an update on everything that happened during the week in security so I like unsupervised learning I also like TLD drrc by Clint Gibler which is very um offensive or it's very um appsec focused so application security and web testing and web defense um but also Clint covers a whole bunch of topics and his and Clint covers a lot of resources less less news and more um like conference talks and uh tool releases and a whole bunch of stuff and so tldr SEC was kind of born from Clint went to um a whole bunch of conferences and he did he did this thing he's like I watched all 44 talks from abet Cali 2019 and this is actually where it came and here's what I learned out of it and here's what I liked and so that's what tldr SEC was born from and so um I love Clint's content um so tldr SEC keeps me up to date on tools and conference talks and kind of you know just all the stuff I need to know in appc basically there's two more or there's three more actually so um Integrity is a bug Bounty platform and they write uh a newsletter called bug bites and bug bites basically goes over all things um bug Bounty um that you might want to read and if you're new into you know getting into security testing one thing to understand is that like you know following the bug Bounty scene even if you don't want to be a bug Bounty Hunter but even if you're just going to do absc testing or red teaming is supremely valuable because they are on the Forefront of hacking real applications and they're writing about it all the time and they're writing about the tool tools they use and the methodologies they use so even if you don't want to do bug bounty hunting these next three newsletters I behoove you to sign up for because they're amazing resources just to keep your hacking fresh um so bug bites is one it's written by Insider PhD who's a very known uh content creator in the bug Bounty and hacking space um she puts together bug bites for integrity the next one is um Secura be's high five which is very much the same type thing it breaks down um breaks down bug b findings you know news in the bug mounty industry uh methodologies that people published really keeping its you know kind of finger on the pulse of you know kind of um hacking high five is really good and the last one I recommend is Greg's bug Bounty reports explained and Greg does a really great job of um his in his newsletter breaking down um things like Peter does and like U Vicky does in their books but his his newsletter happens every week so he breaks down you know case studies for rce vulnerability so he'll go over all of the bug boundy platforms and this is the same way I approach research he'll go over all the bug boundy platforms and find every RC ebug that existed for the last year and then he will spreadsheet them out and be like okay what was the way they did this what was the you know the fuzz string they used you know what were the interesting things about this vulnerability you know and uh he will take a very scientific view of basically hacking and and parse it for people to read in his newsletter and his uh his YouTube basically and then the last one is um this is Matt Jay's vulnerable U and so vulnerable U is another news um focused um one but also what a lot of people don't talk about in offensive security is it can be a very burnout Centric job sometimes um any it role can be really Matt talks a lot about dealing with being a security professional from that point of view and having a long- lasting career um and how to deal with kind of the burnout and depression that can come with dealing with you know the problem of security you know and sometimes security can seem impossible when you finally do get the job right and you realize that everybody's vulnerable everybody could get hacked there's no perfect security measure and even if there is can you implement it at the place you work at Maybe not maybe it's just not possible and so Matt goes over news and um and a slice of of kind of the personal side of infosec and so those are the newsletters that I read every week um I'll usually try to read Dan's at the beginning of the week clints at the front end the bug bounty ones I'll try to burn through in the middle of the week and then I'll read vulnerable you at the end of the week and that's kind of my um you know hour I put aside every morning for one of these things or half an hour or something like that I love that because the problem with books like we said is they go out a date but this is great because you're giving us like up up to the like week if you like or like up to the day information yeah up to the second I mean one of Matt's featured ones was like all the news about MGM getting hacked and how it happened and Caesar's getting hacked the day after it happened and Matt has a lot of people he has a lot of uh bat's been around forever he is part of white hat which is a a very prominent consultancy in the information security scene um but he knows everybody and so he gets the inside scoop on a lot of these things that not a lot of people do um and he does the research and so it's really kind of investigative journalism as well uh for you know some of these things which is which is cool that's fantastic the last section I have for everybody but wait there's more I love it there's more yeah yeah no I got I got a little bit more okay so we will start over here so if you're into you know web testing or you want to do some of your own research um hacker one and Bug crowd have these two feeds and so when people submit a bug Bounty report to a customer at the end of it getting accepted or not getting accepted um they can ask can I can I um publicize this vulnerability for everybody to read about as you know like a disclosure basically a security disclosure and many customers will say no this is private thing between you and me but some customers will say yes on hacker one and buck Crow they keep a stream of these going and so they are actually some of the best places to learn about vulnerabilities and how they take place in the real world and so this is activity by hacker 1 it doesn't cost anything to use it you don't even have to be signed up for hacker one to check this out but you can go through here and look at like Okay so this was a critical bug for unauthenticated remote access to testing endpoint and you can click in here and this one is highly redacted so uh you won't get a lot of information here but in some of these you will get actual full information on on um what the researcher did and what they found um and so you can just kind of Click around through here you know um a security advisory they found a cve you can also see the Discord you know the talk between the bug Bounty Hunter and the program and what they talk about and etc etc and so spending time parsing activity especially for bugs that you want to learn about so let's you know let's say SQL injection is something that you're having a hard time wrapping your head around um or you want to keep up to date on you can search activity and Bug Crow has one that's called crowdstream uh they're the same idea and you can learn a lot a lot about um basically uh these type of these type of bugs so um crowd streams are not all um hyperlink um sometimes it's just a you know just disclose that hey Lululemon basically you know there was a $2,700 P1 on them um but there's no detail but if you scroll down through here you'll get some that have like a sufficient amount of detail as well so um so those are like if you want to take Research into your own hands and do like the crowd streaming activity are really great and then gwendell lck who is a prominent um tools maker in the offensive security scene um he writes a couple of really good tools I talk about in my class he has a site called offs sec. tools and one of the things that you can struggle with in your journey of offensive security is like there are new tools like we talked about coming out all the time and so what gwendel tries to do is he has this site where you can either submit a tool or he keeps his finger on the pulse of all these open source tools that come out for um stuff and he has a whole site that'll basically just uh if you can you can search for any type of tool or anything and he'll tell you everything that they know about uh tool that exists in that way and which ones were most updated recently and which ones are featured and preferred and so um his site is a really great way to keep on top of the open source tooling that happens in the um in the area of kind of offensive security and I promise I'm almost done I promise but I have I love this I love this I wouldn't be um I wouldn't be know like uh being honest about kind of like you there are some foray resources for um you know learning about vulnerabilities and the two most commonly referred to be my students right because I run a class to but they're like hey I really like I basically hack the box and try hack me right and so those two platforms have come a long way from just being CTF style things now they have whole learning tracks to um to different things and so if you pay which you know we we're trying to keep it open source for new people and like you know but um if you have a little bit of money to invest they have whole learning um tracks and Labs that you can do at in both hack the boox academy and try hackme and so you can see that they have like lots of learning and then they have a CTF Associated to each learning track and so these are really good for the web stuff you can get absolutely free um what we talked about um webc Academy with Port sger but that just covers web security these platforms cover all kinds of security topics like red team fundamentals and and they have different content too than webs SEC Academy so if you get to the point where you do have some cash to float around or you're you know you're an intern and your employer maybe we'll sponsor some training these are two that my students highly recommend is try hack me and um hack the Box Academy the other one is uh pentester lab by Louie and um this one also has a pro version and some free stuff that you can grab um you self-host a whole bunch of exercises he also goes over a lot of cve so if a new cve comes out and you want to understand how that CV Works he is usually one of the first ones to build a challenge for it uh Louis at pentester lab so um these are some great platforms to graduate to later on in you know in your kind of career that's everything I got for you guys it's everything that was in my course basically you got like 1/4th of my course you know the first day and so u
2024-01-07 19:32