Learn-Security-Materials.md

Basic OS & Networking:

• LPIC-1 Jadi training materials
• The Linux Command Line 2nd ed.
• Linux Bible 10th Ed. (Must-read for beginners as a reference book)
• Network+ Study guide. (Must-read for beginners.)
• Security+ Study guide. Basic intro to security.
• MCSA Windows 10 Study Guide
• MCSA Networking With Win Server 2016
• Microsoft Security-101 Free Courses Great source for learning basic but good-to-know theoretical topics

Basic Programming (for security): [Python recommended]

• BlackHat Python 2nd Edition (Updated for Python 3)
• BlackHat Python (Must-read for beginners, Python 2)
• GrayHat Python
• Shell Programming & Bash Scripting
• Black Hat Go
• Effective C (Great & light book to start with C)
• Gray Hat C#
• Violent Python (Not covering Python3)
• Windows Internals Series (Advanced, needs development skills. Reference book)
• *OS Internals [Mac/iOS] (Advanced, needs development skills, Reference book)
• Computer Science fundamentals free courses (Free online equivalent of CS bachelor degree!)
• https://github.com/Developer-Y/cs-video-courses (similar to above)
• BlackHat Rust

Basic Hacking/Pentest/Exploitation:

• Penetration Testing: A Hands-On Introduction to Hacking
• Breaking into infosec
• GrayHat Hacking 5th edition
• Attacking Network Protocols
• Hacking: The Art of Exploitation, 2nd Edition Lighter book compared to shellcoders Handbook
• Red Team Field Manual (2014)
• Advanced Penetration Testing(2015, Case & story driven guide into pen-tests)
• The Hackers Playbook 2 (2015)
• The Hackers Playbook 3 (2018)
• Hands on Hacking (2020)
• The Shellcoder's Handbook (Old but gold. Exploitation techniques are obsolete. Gives insight)

Network & VoIP: [Most of these are old books, but protocols age well!]

• Hacking Exposed Cisco (2005. Old but still relevant & gold)
• Hacking Exposed VoIP (2006, Old but still relevant)
• Hacking Exposed UC & VoIP (2013, more up2date of previous book)
• Hacking Exposed Wireless 3rd Ed. (2015, slightly outdated but still good overview)
• Security Testing with Raspberry Pi(2020)

Web:

• Web Application Hackers Handbook 2nd Edition
• Browser Hackers Handbook
• Tangled Web
• Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks
• Real World Bug Hunting -Web Application Security: Exploitation and Countermeasures for Modern Web Applications
• JavaScript For Hackers

Mobile (applications):

• Android Hackers Handbook
• Android Security Internals
• iOS Application Security
• iOS Hackers Handbook
• Mobile Application Hackers Handbook
• FRIDA Handbook must-read

Code Audit:

• The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
• Art of Software Security Testing, The: Identifying Software Security Flaws
• OWASP Core Review Guide v2
• Modern Memory Safety: C/C++ Vulnerability Discovery, Exploitation, Hardening (Training Material)
• https://rules.sonarsource.com/ (reference of common dangerous APIs in different languages)
• https://vulncat.fortify.com/en
• LiveOverflow YouTube channel (live code audit videos), great resource!
• SCI CERT Coding Standards
• C Traps & Pitfalls
• http://c-faq.com/
• Vulnerabilities 1001: C-Family Software Implementation Vulnerabilities
• https://owasp.org/www-community/Source_Code_Analysis_Tools list of ALL tools (most suck!)
• FindSecurityBugs Java Bugs Patterns
• Recurity Labs Code Audit Training
• Learn about SemGrep and how to write queries for it!
• Learn about CodeQL and how to write queries for it!

Reversing:

• Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, ...
• Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, ...
• The IDA Pro Book, 2nd Edition
• The Ghidra Book (upcoming)
• Getting Started with Ghidra
• Reversing: Secrets of Reverse Engineering
• Reverse Engineering for Beginners ( great free reference)
• Best Assembly reference (free) book
• Ghidra Software Reverse Engineering for Beginners

Malware :

• Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
• Malware Data Science
• Rootkits & Bootkits
• The Art of Memory Forensics
• The Art of Mac Malware: Analysis
• Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems

Fuzzing:

• Fuzzing: Brute Force Vulnerability Discovery (old but still relevant)
• Fuzzing for Software Security Testing and Quality Assurance, Second Edition
• https://github.com/secfigo/Awesome-Fuzzing (list of fuzzing books, papers, resources)
• https://github.com/cpuu/awesome-fuzzing (good academic papers list)
• Brandon Falk (Lots of podcasts and live sessions about advanced fuzzing)

Cryptography:

• Serious Cryptography
• Practical Cryptography

Hardware :

• Hardware Security: A Hands-on Learning Approach
• The Hardware Hacking Handbook
• Practical IoT Hacking

Cloud :

• How to Hack Like a Ghost
• Pentesting Azure Applications
• Advanced Penetration Testing: Hacking Google Cloud Platform (GCP)
• Mastering Cloud Penetration Testing
• AWS Penetration Testing
• Hands-On AWS Penetration Testing with Kali
• Penetration Testing Azure for Ethical Hackers
• Hacking Kubernets, Threat Driven Analysis
• Cloud Penetration Testing for Red Teamers: Learn how to effectively pentest AWS, Azure, and GCP applications
• Building and Automating Penetration Testing Labs in the Cloud: Set up cost-effective hacking environments for learning cloud security on AWS, Azure, and GCP

Radio / SDR:

• Inside Radio