Out of popular request, it is time to put together a list of the Best Hacking Books in 2020. Now, this list doesn’t only contain Hacking Books that were released in 2020, but simply all the books worth mentioning as of this year. There are still some classics that will always be mentioned, even they haven’t been updated for years, they remain relevant. I basically get questions from you guys every single day, be it on Instagram, Facebook, Twitter or via E-Mail, which Ethical Hacking Books should I buy to get started.
“What are the best Hacking Books?” or “Do you recommend to learn from books?” are the most popular ones. I understand that nowadays we have so many possibilities when it comes to learning. We got YouTube, we have a gazillion of online courses, serving every topic one can imagine. But I am a firm believer in a good book. Why? Because putting together a good book takes a hell lot of work.
You need to revise your content multiple times, you need to cut out irrelevant content and distill it down to the best possible version. I think this makes books a much richer experience than a 5 minute YouTube video because usually the content is so carefully selected.
That being said, I highly recommend learning with books. A great advantage is also that you can put bookmarks (yes, the paper ones) in your book and quickly look something up if you need to.
This article does not only contain the Best Hacking Books, but it is also a list of my personal favorite books. I personally own all of the books I recommend here.
By the way, the order in this list is not relevant. All books mentioned are worth reading in no particular order.
All books can be found in the Ceos3c Amazon Store.
If you want to get started with Ethical Hacking or Bug Bounties, feel free to follow my YouTube Channel where I regularly publish beginner friendly Ethical Hacking tutorials. I also stream Live Hacking CTF’s twice a week on Twitch. I also started a new series recently that is called The Ethical Hacking Diaries, where I write weekly digests of stuff I have learned in the previous week on my journey of becoming a Bug Bounty Hunter.
Let’s get started with the actual article. Shoot me a message on Twitter at any time in case you have questions or suggestions in regards of this list.
The Hackers Playbook 2
by Peter Kim
Level: Beginner Friendly!
If I could only choose one book, this would be it.
I started out with this book and it helped me tremendously. It has just the right pace when you just start out. You learn how to set up a lab and you go through all the well-known tools that professional Penetration Tester uses.
This book could be referred to as a “Penetration Tester Guide”, whereas the Hacker’s Playbook 3 could be referred to as a “Red Team Guide”. I get to the difference between those two a little bit later. I would definitely recommend reading the second edition before the third edition. Both are excellent books, but the second edition is a little bit easier to get started.
In this book, next to learning how to set up a lab and Kali Linux, you learn about:
- Passive Discovery (OSINT)
- Password Lists
- Active Directory
- Vulnerability Scanning
- Web Application Security
- How to move through a network
- Social Engineering
- Password Cracking
And many more things. The great thing is that Peter really treats you as a beginner, meaning he doesn’t skip steps that he assumes you know. I love that kind of authors. All of this being said, you can probably see that I personally really like this book and can’t recommend it enough. If you had to choose one book to get started, it’s this!
The Hackers Playbook 3
by Peter Kim
Level: Beginner Friendly!
The Hackers Playbook 3 is the natural evolution of its predecessor The Hackers Playbook 2. This is easily in the top 3 of my favorite Hacking Books of all time. I have read both books and the third one even tops the second one by a notch.
Peter takes you on a journey through all the phases of a penetration test. He helps you to set up your pentesting environment and then takes you through all the steps of a penetration test, Reconnaissance, Web Application Exploitation, Compromising Networks, Social Engineering techniques, Physical Attacks, avoiding AV’s and IDS and of course, Exploitation.
This book has a great introduction to Web Application testing, there is a vulnerable Web Application included in this book that teaches you some newer techniques that are used nowadays. On top of that, there are attacks against NodeJS, SQL Injection, and some advanced XSS techniques. Many of my friends have read this book as well and highly recommend it for every beginner.
I learned a ton from this book. I worked through it several times because the techniques taught in it are extremely valuable to sharpen your skills. Peter Kim is an excellent teacher.
I will mention that this book is harder than the second edition. The techniques here are more sophisticated, so you would really benefit from reading the second edition before buying the third one. There is also a lot of information about what it means to be a Red Teamer vs. a Penetration Tester, which is really interesting to learn.
In the end, you need to know how to report your findings to your clients, this book teaches you that as well.
I do highly recommend to add this book to your Ethical Hacking Books library!
Real-World Bug Hunting
by Peter Yaworski
Level: Beginner friendly – Intermediate
The latest addition to this guide. If you have been following me on social media or in general at all in the past few months, you know that I am mostly doing Bug Bounty Hunting and educating myself in this area at the moment. This book is very new (it was released in 2019) and up-to-date. Peter is a seasoned security professional who tries to give people with zero knowledge in this area an entry point – and I think he achieved this. This book easily makes it in my Top 3 of my favorite Hacking Books of all time.
This book is very well written and goes in-depth into all the important topics in regards to Web Application Security / Bug Hunting. After covering Bug Bounty Basics, it takes you through all of the most common Web Vulnerability Types out there, like:
- Open Redirect
- HTTP Parameter Pollution
- Cross-Site Request Forgery
- HTML Injection
- Carriage Return Line Feed Injection
- Cross-Site Scripting
- SQL Injection
…and a lot more. After a detailed explanation of every vulnerability type follows some actual reports of real vulnerabilities that were found with the Hackerone Bug Bounty Program, including information on how the bug was found, where it was found and how much it paid. Seeing this kind of information makes the whole thing a bit easier to understand, as you see actual examples in the wild.
Another very interesting section awaits you at the end of the book: Finding your Own Bug Bounties.
This section covers everything from Reconnaissance over Application Testing and how to Automate your testing, etc.
The last section of the book covers Report Writing, which I think is a very important topic to get a grasp of. Peter does a wonderful job of explaining things and makes complicated topics quite easy to understand. You really see his years of experience reflecting in this book.
If you want to get started with Bug Bounties and don’t want to dive into a behemoth that is the Web Application Hacker’s Handbook right away, this is your book. I highly recommend this book for any beginner, any day.
Rtfm: Red Team Field Manual
by Ben Clark
Level: All levels
The Red Team Field Manual is a must-have when it comes to Hacking Books. This is not a book you use to study, this is a Red Team Reference Guide. This guide contains the basic syntax of commonly used Linux and Windows commands. It also includes Python Scripts and Windows PowerShell tips.
I personally always take this book with me when I am on assignment or on any hacking related trip. I have a lot of personal notes and additions to it as well. For the price, I definitely recommend picking up a copy. Put it under your pillow while you sleep, carry it with you at all times. Great little book.
Hacking: The Art of Exploitation, 2nd Edition
by Jon Erickson
You will probably have a hard time finding a Hacker / Cybersecurity specialist who would not recommend this book. Hacking: The Art of Exploitation is a true classic when it comes to Hacking Books. The only downside is, it was updated in 2008 for the last time. The good news is, most of its content is still relevant and valuable today. This book helps you to build a solid foundation of theory and technique, that will translate very well to modern hacking tools.
This book has it all, you will learn a bit of Programming, Exploitation, Networking, Shellcode, Countermeasures, and Cryptology. Frankly speaking, I still recommend this book today.
Be aware tho, that this book is geared more towards advanced users. I would not recommend picking up this book as a first book. You should be familiar or have a basic idea of Assembly before starting this book.
The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws
by Dafydd Stuttard & Marcus Pinto
So far, all books have cut into the topic of Web Application Hacking as a separate section. This book is dedicated to the topic. The Web Application Hacker’s Handbook is one of the best books out there when it comes to Hacking Books for Web Application Testing. The book was written by the guys who developed Burp Suite, the most popular Web Application Testing framework out there.
If you get a book that was written by people who developed an actual Web Application Testing framework, you can just make your best bet on the value you find in it. This is a behemoth of a book with its 912 pages. It was last updated in the year 2011, so the content is still very relevant today.
Nowadays, you have to know about Web Application Security if you want to work in Cyber Security. So many companies use Web Applications and many of them have flaws because they were poorly developed or not updated. The Web Application Hacker’s Handbook helps you to understand common flaws and how to exploit them. You won’t believe how many Web Application flaws you will find in the real world.
That being said, if you are serious about working in Cyber Security, you will, or should not be able to avoid this book. This book takes you through Web Application Security step by step, from the very beginnings until you eventually have a good grasp on the topic. Highly recommended addition to your Ethical Hacking Books collection.
Penetration Testing: A Hands-On Introduction to Hacking
by Georgia Weidman
Level: Beginner friendly!
This book was written by a security expert, researcher, and trainer Georgia Weidman. Penetration Testing: A Hands-On Introduction to Hacking teaches the fundamental skills that every penetration tester needs. You will build a virtual lab with Kali Linux and a couple of vulnerable virtual machines and you will run through multiple scenarios in this environment. Tools like Wireshark, Nmap and Burp Suite are being used in this book, amongst many others.
You will learn how to crack passwords, how to hack wireless networks by brute-forcing with the use of wordlists, you will learn a bit of web application security, you’ll learn about the Metasploit framework, how to bypass antivirus software and how to take control of a virtual machine to compromise the network. This book, much like the Hacker’s Playbook 3, is a good first read for people interested in learning Cyber Security.
Some people really love the explanation skills of Georgia and swear by it, some people I know personally also used it as a preparation for the OSCP test. This book has a lot of step-by-step going on in it, so very easy to understand even for beginners.
Caveat: Unfortunately, several people have reported that parts of the labs and the external materials in the book are no longer available. So only buy it if you know what you’re looking for! You can follow the author’s Twitter account as she is currently working on the second edition of the book!
Kali Linux Revealed: Mastering the Penetration Testing Distribution
by Raphael Hertzog & Jim O’ Gorman
First things first, this is not one of the Ethical Hacking Books that teach you penetration testing. This is a book that teaches you Kali Linux. Kali Linux, formerly known as Backtrack, is the by far most popular penetration testing distribution out there. Therefore, it just makes sense for you to learn it. Although I do not recommend Kali Linux for beginners, if you do decide to go for Kali Linux anyway, I highly recommend reading Kali Linux Revealed.
In this book, the Kali developers themselves will take you on a journey through the operating system and help you to maximize your use of Kali Linux. You will learn all the fundamentals of Kali Linux, you will learn Linux basics and concepts and you will learn how to install Kali Linux in all kinds of different scenarios (Laptop, Desktop, Server, Virtual, etc.). On top of that, you will learn how to configure packages and how to keep your Kali installed updated the right way.
They even take you through things like deployment in large enterprise networks and very advanced topics like kernel compilation, the creation of custom ISO files and encryption. This is why I rate this book Beginner-Advanced. You can definitely learn something new from this book no matter where you are coming from.
Don’t get distracted by the Amazon ratings, some people clearly can’t read and complain that there are no pentesting tools taught in this book, which never was its intention in the first place. That being said, if you work with Kali, pick up this book, it will take you to the next level and keep you secure in the long run. You can also check out my article to at least do the bare essential steps after installing Kali Linux as a beginner.
Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
by The Legend Himself, Kevin Mitnick
Level: All levels
Now one could argue if this fits in the category of Hacking Books or not, but for me it definitely does. Ghost in the Wires is a book by one of the most well-known hackers there ever was: Kevin Mitnick. So, why would I recommend this book? Because it is a Hacking Book by definition. This book tells the real story of Kevin Mitnick, a computer Hacker that had his prime between the years 1979 and 1995, where he finally got arrested by the FBI after being on the run for several years.
Kevin hacked his first computer system at the age of 16, from there on out, there was no way back. This book does very well in explaining how a Hacker’s mind works and what drives them. It gives you an in-depth look into the Hacker’s mindset, and that is exactly why I found this book to be extremely valuable. I don’t know how much exaggeration is going in this book from Kevin’s side, but most of the stories he tells seem to be pretty legit and in the realm of possibility, especially because many of them were confirmed either by the Fed’s or by his former friends/foes.
I indulged this book in no time, I had so much fun reading it that I blazed through it within a week, which is very unusual for me.
That being said, don’t only focus on learning, focus on fun as well, and this book definitely is fun! A must-read for every wannabe Hacker!
By the way, Kevin works as a very successful security consultant since the year 2000, he consults Fortune 500 companies and… the FBI(lol). So you can see, he has grown up and works as an ethical hacker now. He also published a couple of other books on stuff like Social Engineering and how to stay safe on the Internet. I won’t list them here because I haven’t read them yet, but you find them in my Amazon Store.
Advanced Penetration Testing: Hacking the World’s Most Secure Networks
by Will Allsopp
I had to include at least one more advanced book in this Hacking Books list to satisfy everyone. But no, really, Advanced Penetration Testing has gained a lot of traction lately. It covers ATP (Advanced Penetration Testing). This means it teaches you real-world techniques far beyond the usual Kali Linux tool. You will learn how tools actually work and also how to write your own tools from start to finish.
This helps you to better understand how the tools you use actually work, giving you an edge over anyone who is just able to use out of the box tools.
It also covers a little Social Engineering. A lot of more advanced folks have recommended this book to me.
This would be a good book to pick up after you finished working through the Hacker’s Playbook and the Web Application Hacker’s Handbook. But really, be aware, this is for advanced people only!
Honorable Mention: Hacking mit Metasploit
by Michael Messner
Now unfortunately for everyone not speaking German, Hacking mit Metasploit isn’t for you, except you can translate it. I want to mention it here, because it is hands down, the best book on Metasploit that I have ever read. The author, Michael Messner, is a developer with the Metasploit team and continuously contributes to the project.
He has in-depth knowledge in the Metasploit framework and has a great way of teaching you all the things you need to know about Metasploit.
I want to mention it there for everyone who is capable of speaking German, and I wish that there will be an English release of the book one day for all of you to enjoy.
Where To Buy
You can find all of the books in this article in my
If you buy through this store, I get a small commission from your purchase which greatly helps me out keeping the bills paid. Thank you!
Now, this should give you a pretty good idea of which Hacking Books you should read, and which ones you should read first. Learning from books is still very valuable nowadays in my opinion. I think it even is my preferred way because I can work through the material in a certain structured fashion and I really like that.
Let me know in the comments what your favorite Ethical Hacking Books are and I might check them out and add them to the list. Add this article to your bookmarks and make sure to check back regularly as I will update this list as time passes by.