Published On Oct 22, 2021
In this video I talk about my top 4 books for beginner hackers.
Chapters:
0:00 - Introduction
0:48 - Real-World Bug Hunting
2:43 - RTFM: Red Team Field Manual
4:04 - Advanced Penetration Testing: Hacking the World’s Most Secure Networks
4:59 - Penetration Testing: A Hands-On Introduction to Hacking
6:50 - Outro
Check out my courses, guides, blog & tools - https://www.cybersecguidance.com
😍 YouTube Member - https://www.youtube.com/dccybersec/join
👕 Merch - https://dc-cybersec.creator-spring.com/
💬 Discord - / discord
❤️ Twitch - / dccybersec
📷 Instagram - / dccybersec
📖 Facebook - / dccybersec
🐦 Twitter - / dccybersec
📖 LinkedIn - / dcdavidlee
#cybersecurity #books #top4
--------------------------
Real-World Bug Hunting
by Peter Yaworski
Real-World Web Hacking is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualizes them with real bug bounty reports released by hackers on companies like Twitter, Facebook, Google, Uber, and Starbucks. As you read each report, you'll gain deeper insight into how the vulnerabilities work and how you might find similar ones.
Each chapter begins with an explanation of a vulnerability type, then moves into a series of real bug bounty reports that show how the bugs were found. You'll learn things like how Cross-Site Request Forgery tricks users into unknowingly submitting information to websites they are logged into; how to pass along unsafe JavaScript to execute Cross-Site Scripting; how to access another user's data via Insecure Direct Object References; how to trick websites into disclosing information with Server Side Request Forgeries; and how bugs in application logic can lead to pretty serious vulnerabilities. Yaworski also shares advice on how to write effective vulnerability reports and develop relationships with bug bounty programs, as well as recommends hacking tools that can make the job a little easier.
--------------------------
RTFM: Red Team Field Manual
by Ben Clark
The Red Team Field Manual (RTFM) is a no fluff, but thorough reference guide for serious Red Team members who routinely find themselves on a mission without Google or the time to scan through a man page. The RTFM contains the basic syntax for commonly used Linux and Windows command line tools, but it also encapsulates unique use cases for powerful tools such as Python and Windows PowerShell. The RTFM will repeatedly save you time looking up the hard to remember Windows nuances such as Windows wmic and dsquery command line tools, key registry values, scheduled tasks syntax, startup locations and Windows scripting. More importantly, it should teach you some new red team techniques.
--------------------------
Advanced Penetration Testing: Hacking the World’s Most Secure Networks
by Will Allsopp
Advanced Penetration Testing: Hacking the World's Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation. Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments.
--------------------------
Penetration Testing: A Hands-On Introduction to Hacking
by Georgia Weidman
In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine-based lab that includes Kali Linux and vulnerable operating systems, you'll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you'll experience the key stages of an actual assessment--including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more.
Learn how to:
-Crack passwords and wireless network keys with brute-forcing and wordlists
-Test web applications for vulnerabilities
-Use the Metasploit Framework to launch exploits and write your own Metasploit modules
-Automate social-engineering attacks
-Bypass antivirus software
-Turn access to one machine into total control of the enterprise in the post exploitation phase
