EH-Net

Hello all,

In line with my previous thead on cert/course comparions, I thought it might be a good idea to get a thread in each forum, for listings of suggested books. Obviously the different forums will need different types of books. Since this is the network pen testing section, I will start with books that I have seen promoted here. If you would like to contribute, please add your books or other media along with the level and maybe a general summary of why you think it should be added to a collection.

Hacking For Dummies- Beginner:
http://www.amazon.com/Hacking-Dummies-Kevin-Beaver/dp/0470550937/ref=pd_sim_b_5
I actually nearly forgot this one, even with it being in my drawer right now. A good introduction to hacking,  includes information on the hacking process, tools, techniques and maybe a little tactics? If you are thinking about becoming a pentester, take a look, see if you like it.

Hacking exposed -Beginner to medium experience:
http://www.amazon.com/Hacking-Exposed-Network-Security-Solutions/dp/0071613749/ref=sr_1_1?s=books&ie=UTF8&qid=1301340448&sr=1-1

One of the more well known and well loved series, Hacking Exposed teaches you some of the common tools of the trade, includes some demonstration of the tools, but perhaps most important gives information on the hacking process, allowing one to make a methodology. Honestly, I own at least two copies of HE, i've never finished one *hides* but whenever I do have the time to read them it reminds me how dangerous the enemy is, and sometimes, how easy it can be.

Professional Penetration Testing- Beginner to med:
http://www.amazon.com/Professional-Penetration-Testing-Creating-Operating/dp/1597494259/ref=sr_1_1?ie=UTF8&s=books&qid=1301340863&sr=1-1

This is one of my favorites, I wish I had it with me here. A great book for the aspiring penetration tester. This book gives instructions for building a nice lab, and suggestions for additional targets such as live cd's. Awesome book.

Nmap Network Scanning-Beginner to advanced?:
http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=pd_sim_b_6

From start to finish, this book is NMAP. Being the beloved tool that it is, i'm surprised no one hasnt grabbed this book and developed an IDS signature for every scan nmap has. But I wouldnt want to give anyone any ideas. If you are new to network scanning, get this book because you will see nmap at some point in your career, either for you, or against you.

Hacking: The Art of Exploitation- ? to advanced:
http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=pd_sim_b_5

This is one of those books I opened and saw gibberish staring back at me. I saw code looking back, taunting me. Well, i've picked up the book since then, but i've never taken it home. But make no mistake, if the reviews on amazon are a good judge of character, this book will make a great addition to your library.

okay, thats all I have at the moment, any other suggestions?

I also have / keep handy for good reads:

Dissecting the Hack - The F0rb1dd3n Network
http://www.amazon.com/Dissecting-Hack-F0rb1dd3n-Jayson-Street/dp/159749478X
Good examples of real case studies and techniques / tools, and explanations behind them.

Build Your Own Security Lab - A Field Guide for Network Testing
http://www.amazon.com/Build-Your-Own-Security-Lab/dp/0470179864/ref=sr_1_1?ie=UTF8&s=books&qid=1301343224&sr=1-1
Well worth a read to give further ideas on setting up your own lab for pentesting.

and most recently, Thomas and Jason's book,

Ninja Hacking - Unconventional Penetration Testing Tactics and Techniques
http://www.amazon.com/Ninja-Hacking-Unconventional-Penetration-Techniques/dp/1597495883/ref=sr_1_1?s=books&ie=UTF8&qid=1301343249&sr=1-1
What can I say...  The ninjas captivated me!

 ;D

Wow, I can't believe I forgot Build your own Security Lab. ::)

Good Catch!

Also something users may want to consider, Snort for dummies, I started reading it some time ago, and I can say that it is a good book, especially for those that have never used snort.

Sql Injection Attacks And Defense - Given the recent MySql hack - http://www.scmagazineus.com/oracles-mysqlcom-hacked-via-sql-injection/article/199419/ (http://www.scmagazineus.com/oracles-mysqlcom-hacked-via-sql-injection/article/199419/), this should no doubt be a staple in your library
http://www.amazon.com/Injection-Attacks-Defense-Justin-Clarke/dp/1597494240 (http://www.amazon.com/Injection-Attacks-Defense-Justin-Clarke/dp/1597494240)

The Tao of Network Security Monitoring - http://www.amazon.com/Tao-Network-Security-Monitoring-Intrusion/dp/0321246772/ref=sr_1_1?s=books&ie=UTF8&qid=1301447003&sr=1-1 (http://www.amazon.com/Tao-Network-Security-Monitoring-Intrusion/dp/0321246772/ref=sr_1_1?s=books&ie=UTF8&qid=1301447003&sr=1-1)
Great resource for network monitoring.

The Art Of Human Hacking - http://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/0470639539/ref=sr_1_1?ie=UTF8&s=books&qid=1301447063&sr=1-1 (http://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/0470639539/ref=sr_1_1?ie=UTF8&s=books&qid=1301447063&sr=1-1)
All about social engineering. Definitely an eye opener.

Kingpin - http://www.amazon.com/Kingpin-Hacker-Billion-Dollar-Cybercrime-Underground/dp/0307588688/ref=sr_1_1?s=books&ie=UTF8&qid=1301447194&sr=1-1 (http://www.amazon.com/Kingpin-Hacker-Billion-Dollar-Cybercrime-Underground/dp/0307588688/ref=sr_1_1?s=books&ie=UTF8&qid=1301447194&sr=1-1)
For real look into the criminal underworld.

Web Application Pwnage - http://www.amazon.com/HACKING-EXPOSED-WEB-APPLICATIONS-3rd/dp/0071740643/ref=sr_1_1?s=books&ie=UTF8&qid=1301447274&sr=1-1 (http://www.amazon.com/HACKING-EXPOSED-WEB-APPLICATIONS-3rd/dp/0071740643/ref=sr_1_1?s=books&ie=UTF8&qid=1301447274&sr=1-1)
I am still making my way through this.

Security + Exam prep - http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-201/dp/1439236364/ref=sr_1_fkmr1_1?ie=UTF8&qid=1301447618&sr=8-1-fkmr1 (http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-201/dp/1439236364/ref=sr_1_fkmr1_1?ie=UTF8&qid=1301447618&sr=8-1-fkmr1)

Counter Hack Reloaded: I can't believe it's already not on the list.
http://www.amazon.com/Counter-Hack-Reloaded-Step-Step/dp/0131481045/ref=sr_1_1?ie=UTF8&s=books&qid=1301469768&sr=8-1

Building Open Source Network Security Tools: Components and Techniques
http://www.amazon.com/Building-Source-Network-Security-Tools/dp/0471205443/ref=sr_1_1?ie=UTF8&qid=1301469732&sr=8-1

This might appear as a strange choice, but it's really a great book. Building your own tools also helps you understand the existing tools out there.

Dangit, I forgot Mitnick's books.

The Art of Intrusion:

http://www.amazon.com/Art-Intrusion-Exploits-Intruders-Deceivers/dp/0471782661/ref=sr_1_4?s=books&ie=UTF8&qid=1301493121&sr=1-4

EPIC.

and The Art of Deception:

http://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/076454280X/ref=sr_1_3?s=books&ie=UTF8&qid=1301493121&sr=1-3

EPIC'er?

It looks like he has a new book coming out as well, might as well put it on the list.

Ghost in the Wires: My Adventures as the World's Most Wanted Hacker

http://www.amazon.com/Ghost-Wires-Adventures-Worlds-Wanted/dp/0316037702/ref=sr_1_1?s=books&ie=UTF8&qid=1301493121&sr=1-1