EH-Net

Hi All,

I have a lot of spare time on my hands at the moment why I am trying to break into the industry. I want to know if there are any books that are worth reading ?

I really looking for something that will be very hands on so subject get explained then you go test it on your lab.

Any recommendation please ?

General pentesting or any specific area you are interested in?

From the web side, the Web Application Hackers Handbook is very specific and technical. If you're interested in exploit development, take a look at the Shellcoders Handbook....very technical.

I am interested in anything that going to improve my skills to be a pen tester.

I have just got shell code book and does look very technical I am not sure I am ready to develop exploits yet.

Is there one topic a pen tester should know like the back of his hand ?
I was thinking about SQL Injections ..

There is no single book to do that. You need about 30 books and tons of exp :)

If you want to look at SQL injection hit the book I recommended. There are also numerous SQL injection tutorials/walk throughs on the intertubes.

Not just SQL just any books that will build on my skill I currently at the level of using exploits I know how to scan and find out information and find vulnerabilities I now want learn the next steps. How to attack the system

I have been reading Grey Hat Hacking... it's a good read and full of info. Easy to follow even if you are new to the game.

+1 for grey hat - good book.

cool I go for that then thanks

One more a little less technical but a very very good book is Counter Hack Reloaded. I remember reading that in the beginning and it "opened my eyes."

Counter Hack Reloaded is a great book as well

I was going to suggest Counter Hack Reloaded too. Trying to slowly move my way through it (think I mentioned haven't read much lately).

Books I'm trying to read:
Hacking Work (Horrible book, about breaking policies you don't understand and putting your job at risk. Like forwarding your work email to your GMAIL account. Using Google Docs for collaboration, company tools suck, etc.)

Counter Hack Reloaded

Professional Penetration Testing

Hacking Exposed
Hacking Exposed Wireless
Hacking Exposed web apps

Check out this book: http://www.amazon.com/BackTrack-Assuring-Security-Penetration-Testing/dp/1849513945/ref=sr_1_1?ie=UTF8&qid=1305651497&sr=8-1

I have already read this book thanks

How does it compare to the other books that publisher put out? I tried reading their Xen book, but the pages all fell out, and it looked like there was no technical editor for it. I kept sending in errata, for non-working commands, with what they should have been, but never saw the page updated.

I enjoyed the first half of Professional Penetration Testing for its insight into the team/business aspect or pentesting. The second half was good as well.

Hacking Exposed was good. I'm thinking of picking up the wireless book. Its an easy read because its broken down into the different steps of a pen test, and then broken down further into tools/vectors. For someone like me who fits reading in here and there and not in big chunks, I could break it down easily and not have to stop mid thought.

Hacking: Art of Exploitation

Currently reading Reversing: Secrets of Reverse Engineering.

Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques

I have not had the chance to read it yet but it has been recommended on this site many times.  It seems like a very good read especially if you want to use "uncommon" techniques for pentesting.  I am currently reading Dissecting the Hack and the Web Application Hackers Handbook.  Hopefully I can get to Ninja Hacking before Ghost in the Wires comes out. 

http://www.amazon.com/Ninja-Hacking-Unconventional-Penetration-Techniques/dp/1597495883/ref=sr_1_3?s=books&ie=UTF8&qid=1305656854&sr=1-3

It is a good book I have read it already

Probably on the same level. I picked up a copy when I saw it mentioned in the forums here. I've only read the first 2 chapters so far but the lack of editing (spelling/grammar) is quite apparent. I was hesitant to purchase because I didn't recognize the author names and had a feeling it may turn out this way. I'll provide more feedback on it as I make my way through.

Glad you're liking it  8)

If you were new to pen tester never used BT before then it maybe a good buy. I personally found it very basic lacking any real detail and depth. It covers I would say 65% of the tools in BT4 but just the basic of them so what they are used for and one line command to run them. And it does not even mention wireless tools from what I can remember.

I would say it didn't really teach me anything I could not find out in the man pages or help page of a tool.

Yeah, I'd agree with that. I'm only a little further now but the first tool they present has the wrong syntax :-\

Not finished reading ed skoudis counter hack reloaded yet but I would recommend this. A number of core principles discussed in easy to understand manner. Providing info on the important ethical nature of pen testers. Remediation/mitigation strategy, Hoping to see a new edition.

Social engineering the art of human hacking is also an interesting read.

Web app handbook and network security assessment. Both good resources in my view.

I personally recommend Cisco's Penetration Testing and Network Defense. It's a very good catch and Counter Hack Reloaded.

A thing I like to do is go to amazon and type in Pen Testing and every book that comes up I look inside and normally you can read the first chapter, I have found many a book this way.  If you can't read the first chapter on amazon try Google books.

As i said in other topics i would like to buy a book about coding and writing exploits. I've a good level on C language and i'm currently learning Python, i have seen two books : The Art of Exploitation and Coding for Penetration testers.
which one should i choose ?

I'm working through "Coding for Penetration Testers" right now.  Only got it last week, so I haven't read the book in depth yet, however:

Pros: Touches many languages, gives a lot of examples of coding, well, pen test tools, so it gets in to a lot of the socket stuff, remote calls, etc.

Cons: It only *briefly* touches on all the languages.  If you want an in-depth programming guide for a particular language, this isn't it.  If you want to learn the language, I'd probably suggest an O'Reilly book, such as this one: http://shop.oreilly.com/product/9780596158118.do

thanks !
So it's better to learn for example Python from a book like Dive into Python before going to Syngress' one.
And what about Art of exploitation ? As i've learnt C language maybe it's a better option to go for this one.

As some others have said, there are tons of books that will be helpful.  I really liked The Art of Exploitation and Metasploit: A Penetration Tester's Guide.

The Penetration Tester's Open Source Toolkit Third Edition, I think it'll be interesting to read, as I already read version 2 / second edition, so I can't wait to read version 3 that's on its way to me  :)