I'd also like to be involved, whether it be writing, proof reading etc.

I think a collaboration amongst the EH.net people would make for a good read!

I'll help out, as well, wherever there is need, awesec.

I would like to contribute with at least some ideas (I already have a few thoughts).
If you need more I am at your disposition.

You've got a long list of people there. I think the next step would be to figure out what each author can bring to the table, as well if that is what they want to write about.

From there start looking at a very very rough outline, and then compare it to other books on the market.

With that list of contributors I can easily see that coming in around 1000 pages maybe think about breaking up into groups with sub focuses, which could end up as stand alone books.

Maybe have one group writing on Certifications, and the pros and cons of each. Another group doing programing in pen-testing (I know I'd like to see a gray hat like programming books), how a system administrator can do a quick audit (all pen-tests really are) without a lot of additional training, and another section on writing programs to run though system logs looking for problems (I know I'm getting tired of stumbling through grep and awk scripts, and there has to be a better way).

This might help some... just my own personal experience, which may or may not have much weight... plus I had a really strong 7&7 and am feeling a bit tipsy, so what I write may not be coherent. But as usual, alcohol suppresses inhibitions, and so here I am, babbling away...

From personal experience, I know that publishers like the idea of the book to be fully flushed out before they ever look at it. Meaning, that before anyone writes a thing, there should be an outline of the book to at least two, preferably three topic layers deep. Although each individual author should be able to do that, the chapters should be well-defined in advance before handing off to authors. In none of the books I've co-authored have I been the one to pick which chapters go into it - that's for the lead to decide. I was simply asked which chapters I wanted to write, and went from there.

Also, think of audience, whether you want it to be entry level, very technical, broad, or pin-point on a single topic.

- Tom

That just means you're running low and need another

I know I'm late to the party, but you could count me in for a contribution, if you're interested. Seems like it'd be a pretty sweet tome if everyone did a 40-50 page chapter.

I always like books that walk you through exercises that build upon each other until ultimately complete some grand project. One of my favorite programming books was a Wrox ASP.NET book that walked you through developing an entire web app piece-by-piece. Now, I took absolutely nothing away from that and never do any ASP.NET programming, but I remember liking the book.

You could make it really elaborate where there's actually a fake .com company. The web servers wouldn't be hacked, but you could show the process of doing recon on a "real" company, harvesting email addressing, maybe stopping by a stamp forum (yes, an homage to PWB), etc. The next chapter could take things a step further and so on. It would be cool to include multiple VMs on a DVD and have an actual network to work against instead of just something like a vulnerable distro. That way you could demonstrate things like port redirection with netcat and really kick up the complexity.

I think it would be really cool to break it up into roles and have one chapter be penetration, the next IA, the next IH, and repeat. This is how you break it, this is how you detect it, this is how you respond to it.

Just a suggestion

Hello everyone,

don't worry, I am not interested in participating (I am too young and inexperienced) but I can provide you with my opinion form the consumer perspective. I do not know if I can represent the buying public but I definitely can represent my self and my consuming urge!

I have never paid for an e-book, I prefer buying printed books. I actually need to find space for storing them cos they are getting dangerously many. Therefore, I would suggest a printed version. Then again, it is the ROI thing that don mentioned before... anyway.

The other thing you are discussing is the topic of the book. In my opinion there are far too many Web Server, Exploitation, UNIX, Windows and Pen Testing Security books out there. What is missing in my opinion (well...not missing, but only few books) are books on Application Security. I own 2 amazing books (Web Pen Testing by Andres Andreu and Web Application Hacker's Handbook by Stuttard & Pinto) but I believe that more are needed. And definitely a fat book with many pages but not wasting pages on de-facto Chapters such as Automated Vulnerability Scanners etc. I also believe that books other than WebApp pen testing (e.g. ERP) are also missing from the market.

Last, I always value books that have case studies, hands-on challenges etc.


hope I helped somehow.

Good luck!





+1000.000.000.000!!! I would definitely purchase a book like the one Dynamik suggests!