Becoming a Hacker: Must Read Security & Cyber Crime Books

In our most recent publication, we delved into security and cyber crime blogs you should be reading to stay up-to-date with modern threats, bugs, and crimes.

It’s important to stay vigilant. Frequently reading what’s going on in the world to keep yourself protected. But you might also want to dig in further, gathering the skills necessary to understand how things are working on a deeper level.

Be a hacker to beat a hacker, as the saying goes.

This article will list books we think will help shape you into a living, breathing hacker.

Social Engineering: The Science of Human Hacking

This book is at the top of the list because… well, the human element is the weakest link in any attack.

Think about it.

How might your company get hacked? A security guard sitting at the front door, hired to keep unauthorized people out of the building, might let a “pest control guy” right in and even grant them access to the server room, as they’ve “been hired to get rid of the roaches”. The security guard really, really dislikes roaches, and doesn’t want to see any, nor does he want to have the chance of hitching some of them back to his home.

Likewise, the receptionist may receive an email which looks to be from the CEO. It tells her to order a gift card in the amount of $500, and then send the card details over to him. Well, that wasn’t the CEO, it was a carefully crafted email written by a social engineer.

That’s the basic idea of social engineering, it plays on people’s emotions and biases. If we arm ourselves with the knowledge of how they work, we’d be better able to guard ourselves, as well as the companies we work for.

The author of this book, Christopher Hadnagy, also has some very engaging videos on YouTube explaining some of the concepts in the book. Check them out: 7 Jedi Mind Tricks: Influence Your Target without a Word, The Science Behind Human Hacking.

The book is just as engaging as his talks.

The Web Application Hacker’s Handbook

Although it is fairly old, The Web Application Hacker’s Handbook is still considered to be the holy grail of web application security, a must-own – especially if you develop web applications.

Co-written by Dafydd Stuttard, the creator of Burp, a powerful security tool, this book covers just about every vulnerability a web application might contain, from: CSRF, XSS, and more.

So if you’re a developer, or looking to break into web application security, this book is a must.

It’s also a perfect book to explore the OWASP Juice Shop application with.

The Tangled Web

The Tangled Web is yet another book on our list. Written by Michal Zalewski, a computer security expert and “white hat” hacker from Poland. He is a former Google Inc. employee, and currently the VP of Security Engineering at Snap Inc.

In this book, you will learn how to:

• Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization
• Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing
• Build mashups and embed gadgets without getting stung by the tricky frame navigation policy

And more. This book should be mandatory reading for every web developer.

Hacking: The Art of Exploitation

A little different than the other books on this list, this book explores C, assembly languages, and shell scripts. This is the ultra fun stuff that nerds really enjoy.

The book also comes with a complete Linux programming and debugging environment, which allows you to test the examples directly from the book, all without modifying your current system.

This book teaches you how to:

• Corrupt system memory to run arbitrary code using buffer overflows and format strings.
• Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening.
• Redirect network traffic, conceal open ports, and hijack TCP connections.

And much more!

Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions

Plan on getting into Point of Sale (POS) application development? This book is a must. It explores common payment types, such as gift cards, credit cards, debit cards, rewards cards, really diving into the fundamentals of payment processing systems.

It explains how protected areas are hacked and how hackers spot vulnerabilities within payment applications, and more. It’s a fascinating read on POS software, and will equip you with a better understanding of our every day infrastructure.

Black Hat Python

From web servers, to machine learning, Python is a widely used programming language for nearly everything. For security analysts, Python allows them to create powerful and effective hacking tools, which is precisely what this book intoduces you to – the dark side of Python, if you will.

Black Hat Python will walk you through creating a trojan command-and-control server using GitHub, detect sandboxing and automate common malware tasks like keylogging and screenshotting, and much more.

Cyber Crime

Spam Nation: The Inside Story of Organized Cybercrime

We mentioned the blog in our last article belonging to the author of this book: Brian Krebs. Krebs runs the Krebs on Security blog, our favorite blog on the subject by far.

When we learned Krebs released a book, we immediately ordered it. Although, we’re only about a quarter of the way through so far, so we can’t provide an accurate description or review just yet, but so far it is highly engaging.

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers

Sandworm is the name of a Russian super-hacker team which wreaked havoc in Ukraine in 2015 and 2017, interfered in the French presidential election in 2017, and unleashed a cyberattack on the 2018 Winter Olympics opening ceremony.

This book reads like fiction, but is indeed factual. Highly engaging. Freightening. Everybody should read this book. It will give you an awareness of the global threat landscape.

The Lazarus Heist

Based on perhaps the best podcast we’ve ever listened to, The Lazarus Heist is about the North Korean hacker group known as the Lazarus Group, accused of causing mayhem in Hollywood with 2014’s infamous Sony hack, as well as allegedly being behind WannaCry, a cyber-attack which brought the NHS to a dangerous standstill, costing them £92m after 19,000 appointments were cancelled.

This book is really well written. We definitey recommend you to grab a copy. It sheds light on North Korea, hacking, and more.

You can also listen to the podcast on YouTube, or anywhere else podcasts are accessible.

Conclusion

Although it’s not required for most of the books on this list, we indeed assume you have a background in technology. Some of the books, however, might be a bit complicated to understand. For example, if you’ve never written a line of Python code, or are unfamiliar with something like HTTP, then you might find Black Hat Python to be a bit arcane.

However, most writers try their best to introduce a subject in the beginning pages of a book. This is helpful, although you may need to dig a bit deeper to truly grasp the rest of the contents. Anyway, books are incredible gems to own. So whether you’re a beginner or an expert, there’s something to gain from every book.

If you like the topic of security as much as we do and want to explore the topic more, check out TryHackMe (this is an affiliate link by the way. We’ll both receive $5 in credit if you click the link and subscribe to the premium membership), a brilliant platform with live, realistic exercises.

If you have another book in mind, drop it in the comments below.

Happy Hacking!

Disclosure: this post contains affiliate links. However, we only recommend books that we have personally read. We may receive a small commission if you purchase any of the books from this list (at no additional cost to you).