Cyber Shelf

// What to read next

What to read after Advanced Penetration Testing

Where to go after Advanced Penetration Testing, picked from our catalog. The next step up from advanced level, weighted toward the topics this book covers.

OffensivePentestingRed Team

  1. 01 · 2018

    The Hacker Playbook 3

    Peter Kim's hands-on red-team field manual: assumed-breach scenarios, lateral movement, AV/EDR evasion, and the operational rhythm of a real engagement rather than a checklist of CVEs.

    Intermediate
    4/5Peter Kim

  2. 02 · 2017

    Attacking Network Protocols

    James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

    Advanced
    5/5James Forshaw

  3. 03 · 2024

    Windows Security Internals

    Forshaw takes apart the Windows security model from the SRM and access tokens up through Kerberos, with live PowerShell you can run against your own machine. The most authoritative single source on how Windows actually decides who can do what.

    Advanced
    5/5James Forshaw

  4. 04 · 2024

    Evading EDR

    A component-by-component teardown of how modern EDR sensors actually collect telemetry, and where each data source can be starved, blinded, or bypassed.

    Advanced
    4/5Matt Hand

  5. 05 · 2022

    Gray Hat Hacking

    A multi-author breadth-first reference covering the modern offensive landscape: web, binary, hardware, IoT, mobile, cloud, and adversarial ML — the closest thing in print to a single-volume snapshot of where offensive security is.

    Advanced
    4/5Allen Harper, Ryan Linn, Stephen Sims, Michael Baucom, Daniel Fernandez, Huascar Tejeda, Moses Frost

  6. 06 · 2007

    The Shellcoder's Handbook

    A foundational text on memory-corruption exploitation across Linux, Windows, Solaris and embedded targets. Pre-modern-mitigations in spirit but still the canonical introduction to the techniques the modern toolchain is built to defeat.

    Advanced
    4/5Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte

  7. 07 · 2025

    Metasploit

    The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.

    Intermediate
    4/5David Kennedy, Mati Aharoni, Devon Kearns, Jim O'Gorman, Daniel G. Graham

  8. 08 · 2018

    Pentesting Azure Applications

    Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.

    Intermediate
    3/5Matt Burrough
Back to Advanced Penetration TestingAlternatives to Advanced Penetration Testing