// Comparison

Attacking Network Protocols vs Black Hat Go: Which Should You Read?

Two cybersecurity books on Networking, compared honestly: who each is for, what each does best, and which to read first.

Advanced

5/52017

Attacking Network Protocols

A Hacker's Guide to Capture, Analysis, and Exploitation

James Forshaw

James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

Intermediate

4/52020

Black Hat Go

Go Programming For Hackers and Pentesters

Tom Steele, Chris Patten, Dan Kottmann

Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.

Read this if

Anyone who needs to understand traffic, not just see it. Forshaw is the rare Project Zero veteran who can also teach; the book turns network protocol analysis into a learnable craft.

Offensive practitioners who already know Python (or Bash) and want a compiled-language alternative for tools that need to run as a single binary on locked-down endpoints. Go's cross-compilation and tiny runtime make it the right choice for many implant-style tools.

Skip this if

Beginners who haven't yet handled a pcap, or readers who only want HTTP/web. The book covers Layer 2 through application-level RPC, and the value compounds the deeper you go.

Beginners with no programming background. The book assumes Go familiarity at the syntax level; for the language itself, read The Go Programming Language (Donovan/Kernighan) first.

Key takeaways

Capturing, parsing, and replaying traffic is one workflow, not three, and Forshaw's tooling-first framing makes that explicit.
Custom-protocol auditing (the part security curricula skip) is the part of the book that pays back hardest, especially for embedded, OT, and proprietary stacks.
The "build your own network analysis tool" chapters teach more about how protocols actually work than any number of Wireshark lessons.

Go binaries cross-compile to Windows, Linux, macOS, and ARM with no toolchain pain; for offensive tools that need to land on a target, Go saves hours.
Concurrency in Go is simple enough that scanners, brute forcers, and watchdog tools become trivial to write; the book's networking chapters lean on this.
Modern offensive tooling (Cobalt Strike alternatives, Mythic agents, Sliver) is increasingly Go-native; reading this book is reading the language those projects share.

How they compare

We rate Attacking Network Protocols higher (5/5 against 4/5 for Black Hat Go). For most readers, that means Attacking Network Protocols is the primary pick and Black Hat Go is a useful follow-up.

Attacking Network Protocols is pitched at advanced level. Black Hat Go is pitched at intermediate level. Read the easier one first if you're not yet comfortable with the topic.

Attacking Network Protocols and Black Hat Go both cover Networking, Offensive, so reading them in sequence reinforces the same material from different angles.

Keep reading