Cyber Shelf

// Alternatives

Alternatives to Black Hat Bash

Books in our catalog with overlapping topics and a similar reading level to Black Hat Bash. If Black Hat Bash is the wrong fit at intermediate level, start here.

OffensiveToolingLinux

  1. 01 · 2025

    Metasploit

    The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.

    Intermediate
    4/5David Kennedy, Mati Aharoni, Devon Kearns, Jim O'Gorman, Daniel G. Graham

  2. 02 · 2021

    Black Hat Python

    Justin Seitz and Tim Arnold's hands-on tour of writing offensive tooling in Python: network sniffers, web scrapers, GitHub-based command-and-control, screen capture, keylogging, and Volatility extensions.

    Intermediate
    4/5Justin Seitz, Tim Arnold

  3. 03 · 2020

    Black Hat Go

    Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.

    Intermediate
    4/5Tom Steele, Chris Patten, Dan Kottmann

  4. 04 · 2011

    The IDA Pro Book

    Chris Eagle's deep manual on IDA Pro, the disassembler that defined a generation of reverse engineering. Useful even with Ghidra in the picture, since most malware-analysis literature still assumes IDA.

    Intermediate
    4/5Chris Eagle

  5. 05 · 2014

    Penetration Testing

    Georgia Weidman's lab-driven introduction to pentesting, walking the reader from setting up a target environment through scanning, exploitation, post-exploitation, and reporting.

    Beginner
    4/5Georgia Weidman

  6. 06 · 2008

    Hacking: The Art of Exploitation

    A from-first-principles tour of low-level exploitation that still teaches the mindset two decades later.

    Intermediate
    5/5Jon Erickson

  7. 07 · 2023

    Black Hat GraphQL

    Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.

    Intermediate
    4/5Nick Aleks, Dolev Farhi

  8. 08 · 2022

    Hacking APIs

    Corey Ball's structured approach to attacking REST and GraphQL APIs: enumeration, auth flaws, business logic, mass assignment, and the testing harness around them.

    Intermediate
    4/5Corey J. Ball

  9. 09 · 2021

    Practical Linux Forensics

    Bruce Nikkel's reference for forensic analysts working post-mortem on Linux images: filesystems, journaling, logs, persistence locations, and the chain of custody discipline around them.

    Intermediate
    4/5Bruce Nikkel

  10. 10 · 2018

    The Hacker Playbook 3

    Peter Kim's hands-on red-team field manual: assumed-breach scenarios, lateral movement, AV/EDR evasion, and the operational rhythm of a real engagement rather than a checklist of CVEs.

    Intermediate
    4/5Peter Kim
Back to Black Hat BashWhat to read after Black Hat Bash