// Comparison
Black Hat Bash vs The Ghidra Book: Which Should You Read?
Two cybersecurity books on Tooling, compared honestly: who each is for, what each does best, and which to read first.
Creative Scripting for Hackers and Pentesters
Nick Aleks, Dolev Farhi
Nick Aleks and Dolev Farhi on getting offensive work done with the shell: privilege escalation tooling, lateral movement, and pipelining bash with the rest of the toolkit.
The reference manual for the NSA's open-source disassembler, written by the author of The IDA Pro Book. Exhaustive on the tool, thinner on the craft of reversing itself.
Read this if
Skip this if
Key takeaways
- Most offensive bash is data plumbing: enumerate, parse, pivot, exfiltrate. The book's framing makes the workflow explicit instead of magic.
- Living-off-the-land on Linux is a real strategy; bash + awk + sed + curl is often more reliable than dropping a custom binary on a hardened target.
- The chapters on log tampering, persistence via cron / systemd, and privilege escalation chains are the practical core for any operator who finishes a foothold and needs to keep moving.
- Ghidra's collaborative project model and headless analyzer are genuine advantages over single-user tools, and the book covers both properly.
- The decompiler is the reason to use Ghidra, and the chapters on reading and improving its output are the most useful in the book.
- Real power comes from scripting and writing extensions; budget time for the Java/Python API chapters because that is where the tool stops being just a GUI.
How they compare
Black Hat Bash and The Ghidra Book are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.
Both books target intermediate-level readers, so the choice is about topic, not difficulty.
Black Hat Bash and The Ghidra Book both cover Tooling, so reading them in sequence reinforces the same material from different angles.