Cyber Shelf

// Comparison

Black Hat Go vs Penetration Testing: Which Should You Read?

Two cybersecurity books on Offensive, compared honestly: who each is for, what each does best, and which to read first.

Intermediate
4/52020
Black Hat Go

Go Programming For Hackers and Pentesters

Tom Steele, Chris Patten, Dan Kottmann

Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.

Beginner
4/52014
Penetration Testing

A Hands-On Introduction to Hacking

Georgia Weidman

Georgia Weidman's lab-driven introduction to pentesting, walking the reader from setting up a target environment through scanning, exploitation, post-exploitation, and reporting.

Read this if

Offensive practitioners who already know Python (or Bash) and want a compiled-language alternative for tools that need to run as a single binary on locked-down endpoints. Go's cross-compilation and tiny runtime make it the right choice for many implant-style tools.
Beginners who want a single hands-on intro that walks them through a complete pentest workflow: lab setup, recon, exploitation, post-exploitation, reporting. Still the friendliest entry point in print.

Skip this if

Beginners with no programming background. The book assumes Go familiarity at the syntax level; for the language itself, read The Go Programming Language (Donovan/Kernighan) first.
Readers who already work in offensive security or want current-decade tooling specifics. The edition is dated against modern Active Directory tradecraft and EDR realities; the workflow is timeless, the tools are not.

Key takeaways

  • Go binaries cross-compile to Windows, Linux, macOS, and ARM with no toolchain pain; for offensive tools that need to land on a target, Go saves hours.
  • Concurrency in Go is simple enough that scanners, brute forcers, and watchdog tools become trivial to write; the book's networking chapters lean on this.
  • Modern offensive tooling (Cobalt Strike alternatives, Mythic agents, Sliver) is increasingly Go-native; reading this book is reading the language those projects share.
  • A complete pentest is a small number of repeated motions (recon, find foothold, escalate, pivot, document); Weidman teaches the rhythm before the tooling.
  • Lab setup is half the learning; running through the book's Metasploitable-and-Windows-VM lab is what builds the muscle memory the OSCP later assumes.
  • Reporting matters as much as exploitation; the book is one of the few intro texts that takes the deliverable seriously.

How they compare

Black Hat Go and Penetration Testing are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Black Hat Go is pitched at intermediate level. Penetration Testing is pitched at beginner level. Read the easier one first if you're not yet comfortable with the topic.

Black Hat Go and Penetration Testing both cover Offensive, Tooling, so reading them in sequence reinforces the same material from different angles.

Keep reading

Black Hat Go

Alternatives to Black Hat GoWhat to read after Black Hat Go

Penetration Testing

Alternatives to Penetration TestingWhat to read after Penetration Testing

Related topics

OffensiveTooling