Cyber Shelf

// What to read next

What to read after A Bug Hunter's Diary

Where to go after A Bug Hunter's Diary, picked from our catalog. The next step up from intermediate level, weighted toward the topics this book covers.

Vulnerability ResearchOffensiveNarrative

  1. 01 · 2024

    Windows Security Internals

    Forshaw takes apart the Windows security model from the SRM and access tokens up through Kerberos, with live PowerShell you can run against your own machine. The most authoritative single source on how Windows actually decides who can do what.

    Advanced
    5/5James Forshaw

  2. 02 · 2017

    Attacking Network Protocols

    James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

    Advanced
    5/5James Forshaw

  3. 03 · 2006

    The Art of Software Security Assessment

    The 1200-page reference on auditing C/C++ codebases for security: parsing complex memory and integer interactions, language pitfalls, and how vulnerabilities arise from interactions between layers.

    Advanced
    5/5Mark Dowd, John McDonald, Justin Schuh

  4. 04 · 2024

    Evading EDR

    A component-by-component teardown of how modern EDR sensors actually collect telemetry, and where each data source can be starved, blinded, or bypassed.

    Advanced
    4/5Matt Hand

  5. 05 · 2007

    The Shellcoder's Handbook

    A foundational text on memory-corruption exploitation across Linux, Windows, Solaris and embedded targets. Pre-modern-mitigations in spirit but still the canonical introduction to the techniques the modern toolchain is built to defeat.

    Advanced
    4/5Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte

  6. 06 · 2017

    Advanced Penetration Testing

    A red-teamer's tour of getting into high-security targets without Metasploit, leaning on custom C2, social engineering, and tradecraft. Strong ideas, uneven execution.

    Advanced
    3/5Wil Allsopp

  7. 07 · 2008

    Hacking: The Art of Exploitation

    A from-first-principles tour of low-level exploitation that still teaches the mindset two decades later.

    Intermediate
    5/5Jon Erickson

  8. 08 · 2024

    Black Hat Bash

    Nick Aleks and Dolev Farhi on getting offensive work done with the shell: privilege escalation tooling, lateral movement, and pipelining bash with the rest of the toolkit.

    Intermediate
    4/5Nick Aleks, Dolev Farhi
Back to A Bug Hunter's DiaryAlternatives to A Bug Hunter's Diary