Cyber Shelf

// Alternatives

Alternatives to A Bug Hunter's Diary

Books in our catalog with overlapping topics and a similar reading level to A Bug Hunter's Diary. If A Bug Hunter's Diary is the wrong fit at intermediate level, start here.

Vulnerability ResearchOffensiveNarrative

  1. 01 · 2024

    Windows Security Internals

    Forshaw takes apart the Windows security model from the SRM and access tokens up through Kerberos, with live PowerShell you can run against your own machine. The most authoritative single source on how Windows actually decides who can do what.

    Advanced
    5/5James Forshaw

  2. 02 · 2021

    This Is How They Tell Me the World Ends

    Nicole Perlroth's reporting on the global zero-day market: how exploits get bought, by whom, and how the gray-then-black market shapes which vulnerabilities get fixed and which get hoarded.

    Beginner
    4/5Nicole Perlroth

  3. 03 · 2025

    Metasploit

    The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.

    Intermediate
    4/5David Kennedy, Mati Aharoni, Devon Kearns, Jim O'Gorman, Daniel G. Graham

  4. 04 · 2024

    Black Hat Bash

    Nick Aleks and Dolev Farhi on getting offensive work done with the shell: privilege escalation tooling, lateral movement, and pipelining bash with the rest of the toolkit.

    Intermediate
    4/5Nick Aleks, Dolev Farhi

  5. 05 · 2008

    Hacking: The Art of Exploitation

    A from-first-principles tour of low-level exploitation that still teaches the mindset two decades later.

    Intermediate
    5/5Jon Erickson

  6. 06 · 2023

    Black Hat GraphQL

    Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.

    Intermediate
    4/5Nick Aleks, Dolev Farhi

  7. 07 · 2022

    Hacking APIs

    Corey Ball's structured approach to attacking REST and GraphQL APIs: enumeration, auth flaws, business logic, mass assignment, and the testing harness around them.

    Intermediate
    4/5Corey J. Ball

  8. 08 · 2022

    Sécurité informatique - Ethical Hacking

    The French-language reference for offensive security: a thick, lab-heavy tour of the attacker's toolkit, maintained across editions by the ACISSI collective under the motto “learn the attack to better defend.”

    Intermediate
    4/5ACISSI

  9. 09 · 2021

    Black Hat Python

    Justin Seitz and Tim Arnold's hands-on tour of writing offensive tooling in Python: network sniffers, web scrapers, GitHub-based command-and-control, screen capture, keylogging, and Volatility extensions.

    Intermediate
    4/5Justin Seitz, Tim Arnold

  10. 10 · 2021

    Hacking Kubernetes

    A threat-modeling tour of a Kubernetes cluster, component by component, that teaches you to harden defaults by first showing you how each one gets broken.

    Intermediate
    4/5Andrew Martin, Michael Hausenblas
Back to A Bug Hunter's DiaryWhat to read after A Bug Hunter's Diary