Cyber Shelf

// What to read next

What to read after Hacking: The Art of Exploitation

Where to go after Hacking: The Art of Exploitation, picked from our catalog. The next step up from intermediate level, weighted toward the topics this book covers.

OffensiveBinary ExploitationNetworking

  1. 01 · 2017

    Attacking Network Protocols

    James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

    Advanced
    5/5James Forshaw

  2. 02 · 2007

    The Shellcoder's Handbook

    A foundational text on memory-corruption exploitation across Linux, Windows, Solaris and embedded targets. Pre-modern-mitigations in spirit but still the canonical introduction to the techniques the modern toolchain is built to defeat.

    Advanced
    4/5Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte

  3. 03 · 2020

    Black Hat Go

    Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.

    Intermediate
    4/5Tom Steele, Chris Patten, Dan Kottmann

  4. 04 · 2021

    Black Hat Python

    Justin Seitz and Tim Arnold's hands-on tour of writing offensive tooling in Python: network sniffers, web scrapers, GitHub-based command-and-control, screen capture, keylogging, and Volatility extensions.

    Intermediate
    4/5Justin Seitz, Tim Arnold

  5. 05 · 2005

    Silence on the Wire

    Michal Zalewski's classic on the indirect attack surface: timing channels, protocol-stack fingerprinting, and the often-overlooked side data leaked by every layer of a stack.

    Advanced
    5/5Michal Zalewski

  6. 06 · 2024

    Windows Security Internals

    Forshaw takes apart the Windows security model from the SRM and access tokens up through Kerberos, with live PowerShell you can run against your own machine. The most authoritative single source on how Windows actually decides who can do what.

    Advanced
    5/5James Forshaw

  7. 07 · 2024

    Evading EDR

    A component-by-component teardown of how modern EDR sensors actually collect telemetry, and where each data source can be starved, blinded, or bypassed.

    Advanced
    4/5Matt Hand

  8. 08 · 2017

    Advanced Penetration Testing

    A red-teamer's tour of getting into high-security targets without Metasploit, leaning on custom C2, social engineering, and tradecraft. Strong ideas, uneven execution.

    Advanced
    3/5Wil Allsopp
Back to Hacking: The Art of ExploitationAlternatives to Hacking: The Art of Exploitation