//Books
Cybersecurity books, reviewed honestly.
Reviews aimed at the people who have to actually learn something from these books, engineers, defenders, students. Each entry says who it's for, who it isn't, and what to read alongside it.
Kubernetes Security and Observability
Brendan Creane, Amit Gupta · 2021
Brendan Creane and Amit Gupta's combined treatment of Kubernetes security and observability — RBAC, network policy, runtime detection, and the telemetry needed to make any of it operationally real.
AdvancedCloudContainersRead reviewLa cyberdéfense
Stéphane Taillat, Amaël Cattaruzza, Didier Danet · 2024
French academic textbook on cyber defense — political, military, legal. The authors (researchers and former military-school faculty) cover the French organizational layer and the international ecosystem.
IntermediateGeopoliticsPolicyRead reviewLes virus informatiques : théorie, pratique et applications
Éric Filiol · 2009
Éric Filiol's reference French-language treatment of computer virology. Formal theory, infection mechanisms, offensive and defensive applications, with academic rigor rare on the topic.
AdvancedMalwareReverse EngineeringRead reviewLinux Basics for Hackers
OccupyTheWeb · 2025
OccupyTheWeb's introduction to Linux from the angle that hackers and pentesters actually need it: shells, networking, scripting, and Kali tooling.
BeginnerLinuxPentestingRead reviewLinux Firewalls
Michael Rash · 2007
Michael Rash, author of psad and fwsnort, on building and operating Linux-native packet filtering and intrusion-response tooling. Pre-nftables in detail but conceptually durable.
IntermediateNetworkingDefensiveRead reviewLocksport
Jos Weyers, Matt Burrough, Walter Belgers, BandEAtoZ, Nigel K. Tolley · 2024
Five-author primer on the physical-security craft community: pin-tumbler internals, picking and impressioning technique, and competitive locksport.
BeginnerPhysical SecurityLockpickingRead reviewMalware Data Science
Joshua Saxe, Hillary Sanders · 2018
Saxe and Sanders apply machine-learning techniques (classification, clustering, deep learning) to malware detection and attribution, with working Python code and real corpora.
IntermediateMalwareMachine LearningRead reviewMetasploit
David Kennedy, Mati Aharoni, Devon Kearns, Jim O'Gorman, Daniel G. Graham · 2025
The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.
IntermediateOffensiveToolingRead reviewNetwork Security Through Data Analysis
Michael Collins · 2017
Michael Collins on building situational awareness from network telemetry: collection architecture, statistical baseline-setting, and the analytic patterns that turn raw flows into detection.
IntermediateDefensiveNetworkingRead reviewOpen Source Intelligence Techniques and Tools
Nihad A. Hassan, Rami Hijazi · 2018
Hassan and Hijazi's pedagogical introduction to OSINT framed inside the broader intelligence cycle (collection → processing → analysis → dissemination) rather than around a specific toolchain.
BeginnerOSINTInvestigationsRead reviewOSINT Techniques
Michael Bazzell · 2024
Michael Bazzell's relentlessly updated technical manual for finding people, accounts, breach data, geolocation evidence, and online identifiers — the de facto reference of the modern OSINT field.
IntermediateOSINTInvestigationsRead reviewPenetration Testing
Georgia Weidman · 2014
Georgia Weidman's lab-driven introduction to pentesting, walking the reader from setting up a target environment through scanning, exploitation, post-exploitation, and reporting.
BeginnerPentestingOffensiveRead review