//Books
Cybersecurity books, reviewed honestly.
Reviews aimed at the people who have to actually learn something from these books, engineers, defenders, students. Each entry says who it's for, who it isn't, and what to read alongside it.
The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh · 2006
The 1200-page reference on auditing C/C++ codebases for security: parsing complex memory and integer interactions, language pitfalls, and how vulnerabilities arise from interactions between layers.
AdvancedAppSecCode AuditingRead reviewThe Car Hacker's Handbook
Craig Smith · 2016
Craig Smith's guide to automotive bus systems (CAN, LIN, FlexRay), ECUs, infotainment surfaces, and how to fuzz, trace and exploit modern vehicles.
IntermediateAutomotiveEmbeddedRead reviewThe Cuckoo's Egg
Clifford Stoll · 1989
Clifford Stoll's first-person account of investigating a 75-cent accounting discrepancy at LBNL that turned into a year-long pursuit of a KGB-paid intruder across early-internet networks.
BeginnerNarrativeThreat IntelligenceRead reviewThe Cyber Effect
Mary Aiken · 2016
Mary Aiken's popular-science argument that online environments alter human behavior in measurable ways — escalation, disinhibition, time distortion — and that the security community underestimates the social-engineering surface this opens.
BeginnerBehavioralCyberpsychologyRead reviewThe Database Hacker's Handbook
David Litchfield, Chris Anley, John Heasman, Bill Grindlay · 2005
Litchfield, Anley, Heasman, and Grindlay's exhaustive 2005 reference on attacking and defending Oracle, SQL Server, DB2, MySQL, PostgreSQL, Sybase, and Informix — the era when the database engine itself was the soft target.
AdvancedDatabasesAppSecRead reviewThe Hacker and the State
Ben Buchanan · 2020
Ben Buchanan's argument that state-on-state cyber operations are not deterrence-shaped (like nuclear) but signaling-shaped: countries use cyber to shape the environment, not to threaten escalation. Builds the case from declassified incidents.
BeginnerGeopoliticsStrategyRead reviewThe Hacker Playbook 3
Peter Kim · 2018
Peter Kim's hands-on red-team field manual: assumed-breach scenarios, lateral movement, AV/EDR evasion, and the operational rhythm of a real engagement rather than a checklist of CVEs.
IntermediatePentestingRed TeamRead reviewThe Hardware Hacking Handbook
Jasper van Woudenberg, Colin O'Flynn · 2021
Jasper van Woudenberg and Colin O'Flynn (NewAE / ChipWhisperer) on real hardware attacks: bus sniffing, fault injection, side-channel power analysis, and the lab work that turns a black box into a known target.
AdvancedHardwareEmbeddedRead reviewThe IDA Pro Book
Chris Eagle · 2011
Chris Eagle's deep manual on IDA Pro, the disassembler that defined a generation of reverse engineering. Useful even with Ghidra in the picture, since most malware-analysis literature still assumes IDA.
IntermediateReverse EngineeringToolingRead reviewThe Mac Hacker's Handbook
Charlie Miller, Dino Dai Zovi · 2009
Charlie Miller and Dino Dai Zovi's 2009 deep dive into the Mac OS X exploit landscape — Mach-O, IPC, sandboxing as it then existed, and the early-Intel-Mac exploitation chains.
AdvancedReverse EngineeringmacOSRead reviewThe Mobile Application Hacker's Handbook
Dominic Chell, Tyrone Erasmus, Shaun Colley, Ollie Whitehouse · 2015
Chell, Erasmus, Colley, and Whitehouse's reference on iOS and Android application security from the early-mid 2010s — runtime hooking, transport security, IPC abuse, and the platform-specific surface of mobile pentesting.
IntermediateMobileAppSecRead reviewThe Practice of Network Security Monitoring
Richard Bejtlich · 2013
Richard Bejtlich's NSM playbook: how to deploy collection sensors, validate that you actually see what you think you see, and build detection workflows around open-source tools.
IntermediateDefensiveDetectionRead review