Cyber Shelf
Florian Amette
April 30, 20265 min read

8 Best Books for OSCP Prep in 2026 — A Pentester's Reading List

Penetration Testing (Weidman), Linux Basics for Hackers, Hacking: The Art of Exploitation, Black Hat Python: 8 books that genuinely help with OSCP prep in 2026, sorted by study phase.

#oscp#reading-list#penetration-testing#certification-prep

Most OSCP prep advice tells you to do labs, do labs, do labs. That's correct, but it skips the question of what to read alongside the labs to make them stick.

The picks at a glance

Pre-course:

  1. Linux Basics for Hackers — non-negotiable Linux fluency.
  2. Penetration Testing by Georgia Weidman — the friendliest pentest workflow primer.

During PEN-200: 3. Hacking: The Art of Exploitation — the buffer overflow foundation. 4. The Web Application Hacker's Handbook — the OSCP web playbook. 5. Attacking Network Protocols — for the weird-port moments.

Scripting & tooling: 6. Black Hat Python — write your own offensive tools. 7. Metasploit — the framework, cold.

Modern web bonus: 8. Bug Bounty Bootcamp — where modern web bug classes live.

The OSCP is a 24-hour practical exam, not a literature review. Every hour you spend reading needs to translate into something you can actually do under pressure.

Before you start the official course

If you are not yet enrolled in PEN-200, the goal is to make sure the official material doesn't lose you in the first chapter.

Linux Basics for Hackers by OccupyTheWeb is non-negotiable if you're not already comfortable on the Linux command line. Bash, networking commands, file permissions, services: the OSCP exam assumes you can move around a Linux box without thinking. This book is the cheapest way to get there.

Penetration Testing by Georgia Weidman is the best companion to PEN-200. It walks you through a full pentest end to end (recon, exploitation, post-exploitation, reporting) at exactly the level the OSCP expects. Several editions ago now, but the workflow has not changed.

Core reading during the course

These are the books to keep open on a second monitor during lab work.

Hacking: The Art of Exploitation by Jon Erickson is the foundation for the buffer overflow component. PEN-200 has been moving away from BOF as a standalone topic, but understanding what's actually happening on the stack is still what separates candidates who pass from candidates who panic when shellcode misbehaves. Read the first half of the book at minimum.

The Web Application Hacker's Handbook by Stuttard and Pinto is the OSCP web playbook. The book is dated, but the OSCP web challenges are dated too: SQLi, file upload, LFI/RFI, command injection, basic XSS for stored payloads, classic auth bypasses. The taxonomy in this book maps directly to what you'll see on exam day.

Attacking Network Protocols by James Forshaw teaches you how to actually look at traffic and understand it. Useful for pivoting through internal networks and for the kind of "weird port, what is this protocol" moments the exam loves to throw at you.

Scripting and tooling

The OSCP rewards you for not retyping the same thing twice.

Black Hat Python by Justin Seitz and Tim Arnold is the canonical "write your own offensive tools" book. You will not need to write a custom C2 for the exam, but you'll benefit massively from the muscle memory of "just script it" instead of fighting with someone else's tool. The networking, scraping, and process-injection chapters in particular pay back the time spent.

Metasploit: The Penetration Tester's Guide is dated but still the clearest book on the framework. The OSCP famously limits Metasploit to one machine, but that one machine matters, and post-exploitation modules are fair game throughout. Knowing the framework cold saves you hours.

For the web-heavy machines

If you want to go deeper than the Web Application Hacker's Handbook on the bug classes that actually appear in OSCP web boxes:

Bug Bounty Bootcamp by Vickie Li is more current and more practical than Stuttard and Pinto on the modern bug landscape. The OSCP doesn't test 2024-era bug bounty exotica, but the chapters on auth, SSRF, and access control map directly to exam-style mistakes developers actually make.

What to skip

A few books we'd specifically recommend against for OSCP prep:

  • OSCP-branded "study guides" that are not from Offensive Security. Most are surface tourism over the official syllabus. Your money is better spent on extra lab time.
  • Red team / advanced post-exploitation books (operator handbooks, C2 deep dives). Wrong target. The OSCP exam is about getting the foothold and basic privilege escalation, not OPSEC.
  • CISSP-style management books. Wrong exam, wrong mindset.

A realistic timeline

For most candidates, the right approach is:

  1. Pre-course (2 to 4 weeks): Linux Basics for Hackers + first half of Weidman.
  2. During PEN-200 (3 to 6 months): Erickson + WAHH on the side, Black Hat Python whenever you find yourself doing something repetitive.
  3. Last month before exam: stop buying books. Do labs full-time, take notes, build your own playbook.

The single most common OSCP failure mode is reading instead of practicing. Books unblock you, they don't replace lab time. If you have to choose between another chapter and another box, do the box.

Good luck. Read what helps. Solve the boxes. The exam is fair.

Frequently asked questions

Is Penetration Testing by Georgia Weidman still useful for OSCP in 2026?
Yes. The edition is dated against modern Active Directory tradecraft, but the workflow it teaches (recon, exploitation, post-exploitation, reporting) is exactly what the OSCP expects. The OSCP-prep community still recommends it first because nothing has replaced it for newcomers.
Do I need to read Hacking: The Art of Exploitation for OSCP?
Read at least the first half. PEN-200 has been moving away from buffer-overflow as a standalone topic, but understanding what is happening on the stack is what separates candidates who pass from candidates who panic when shellcode misbehaves. Erickson's book is still the cleanest introduction.
How much should I prepare with books versus labs for OSCP?
Heavily lab-weighted. Books unblock you, they do not replace lab time. Aim for two to four weeks of pre-course reading (Linux Basics for Hackers + half of Weidman), then keep two or three books open as references during PEN-200. The last month before the exam should be lab-only.
Are OSCP-specific study guides worth buying?
Most are not. OSCP-branded study guides outside Offensive Security itself are usually surface tourism over the official syllabus. Your money is almost always better spent on extra lab time, HackTheBox or Proving Grounds Practice subscriptions, or one of the books on this list.