Best cybersecurity books for advanced readers

Windows Security Internals

A Deep Dive into Windows Authentication, Authorization, and Auditing

Forshaw takes apart the Windows security model from the SRM and access tokens up through Kerberos, with live PowerShell you can run against your own machine. The most authoritative single source on how Windows actually decides who can do what.

Security Chaos Engineering

Sustaining Resilience in Software and Systems

Kelly Shortridge and Aaron Rinehart on treating security as a property of complex adaptive systems: instead of preventing failure, you continuously simulate it, and design the organization to learn from each result.

The Hardware Hacking Handbook

Breaking Embedded Security with Hardware Attacks

Jasper van Woudenberg and Colin O'Flynn (NewAE / ChipWhisperer) on real hardware attacks: bus sniffing, fault injection, side-channel power analysis, and the lab work that turns a black box into a known target.

Building Secure and Reliable Systems

Best Practices for Designing, Implementing, and Maintaining Systems

Google's site-reliability and security teams jointly write down what it actually takes to build systems that are both safe and dependable, from threat models and design reviews to rollback culture and crisis response.

Security Engineering

A Guide to Building Dependable Distributed Systems

Ross Anderson's comprehensive textbook on the design of secure systems, covering protocols, access control, side channels, economics of security, and policy.

Practical Binary Analysis

Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly

Dennis Andriesse on the binary toolchain you can actually script: ELF internals, dynamic taint analysis, symbolic execution and instrumentation with concrete code-along examples.

Attacking Network Protocols

A Hacker's Guide to Capture, Analysis, and Exploitation

James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

Windows Internals, Part 1

System architecture, processes, threads, memory management, and more

The canonical Microsoft Press reference on Windows internals: how processes, threads, memory and system services are actually implemented in the modern Windows kernel. User-mode focus in this volume.

The Art of Memory Forensics

Detecting Malware and Threats in Windows, Linux, and Mac Memory

Ligh, Case, Levy, and Walters' canonical reference on memory analysis with Volatility — the technique, the tooling, and the operating-system internals it depends on, across Windows, Linux, and macOS.

The Tangled Web

A Guide to Securing Modern Web Applications

The deepest book ever written on the strange, accreted security model of the web browser.

The Art of Software Security Assessment

Identifying and Preventing Software Vulnerabilities

The 1200-page reference on auditing C/C++ codebases for security: parsing complex memory and integer interactions, language pitfalls, and how vulnerabilities arise from interactions between layers.

Silence on the Wire

A Field Guide to Passive Reconnaissance and Indirect Attacks

Michal Zalewski's classic on the indirect attack surface: timing channels, protocol-stack fingerprinting, and the often-overlooked side data leaked by every layer of a stack.

Evading EDR

The Definitive Guide to Defeating Endpoint Detection Systems

A component-by-component teardown of how modern EDR sensors actually collect telemetry, and where each data source can be starved, blinded, or bypassed.

Evasive Malware

A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats

Kyle Cucci on the anti-analysis arms race: sandbox detection, anti-debug, anti-VM, packing, and the analyst-side tooling and tradecraft that get past those layers.

Gray Hat Hacking

The Ethical Hacker's Handbook

A multi-author breadth-first reference covering the modern offensive landscape: web, binary, hardware, IoT, mobile, cloud, and adversarial ML — the closest thing in print to a single-volume snapshot of where offensive security is.

The Art of Mac Malware, Volume 1

The Guide to Analyzing Malicious Software

Patrick Wardle's deep dive on macOS malware analysis: persistence patterns, injection techniques, anti-analysis tricks, and the macOS-specific tooling needed to triage real samples.

Rootkits and Bootkits

Reversing Modern Malware and Next Generation Threats

Matrosov, Rodionov and Bratus on persistent, deeply-embedded malware: kernel rootkits, MBR/UEFI bootkits, and the forensic techniques that surface them. Strongly Windows-internals oriented.

Sécurité et espionnage informatique

Connaissance de la menace APT et du cyberespionnage

A technical French guide to advanced persistent threats and cyber-espionage — how APT campaigns work, how to detect them, and how to defend — by one of France's APT specialists.

Sécurité informatique

Cours et exercices corrigés

A rigorous academic course on the foundations of security — cryptography, authentication, access control — with corrected exercises, from a team of well-known French and Swiss cryptographers.

Android Security Internals

An In-Depth Guide to Android's Security Architecture

Nikolay Elenkov on the actual implementation of Android's security model: package manager internals, permissions, keystore, SELinux integration, verified boot.

Practical Reverse Engineering

x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

A working reverser's textbook from three Microsoft / Quarkslab veterans, covering the architectures and toolchain you'll actually meet on real targets, including the Windows kernel and modern obfuscation patterns.

Sécurité informatique

Principes et méthodes à l'usage des DSI, RSSI et administrateurs

A principles-first treatment of information security for DSI, RSSI and sysadmins — architecture, cryptography, network defence and security policy — from two veteran French practitioners.

Les virus informatiques

Théorie, pratique et applications

The reference French academic treatment of computer virology — the theory, algorithms and practice of viruses and malicious code — by Éric Filiol, a former military cryptanalyst and one of France's leading virologists.

The Shellcoder's Handbook

Discovering and Exploiting Security Holes

A foundational text on memory-corruption exploitation across Linux, Windows, Solaris and embedded targets. Pre-modern-mitigations in spirit but still the canonical introduction to the techniques the modern toolchain is built to defeat.

Exercices et problèmes de cryptographie

A rigorous problem book for learning cryptography — over 150 corrected exercises with course summaries, for L3/master/engineering students — by a French academic cryptographer.

Kubernetes Security and Observability

A Holistic Approach to Securing Containers and Cloud-Native Applications

Brendan Creane and Amit Gupta's combined treatment of Kubernetes security and observability — RBAC, network policy, runtime detection, and the telemetry needed to make any of it operationally real.

Intelligence artificielle, cybersécurité et cyberdéfense

An academic examination of how artificial intelligence reshapes cybersecurity and cyberdefence — opportunities, threats and strategic implications — by France's most prolific cyberwar scholar.

Advanced Penetration Testing

Hacking the World's Most Secure Networks

A red-teamer's tour of getting into high-security targets without Metasploit, leaning on custom C2, social engineering, and tradecraft. Strong ideas, uneven execution.

Cyberattaque et cyberdéfense

An academic, systematic treatment of cyberconflict — doctrines, actors, attack and defence scenarios — from a CNRS researcher who is one of France's most prolific scholars of cyberwar.

Tableaux de bord de la sécurité réseau

A practitioner's manual for measuring and steering network security — metrics, dashboards, monitoring and risk indicators — for the people who run security operations.

The Mac Hacker's Handbook

Charlie Miller and Dino Dai Zovi's 2009 deep dive into the Mac OS X exploit landscape — Mach-O, IPC, sandboxing as it then existed, and the early-Intel-Mac exploitation chains.

The Database Hacker's Handbook

Defending Database Servers

Litchfield, Anley, Heasman, and Grindlay's exhaustive 2005 reference on attacking and defending Oracle, SQL Server, DB2, MySQL, PostgreSQL, Sybase, and Informix — the era when the database engine itself was the soft target.