Best cybersecurity books for intermediate readers

Extreme Privacy

What It Takes to Disappear

Michael Bazzell's defender-side companion to OSINT Techniques: a step-by-step program for removing yourself from data brokers, public records, and the everyday surveillance economy without going off-grid.

OSINT Techniques

Resources for Uncovering Online Information

Michael Bazzell's relentlessly updated technical manual for finding people, accounts, breach data, geolocation evidence, and online identifiers — the de facto reference of the modern OSINT field.

Serious Cryptography

A Practical Introduction to Modern Encryption

Jean-Philippe Aumasson's working introduction to modern cryptography, written for engineers who need both intuition and enough mathematical depth to evaluate the choices a library is making for them.

Designing Secure Software

A Guide for Developers

Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.

Real-World Cryptography

David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.

Threat Modeling

Designing for Security

Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.

The Practice of Network Security Monitoring

Understanding Incident Detection and Response

Richard Bejtlich's NSM playbook: how to deploy collection sensors, validate that you actually see what you think you see, and build detection workflows around open-source tools.

Practical Malware Analysis

The Hands-On Guide to Dissecting Malicious Software

Still the gold standard textbook for static and dynamic malware analysis on Windows.

Hacking: The Art of Exploitation

A from-first-principles tour of low-level exploitation that still teaches the mindset two decades later.

Metasploit

The Penetration Tester's Guide

The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.

Black Hat Bash

Creative Scripting for Hackers and Pentesters

Nick Aleks and Dolev Farhi on getting offensive work done with the shell: privilege escalation tooling, lateral movement, and pipelining bash with the rest of the toolkit.

La cyberdéfense

French academic textbook on cyber defense — political, military, legal. The authors (researchers and former military-school faculty) cover the French organizational layer and the international ecosystem.

Black Hat GraphQL

Attacking Next Generation APIs

Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.

Hacking APIs

Breaking Web Application Programming Interfaces

Corey Ball's structured approach to attacking REST and GraphQL APIs: enumeration, auth flaws, business logic, mass assignment, and the testing harness around them.

Practical Social Engineering

A Primer for the Ethical Hacker

Joe Gray's working manual for the social-engineering side of red team and threat intel: OSINT-driven recon, pretexting, phishing infrastructure, and the legal and ethical boundaries that separate professional work from criminal activity.

Black Hat Python

Python Programming for Hackers and Pentesters

Justin Seitz and Tim Arnold's hands-on tour of writing offensive tooling in Python: network sniffers, web scrapers, GitHub-based command-and-control, screen capture, keylogging, and Volatility extensions.

Practical IoT Hacking

The Definitive Guide to Attacking the Internet of Things

Five-author guide to IoT pentesting covering hardware probing, radio (BLE / Zigbee / LoRa), embedded firmware, and the protocols that connect cheap devices to vulnerable backends.

Practical Linux Forensics

A Guide for Digital Investigators

Bruce Nikkel's reference for forensic analysts working post-mortem on Linux images: filesystems, journaling, logs, persistence locations, and the chain of custody discipline around them.

Black Hat Go

Go Programming For Hackers and Pentesters

Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.

Container Security

Fundamentals for Securing Containerized Applications

Liz Rice's first-principles introduction to how Linux containers actually work — namespaces, cgroups, capabilities, seccomp, image layering — and the security implications that fall out of those mechanics.

Kubernetes Security

Liz Rice and Michael Hausenblas's freely-available O'Reilly short on the Kubernetes-specific security model: API server, RBAC, network policy, secrets, and the typical hardening steps that move a cluster from default to defensible.

Malware Data Science

Attack Detection and Attribution

Saxe and Sanders apply machine-learning techniques (classification, clustering, deep learning) to malware detection and attribution, with working Python code and real corpora.

Social Engineering

The Science of Human Hacking

Christopher Hadnagy's broad procedural reference on social engineering as a discipline — recon, pretexting, elicitation, microexpressions, and the structured engagement model his consultancy operationalized.

The Hacker Playbook 3

Practical Guide to Penetration Testing — Red Team Edition

Peter Kim's hands-on red-team field manual: assumed-breach scenarios, lateral movement, AV/EDR evasion, and the operational rhythm of a real engagement rather than a checklist of CVEs.

Network Security Through Data Analysis

From Data to Action

Michael Collins on building situational awareness from network telemetry: collection architecture, statistical baseline-setting, and the analytic patterns that turn raw flows into detection.

Zero Trust Networks

Building Secure Systems in Untrusted Networks

Evan Gilman and Doug Barth's pre-marketing-bubble treatment of zero-trust architecture — what it is when you actually implement it (trust evaluation, device identity, dynamic policy) versus what the vendor pitch turned it into.

The Car Hacker's Handbook

A Guide for the Penetration Tester

Craig Smith's guide to automotive bus systems (CAN, LIN, FlexRay), ECUs, infotainment surfaces, and how to fuzz, trace and exploit modern vehicles.

Incident Response and Computer Forensics

Luttgens, Pepe, and Mandia's working playbook for running an enterprise IR engagement: pre-engagement readiness, evidence acquisition, network and host forensics, and the project-management discipline that separates a controlled response from a panic.

A Bug Hunter's Diary

A Guided Tour Through the Wilds of Software Security

Tobias Klein walks through seven real vulnerabilities he found and exploited, in the form of personal lab notes, what he tried, what failed, and what eventually shipped to vendors.

The IDA Pro Book

The Unofficial Guide to the World's Most Popular Disassembler

Chris Eagle's deep manual on IDA Pro, the disassembler that defined a generation of reverse engineering. Useful even with Ghidra in the picture, since most malware-analysis literature still assumes IDA.

The Web Application Hacker's Handbook

Finding and Exploiting Security Flaws

The exhaustive reference for web app pentesting, comprehensive but increasingly a historical document.

Cryptography Engineering

Design Principles and Practical Applications

A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.

Linux Firewalls

Attack Detection and Response with iptables, psad, and fwsnort

Michael Rash, author of psad and fwsnort, on building and operating Linux-native packet filtering and intrusion-response tooling. Pre-nftables in detail but conceptually durable.

Hacking the Xbox

An Introduction to Reverse Engineering

Andrew "bunnie" Huang on the original Xbox: hardware modding as the entry path into reverse engineering, plus a frank account of the legal fight that followed.

Pentesting Azure Applications

The Definitive Guide to Testing and Securing Deployments

Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.

iOS Application Security

The Definitive Guide for Hackers and Developers

David Thiel on attacking and defending iOS apps: the platform sandbox, IPC surfaces, keychain semantics, transport security, and the patterns that introduce real bugs.

The Mobile Application Hacker's Handbook

Chell, Erasmus, Colley, and Whitehouse's reference on iOS and Android application security from the early-mid 2010s — runtime hooking, transport security, IPC abuse, and the platform-specific surface of mobile pentesting.