Best cybersecurity books for intermediate readers

Extreme Privacy

What It Takes to Disappear

Michael Bazzell's defender-side companion to OSINT Techniques: a step-by-step program for removing yourself from data brokers, public records, and the everyday surveillance economy without going off-grid.

OSINT Techniques

Resources for Uncovering Online Information

Michael Bazzell's relentlessly updated technical manual for finding people, accounts, breach data, geolocation evidence, and online identifiers — the de facto reference of the modern OSINT field.

Serious Cryptography

A Practical Introduction to Modern Encryption

Jean-Philippe Aumasson's working introduction to modern cryptography, written for engineers who need both intuition and enough mathematical depth to evaluate the choices a library is making for them.

Designing Secure Software

A Guide for Developers

Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.

Real-World Cryptography

David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.

Threat Modeling

Designing for Security

Adam Shostack's practitioner-oriented introduction to threat modeling: STRIDE, attack trees, and how to fit the practice into a real software-development lifecycle.

The Practice of Network Security Monitoring

Understanding Incident Detection and Response

Richard Bejtlich's NSM playbook: how to deploy collection sensors, validate that you actually see what you think you see, and build detection workflows around open-source tools.

Practical Malware Analysis

The Hands-On Guide to Dissecting Malicious Software

Still the gold standard textbook for static and dynamic malware analysis on Windows.

Hacking: The Art of Exploitation

A from-first-principles tour of low-level exploitation that still teaches the mindset two decades later.

Metasploit

The Penetration Tester's Guide

The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.

Black Hat Bash

Creative Scripting for Hackers and Pentesters

Nick Aleks and Dolev Farhi on getting offensive work done with the shell: privilege escalation tooling, lateral movement, and pipelining bash with the rest of the toolkit.

Technopolitique

Comment la technologie fait de nous des soldats

A sharp, current essay on how digital technology, AI and platform power have turned citizens into actors in a permanent informational and geopolitical conflict, by a prominent French tech-politics scholar.

Black Hat GraphQL

Attacking Next Generation APIs

Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.

Intelligence-Driven Incident Response

Outwitting the Adversary

A practitioner's guide to wiring threat intelligence into the incident response loop, built around the F3EAD cycle rather than tool-of-the-week tutorials.

Cybersécurité

Analyser les risques, mettre en œuvre les solutions

Solange Ghernaouti's broad academic survey of cybersecurity — risk analysis, governance, technical and legal dimensions — the standard French university reference, now in its 7th edition.

Hacking APIs

Breaking Web Application Programming Interfaces

Corey Ball's structured approach to attacking REST and GraphQL APIs: enumeration, auth flaws, business logic, mass assignment, and the testing harness around them.

Practical Social Engineering

A Primer for the Ethical Hacker

Joe Gray's working manual for the social-engineering side of red team and threat intel: OSINT-driven recon, pretexting, phishing infrastructure, and the legal and ethical boundaries that separate professional work from criminal activity.

Sécurité informatique - Ethical Hacking

Apprendre l'attaque pour mieux se défendre

The French-language reference for offensive security: a thick, lab-heavy tour of the attacker's toolkit, maintained across editions by the ACISSI collective under the motto “learn the attack to better defend.”

Black Hat Python

Python Programming for Hackers and Pentesters

Justin Seitz and Tim Arnold's hands-on tour of writing offensive tooling in Python: network sniffers, web scrapers, GitHub-based command-and-control, screen capture, keylogging, and Volatility extensions.

Hacking Kubernetes

Threat-Driven Analysis and Defense

A threat-modeling tour of a Kubernetes cluster, component by component, that teaches you to harden defaults by first showing you how each one gets broken.

Practical IoT Hacking

The Definitive Guide to Attacking the Internet of Things

Five-author guide to IoT pentesting covering hardware probing, radio (BLE / Zigbee / LoRa), embedded firmware, and the protocols that connect cheap devices to vulnerable backends.

Practical Linux Forensics

A Guide for Digital Investigators

Bruce Nikkel's reference for forensic analysts working post-mortem on Linux images: filesystems, journaling, logs, persistence locations, and the chain of custody discipline around them.

Black Hat Go

Go Programming For Hackers and Pentesters

Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.

Container Security

Fundamentals for Securing Containerized Applications

Liz Rice's first-principles introduction to how Linux containers actually work — namespaces, cgroups, capabilities, seccomp, image layering — and the security implications that fall out of those mechanics.

The Ghidra Book

The Definitive Guide

The reference manual for the NSA's open-source disassembler, written by the author of The IDA Pro Book. Exhaustive on the tool, thinner on the craft of reversing itself.

Cyber

La guerre permanente

A strategic analysis of cyber conflict as permanent, sub-threshold warfare — and what France and Europe should do about it — by a former senior French strategist and a consultant.

Cyberstructure

L'Internet, un espace politique

An engineer's lucid account of how the Internet actually works — and why its technical architecture is a political space that shapes human rights — by a DNS specialist at AFNIC.

Kubernetes Security

Liz Rice and Michael Hausenblas's freely-available O'Reilly short on the Kubernetes-specific security model: API server, RBAC, network policy, secrets, and the typical hardening steps that move a cluster from default to defensible.

Malware Data Science

Attack Detection and Attribution

Saxe and Sanders apply machine-learning techniques (classification, clustering, deep learning) to malware detection and attribution, with working Python code and real corpora.

Social Engineering

The Science of Human Hacking

Christopher Hadnagy's broad procedural reference on social engineering as a discipline — recon, pretexting, elicitation, microexpressions, and the structured engagement model his consultancy operationalized.

The Hacker Playbook 3

Practical Guide to Penetration Testing — Red Team Edition

Peter Kim's hands-on red-team field manual: assumed-breach scenarios, lateral movement, AV/EDR evasion, and the operational rhythm of a real engagement rather than a checklist of CVEs.

Network Security Through Data Analysis

From Data to Action

Michael Collins on building situational awareness from network telemetry: collection architecture, statistical baseline-setting, and the analytic patterns that turn raw flows into detection.

Zero Trust Networks

Building Secure Systems in Untrusted Networks

Evan Gilman and Doug Barth's pre-marketing-bubble treatment of zero-trust architecture — what it is when you actually implement it (trust evaluation, device identity, dynamic policy) versus what the vendor pitch turned it into.

The Car Hacker's Handbook

A Guide for the Penetration Tester

Craig Smith's guide to automotive bus systems (CAN, LIN, FlexRay), ECUs, infotainment surfaces, and how to fuzz, trace and exploit modern vehicles.

Hacking et Forensic

Développez vos propres outils en Python

A hands-on French guide to building your own offensive and forensic tools in Python — networking, packet crafting, web and forensic scripting — for people who'd rather write the tool than buy it.

Incident Response and Computer Forensics

Luttgens, Pepe, and Mandia's working playbook for running an enterprise IR engagement: pre-engagement readiness, evidence acquisition, network and host forensics, and the project-management discipline that separates a controlled response from a panic.

Applied Network Security Monitoring

Collection, Detection, and Analysis

A practitioner's walkthrough of building an NSM capability end to end, from deciding what to collect through detection and the analysis workflow that ties it together. The tooling is dated, but the way it teaches you to think about monitoring is not.

A Bug Hunter's Diary

A Guided Tour Through the Wilds of Software Security

Tobias Klein walks through seven real vulnerabilities he found and exploited, in the form of personal lab notes, what he tried, what failed, and what eventually shipped to vendors.

The IDA Pro Book

The Unofficial Guide to the World's Most Popular Disassembler

Chris Eagle's deep manual on IDA Pro, the disassembler that defined a generation of reverse engineering. Useful even with Ghidra in the picture, since most malware-analysis literature still assumes IDA.

The Web Application Hacker's Handbook

Finding and Exploiting Security Flaws

The exhaustive reference for web app pentesting, comprehensive but increasingly a historical document.

Cryptography Engineering

Design Principles and Practical Applications

A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.

Understanding Cryptography

A Textbook for Students and Practitioners

A genuinely teachable intro to modern cryptography that derives the math instead of hand-waving it, covering symmetric and public-key primitives without drowning you in proofs.

Linux Firewalls

Attack Detection and Response with iptables, psad, and fwsnort

Michael Rash, author of psad and fwsnort, on building and operating Linux-native packet filtering and intrusion-response tooling. Pre-nftables in detail but conceptually durable.

Reversing

Secrets of Reverse Engineering

The book that taught a generation how software actually looks once you strip away the source. Still the clearest on-ramp to thinking in assembly, even with dated tools.

Hacking the Xbox

An Introduction to Reverse Engineering

Andrew "bunnie" Huang on the original Xbox: hardware modding as the entry path into reverse engineering, plus a frank account of the legal fight that followed.

La science du secret

A lucid popular-science history of cryptography by Jacques Stern, one of France's most eminent cryptographers — from classical ciphers to public-key and the science of secrecy.

Cybercriminalité

Comprendre, prévenir, réagir

Solange Ghernaouti's structured treatment of cybercrime — how it works, how to prevent it, how to respond — spanning technical, legal and organisational angles.

RGPD et droit des données personnelles

A complete French manual on data-protection law under the GDPR and the 2018 loi Informatique et Libertés — obligations, rights and how to comply — by an engineer and doctor of law.

Pentesting Azure Applications

The Definitive Guide to Testing and Securing Deployments

Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.

iOS Application Security

The Definitive Guide for Hackers and Developers

David Thiel on attacking and defending iOS apps: the platform sandbox, IPC surfaces, keychain semantics, transport security, and the patterns that introduce real bugs.

Introduction à la cyberstratégie

A foundational French introduction to cyberstrategy — treating cyberspace as a domain of strategic thought — by a former officer and strategy scholar.

The Mobile Application Hacker's Handbook

Chell, Erasmus, Colley, and Whitehouse's reference on iOS and Android application security from the early-mid 2010s — runtime hooking, transport security, IPC abuse, and the platform-specific surface of mobile pentesting.

Cybertactique

Conduire la guerre numérique

The tactical companion to Cyberstratégie — how cyber operations are actually conducted, from planning to execution — by a French officer and strategist.

Hacking

Un labo virtuel pour auditer et mettre en place des contre-mesures

A hands-on French guide to building a virtual lab (Proxmox) and using it to audit application, web and system flaws — then implement countermeasures.

La cyberstratégie russe

A focused study of Russia's approach to cyberspace — doctrine, actors and information warfare — one of the few French-language books dedicated to a single state's cyberstrategy.

Le cyberespace

Nouveau domaine de la pensée stratégique

A collective volume from a French military-strategic colloquium arguing that cyberspace is a genuine new domain of strategic thought — short, dense, and foundational to the French school.

Cyberstratégie

L'art de la guerre numérique

An early French military-strategic treatment of cyberspace as a theatre of operations — doctrine, deterrence and the determinants of a national cyber policy — by a French officer and strategist.

Cybercriminalité

Droit pénal appliqué

A practitioner's treatment of cybercrime law — offences, procedure, and the application of criminal law to digital crime — by a French magistrate specialised in the field.