Best Offensive books

Windows Security Internals

A Deep Dive into Windows Authentication, Authorization, and Auditing

Forshaw takes apart the Windows security model from the SRM and access tokens up through Kerberos, with live PowerShell you can run against your own machine. The most authoritative single source on how Windows actually decides who can do what.

Attacking Network Protocols

A Hacker's Guide to Capture, Analysis, and Exploitation

James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

Hacking: The Art of Exploitation

A from-first-principles tour of low-level exploitation that still teaches the mindset two decades later.

Metasploit

The Penetration Tester's Guide

The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.

Black Hat Bash

Creative Scripting for Hackers and Pentesters

Nick Aleks and Dolev Farhi on getting offensive work done with the shell: privilege escalation tooling, lateral movement, and pipelining bash with the rest of the toolkit.

Evading EDR

The Definitive Guide to Defeating Endpoint Detection Systems

A component-by-component teardown of how modern EDR sensors actually collect telemetry, and where each data source can be starved, blinded, or bypassed.

Black Hat GraphQL

Attacking Next Generation APIs

Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.

Hacking APIs

Breaking Web Application Programming Interfaces

Corey Ball's structured approach to attacking REST and GraphQL APIs: enumeration, auth flaws, business logic, mass assignment, and the testing harness around them.

Sécurité informatique - Ethical Hacking

Apprendre l'attaque pour mieux se défendre

The French-language reference for offensive security: a thick, lab-heavy tour of the attacker's toolkit, maintained across editions by the ACISSI collective under the motto “learn the attack to better defend.”

Black Hat Python

Python Programming for Hackers and Pentesters

Justin Seitz and Tim Arnold's hands-on tour of writing offensive tooling in Python: network sniffers, web scrapers, GitHub-based command-and-control, screen capture, keylogging, and Volatility extensions.

Bug Bounty Bootcamp

The Guide to Finding and Reporting Web Vulnerabilities

Vickie Li's pragmatic walk through the bug-bounty workflow, from picking a program and recon to reporting findings that actually pay out.

Hacking Kubernetes

Threat-Driven Analysis and Defense

A threat-modeling tour of a Kubernetes cluster, component by component, that teaches you to harden defaults by first showing you how each one gets broken.

Black Hat Go

Go Programming For Hackers and Pentesters

Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.

Real-World Bug Hunting

A Field Guide to Web Hacking

Peter Yaworski breaks down real disclosed reports across major bug bounty programs, organized by vulnerability class, so readers can pattern-match real findings rather than learn classes from textbook examples.

The Hacker Playbook 3

Practical Guide to Penetration Testing — Red Team Edition

Peter Kim's hands-on red-team field manual: assumed-breach scenarios, lateral movement, AV/EDR evasion, and the operational rhythm of a real engagement rather than a checklist of CVEs.

Hacking et Forensic

Développez vos propres outils en Python

A hands-on French guide to building your own offensive and forensic tools in Python — networking, packet crafting, web and forensic scripting — for people who'd rather write the tool than buy it.

Penetration Testing

A Hands-On Introduction to Hacking

Georgia Weidman's lab-driven introduction to pentesting, walking the reader from setting up a target environment through scanning, exploitation, post-exploitation, and reporting.

A Bug Hunter's Diary

A Guided Tour Through the Wilds of Software Security

Tobias Klein walks through seven real vulnerabilities he found and exploited, in the form of personal lab notes, what he tried, what failed, and what eventually shipped to vendors.

The Web Application Hacker's Handbook

Finding and Exploiting Security Flaws

The exhaustive reference for web app pentesting, comprehensive but increasingly a historical document.

The Shellcoder's Handbook

Discovering and Exploiting Security Holes

A foundational text on memory-corruption exploitation across Linux, Windows, Solaris and embedded targets. Pre-modern-mitigations in spirit but still the canonical introduction to the techniques the modern toolchain is built to defeat.

Pentesting Azure Applications

The Definitive Guide to Testing and Securing Deployments

Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.

Advanced Penetration Testing

Hacking the World's Most Secure Networks

A red-teamer's tour of getting into high-security targets without Metasploit, leaning on custom C2, social engineering, and tradecraft. Strong ideas, uneven execution.

Hacking

Un labo virtuel pour auditer et mettre en place des contre-mesures

A hands-on French guide to building a virtual lab (Proxmox) and using it to audit application, web and system flaws — then implement countermeasures.