The Ten Best Books on Hacking

By

Jan 21st


I have been a hacker going on two decades, and never been in trouble with the man. Well that is not completely true, the one and only time I was caught was at University.

It was my last year, and I had the hot’s for a girl, she was gorgeous, so much so that she turned the eye of a visiting American student, he was clearly trying to get in her pants. I was convinced he was trying to chat her up, via a new technology called electronic mail. So one night, two in the morning, I came to the only conclusion that a green eyed man would come to, I had to check her and his email box.

It was simple enough, I had placed a key logger on the boot up disk of the workstations at the end of my second year, and I had the Admin passwords of pretty much every admin and root user in the university. After getting access to both of their accounts I verified that he was sending her emails, trying his best lines, BUT to my surprise she was slapping him down each and every time, I felt bad, bad that I hadn’t trusted her, bad that she clearly loved me, but I betrayed her trust by accessing her account.

After snooping for an hour or two I decided it was time to clear out any evidence of being in the system, I went through the Novell Audit logs and deleted all entries of the logins, basically deleted everything from midnight, when they logs had rolled over, then went home to bed.

The next day I went to my first lecture, about three in the afternoon, I didn’t go to lectures before midday, ever, well not since the end of my first year, I always choose my courses based on the lecture schedule, making sure that the only courses I signed up for that started before midday were first year courses, where I could just read the text book and not have to attend the lecture. To this day, I still know nothing about the Smalltalk programming language as I refused to take the advance programming course that covered it, because they had lectures at 10:00am on a Tuesday and Thursday.

After my first lecture I went to the computer lab, like I did every day, logged in. The first sign something was up was my disk space allocation, it was HUGE, at least 100 times what I should have been allocated, and ALL of my applications had been compiled. In my inbox I had an email asking me to go to the head of computer science office, my heart sank.

To cut a long story short, they had “caught” me because I had used my student swipe card to access the computer room, and hadn’t cleared those access logs, damn it. The reason they went looking was because they were missing the audit logs from midnight, which also included a success message from a bunch of batch jobs they would run overnight, someone was tasked to verify that the batch jobs had run successfully by manually checking these logs, when the logs weren’t there, all hell broke loose.

They had no idea how I had gotten in, which is why they had complied all of my code, looking for a nefarious app, I said I had stumbled on an admin password one day when one of the admin’s tried to fix a dump error I was getting on my workstation, which was kind of true, but I had faked the dump error to specifically capture his username and password, and I had only ever used it once, last night, just to look around the system, “honest gov”.

They slapped me on the hand, put me on academic probation, and asked me to mentor the first year students during their lab work, which ended up being my first paid job, outside of the paper run, that is. The real punishment was these labs were first thing on Monday and Wednesday morning, damn it.

I cleared off the key loggers on the boot disk’s and became a lot better at cleaning up after myself, I have never been caught again, cause you know, I don’t do that anymore.

But I am in security, so I do keep abreast of the latest hacking techniques, you know, so I can protect the networks I look after. Below are the eleven best hacking books that I have read, from beginners to advance users, enjoy!

If you are an absolute beginner then you will want to start with the basics, the best resource for this is the text books they actually use at the top university across the globe to learn hacking, that being

Number 1 (for beginners) – Hands-On Ethical Hacking and Network Defense v2

If you have the basic’s under your hat then the below are fantastic.

Number 10 – Low Tech Hacking: Street Smarts for Security Professionals

Number 9 – Social Engineering: The Art of Human Hacking

Number 8 – A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security

Number 7 – Hacking: The Art of Exploitation

Number 6 – The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy

Number 5 – BackTrack 5 Wireless Penetration Testing Beginner’s Guide

Number 4 – The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws

Number 3 – Metasploit: The Penetration Tester’s Guide

If you only buy one or two books make it these top two, my go to guides even after years in the ethical hacking industry.

Number 2 – Unauthorised Access: Physical Penetration Testing For IT Security Teams

Number 1 – Hacking Exposed 7th Edition

UPDATE : As I became more experienced with hacking and pen testing I found another great reference book, I wouldn’t start with this one, but if you have some experience under your belt this book is fantastic for understanding what too look for when you have been breached. It will obviously be good for those that want to hide their actions.

Number Bonus – Incident Response & Computer Forensics, Third Edition

Did I miss any? If so let me know in the comment section below.

Leave a Reply

 
© 2006-2024 Security Enterprise Cloud magazine.