Books

Penetration Testing Books

Below is a refreshed, curated list of books I recommend for penetration testers, red teamers, and security engineers. I’ve grouped them by topic and added short notes on why each title earns a place on my shelf. As ever, I treat these as reference guides rather than cover-to-cover reads.

 

Current Top Picks

Practical Cloud Security (2nd Edition, 2023)

Authors: Chris Dotson & David Seidman

Why read: Clear, vendor-balanced coverage of cloud threat modelling, IAM, logging, incident response, and multi-cloud guardrails. A great way to modernise a traditional pentest mindset for cloud architectures.

Publisher page

Adversarial Tradecraft in Cybersecurity (2021)

Author: Dan Borges

Why read: Focuses on live offence vs defence—OPSEC, persistence, and decision-making during an active engagement. Helps sharpen thinking beyond tools.

Publisher page

Black Hat Python (2nd Edition, 2021)

Authors: Justin Seitz & Tim Arnold

Why read: Modern Python 3 tooling for offensive tasks—sniffers, fuzzers, implants, and automation. Still one of the fastest ways to level up your scripting for ops.

Publisher page

Penetration Testing Azure for Ethical Hackers (2021)

Authors: David Okeyode & Karl Fosaaen

Why read: Practical Azure attack paths (Auth, identities, storage, networking) with methodologies that map well to real client work and purple-team drills.

Publisher page

Red Team & Operator Tradecraft

Red Team Development & Operations (2020)

Authors: Joe Vest & James Tubberville

Why read: End-to-end guidance on planning, running, and reporting professional red team engagements—with emphasis on OPSEC, control, and value for defenders.

ISBN listing

Rtfm: Red Team Field Manual (Classic)

Why read: The pocket reference that refuses to die—quick syntax, one-liners, and reminders for operators under time pressure.

Amazon

Network & Infrastructure

Network Security Assessment (3rd Edition)

Author: Chris McNab

Why read: Methodical network pentest process that still holds up—enumeration, service analysis, and prioritisation at scale.

Publisher page

Nmap Network Scanning (Classic)

Author: Gordon “Fyodor” Lyon

Why read: Deep dive on discovery and service identification; useful beyond Nmap because it teaches how scanners think.

Amazon

Metasploit: The Penetration Tester’s Guide (Classic)

Authors: David Kennedy et al.

Why read: Older now, but still a solid primer on exploit workflow and module development basics.

Amazon

Windows & Privilege Escalation

Mastering Windows Privilege Escalation (2024/25)

Publisher: Packt

Why read: A structured tour through Windows security internals, enumeration, and privesc techniques useful for both red and blue teams.

Publisher page

Supplement: Windows PrivEsc lab notes (free PDF)

Why read: Concise lecture/lab slides for quick refreshers when building checklists and runbooks.

PDF

Web, AppSec & IoT

Ethical Hacking: A Hands-On Introduction to Breaking In (2021)

Author: Daniel G. Graham

Why read: A modern, practical “crash course” that bridges gaps for newcomers and cross-trainers picking up offensive skills.

Publisher page

Practical IoT Hacking (2021)

Authors: Chantzis, Stais, Calderón, Deirmentzoglou, Woods

Why read: End-to-end approach to IoT—hardware, RF, firmware, and cloud components—great for device assessments and lab build-outs.

Publisher page

Classics I Still Reach For

  • The Hacker Playbook 3 (2018) — pragmatic checklists and play-calling that still hold up. Amazon
  • Rtfm: Red Team Field Manual — evergreen pocket reference. Amazon
  • Network Security Assessment (3rd Ed.) — methodology gold. O’Reilly
  • Nmap Network Scanning — discovery fundamentals. Amazon

Notes

  • Disclosure: I don’t use affiliate links on this page.
  • Editions and publication years noted to help you prioritise newer content.
  • Have a suggestion? Ping me via the About page.