Good Books To Start Out Reading?

[MINDustry]

What are some good books that you'd recommend an aspiring Ethical Hacker to read?

I'm reading both editions of the Ethical Hacker Playbook so far as well as the Shellcoders Handbook.

[ghostheadx2]

Start by learning how things work. Also, if you want good books look at No Starch Press books. Also, don't just limit yourself to videos. Pick an area of computers and learn it. Hackers, even white hats, have to have knowledge of how things work. Cybrary might be a cool place for you to look into. Look at thenewboston also and Eli The Computer Guy. Those are some well known sources. But don't just look at what I tell you. Find your own sources.

[Jbraithwaite]

One of the most important things is enumeration. You can't hack anything until you know what it is you are hacking, and in order to do that you need to find out everything about your target. Open Source Intelligent Techniques is a great book for web recon. However, I'd stick to learning how to leverage what you find above anything else.

What versions of Apache/IIS are vulnerable?
MySql, MSSQL vulnerabilities?
Open SSL and anything Open Source.
Linux Kernel versions
Windows/Linux versions and Privilege Escalation.

Most of the time you need to gain access to a system via a website or vulnerable service on an open port. It's not the port that's vulnerable it's the service that sits on it. Get used to probing Open and filtered ports to get finer details about versions of software. It'll save you a lot of time and frustration later if you have to fix an exploit made in C only for it not to work because you didn't enumerate the version correctly. No point in knowing that SMB is vulnerable. You need to know the version and what OS it's on before you can attack it.

These are all things you don't really learn from books. I know, I've wasted so much on books that now collect dust. Google is probably the best and worst tool you have at your disposal. Best because, given the correct search term you'll save so much time, however, just searching for "Apache vulnerabilities" will lead you down too many rabbit holes.