Resources
This is going to be an ever evolving list of my favorite resources. Books, Websites, Blogs and Podcasts. Hit me up if you feel like I have missed anything drastic! Always love finding new resources.
Books:
Web Application Hackers Handbook (Dafydd Stuttard & Marcus Pinto) - This is where it all begins. Anyone who wants to get into hacking should start here. Web applications are abundant and a great way to cut your teeth when it comes to learning how to think like a hacker. This is the most recommended book by anyone with authority when it comes to starting out. Bug Crowd puts it number one on their list of resources for beginners and seasoned vets. Don't miss out on this one, its one of the best resources you can buy.
Penetration Testing (Georgia Weidman) - In 2016 parts of this book are out of date but the technical foundations and all of the important stuff still rings true. Even the stuff that is "out of date" as far as setting up your test environment, can easily be figured out or worked around with a little imagination. Georgia does an amazing job covering lots of the beginner basics from shell scripting, Python, Metasploit and much much more. Definitely worth a read and I would venture to guess there might be an update coming in the not so distant future. People love this book.
Eloquent JavaScript (Marijin Haverbeke) - This is the bible of JavaScript engineers. Not necessarily for true beginners but those who have some programming experience, this is the best resource when trying to deeply learn and understand JavaScript.
Hacking the art of Exploitation (Jon Erickson) - This is a must read for anyone who is interested in hacking. The book starts from scratch with basic programming in C and along with, what basic things like registers and the GDB are. Jon then quickly moves into classic exploits such as buffer over flows. Rather than merely showing how to run existing exploits, he explains how arcane hacking techniques actually work. This book will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Again, this is a MUST READ!
Learning JavaScript Data Structures and Algorithms (Loiane Groner) - Very straight to the point and concise. The book covers the main data structures (Stacks, Queues, Linked Lists, Sets, Hashes and Trees) It is also linked to a GitHub repo with all the examples and problems. Great resource.
Metasploit (David Kennedy) - Metasploit is the industry standard tool when it comes to penetration testing and hacking. Nothing else even comes close in my opinion. This book does the best job at giving you an introduction as well as a deep dive into the framework that has changed the entire industry. A must have on the book shelf of anyone who takes this seriously. Even if you think you know, I guarantee you will learn something from this book.
The Hacker Playbook 2: Practical Guide To Penetration Testing (Peter Kim) - This book is awesome. I have found it to be by far the most up to date and useful publication out there right now on the subject of penetration testing. It is also chock full of amazing resources. It is written in a play book style fashion, breaking down the precise game plan when attacking something. Written by a longtime security professional and CEO of Secure Planet, LLC, this step-by-step guide to the “game” of penetration hacking features hands-on examples and helpful advice from the top of the field.
Websites:
Over the Wire - This is one of my all time favorite sites. It's put together by volunteers and consists of over 12 different war game style hacking challenges. Starting from very basic terminal commands and escalating to all out exploitations, this site is a great way to practice, learn and up your skills.
Hak5.org - This site is a hackers playground. Not only do they host weekly videos and lots of amazing blogs, they also run a store where they sell one of a kind hacker tools. Tools like the rubber ducky (The USB Rubber Ducky is the original keystroke injection attack tool, featured on MR.ROBOT) and the wifi Pineapple, the ultimate MITM tool. You can spend some serious hours and serious cash on this site.
Codewars.com - Once you have completed most of the JS tracks on whatever ‘learn to code’ site you prefer I would suggest signing up for Codewars. The reason I say after completing the JS tracks is that you cannot simply sign up, you have to pass a coding test to be invited in. Its really simple once you have your foundational understanding and syntax down. Once in it is by far one of the most beneficial site out there. Toy problems, known as Kata, are ordered from easy to hard, foundational to fun and are a great way to get practice. They also run a lot of P2P competitions and such.
CoderByte.com - Another great site for toy problems. If you sign up to actually be a member you get full solution videos as well as instructional videos. Although no where near as in depth as somewhere like CodeSchool the guy does a great job of being clear and to the point.
Opensecuritytraining.info - So there is a little know tutorial on Udacity actually put together by hack Reactor and taught by Marcus Phillips. It covers Object Oriented JS and describes its self as what used to be taught the first week of HR onsite. If you plan on attending HR this is a MUST watch. If you’ve taken part in Fulcrum you’ll recognize the material but its worth redoing if for no other reason then being taught by MP. He has a great way of explaining things. Also…the course is FREE.
Podcast:
Risky Biz - Far and away the best security podcast out there. Hosted by Australian Patrick Gray, Risky Business is not only informative but really funny. It is a weekly pod that touches on the most up to date news and events as well as takes deep dives into topics that a relevant to todays info sec professional. If you only listen to one thing, this should without question be it.
Software Engineering Daily - This one if for all of the developers. The best pod out when it comes to software engineering. Jeff, the podcasts host, is an absolute beast. He does one of these super in depth hour long podcast EVERYDAY! Thats right, every DAY. There is no fluff either, it is all deep dives into every corner of the software world. I would highly suggest this for all my hackers as well, its a great way to keep up with whats new.
_Jason