Top Hacking Books for 2024 (plus Resources): FREE and Paid

Get Proton Mail for FREE: davidbombal.wiki/protonmail2
Big thanks to Proton for Sponsoring the video!
This is an amazing collection of books and resources - both free and paid. Big thanks to Jason Haddix for sharing his knowledge to help us learn in 2024!
// Books and Resources //
Web application hacker's handbook: amzn.to/48sUNYb
Web security academy, Port Swigger: portswigger.net/web-security
OWASP Web Security Testing Guide: owasp.org/www-project-web-security-testing-guide/
Web Security Testing Guide Ellie Saad and Rick Mitchell v4.2: owasp.org/www-project-web-security-testing-guide/v42/
Real world bug hunting: amzn.to/3TK1mSd
Bug Bounty Bootcamp: amzn.to/41DW38B
Red Team Field Manual: amzn.to/48ul0pl
Red Team Development and Operations: A practical guide: amzn.to/3vez1Jl
Operator Handbook: Red Team + OSINT + Blue Team Reference: amzn.to/3vemAgC
Tribe of Hackers Red Team: amzn.to/47ef8zv
The Pentester Blueprint: amzn.to/3tvA8E6
OSINT Techniques: Resources for uncovering online information: amzn.to/3S6xw9j
Evading EDR: amzn.to/3toESeL
Attacking Network Protocols: amzn.to/3TEFvv7
Black Hat GraphQL: amzn.to/47gHl8C
Hacking API’s: amzn.to/3TzS0Z5
APISEC University: www.apisecuniversity.com/
Black Hat Go: amzn.to/3RXV13W
Black Hat Python: amzn.to/3NHFnHo
Black Hat Bash: nostarch.com/black-hat-bash
Zseano’s methodology: www.bugbountyhunter.com/methodology/zseanos-methodology.pdf
Breaking into information security: amzn.to/3TI4n5h
Expanding your security horizons: amzn.to/3GU07Iq
Wiki Book Pentest living document: github.com/nixawk/pentest-wiki/blob/master/Books/README.md
HackTRICKS: book.hacktricks.xyz/welcome/readme
Fuzzing lists: github.com/secfigo/Awesome-Fuzzing
Sec Lists: github.com/danielmiessler/SecLists
Payloads all the things: github.com/swisskyrepo/PayloadsAllTheThings
Pentester Lab: pentesterlab.com/
Try Hack Me: Red Team Fundamentals: tryhackme.com/module/red-team-fundamentals
HTB Academy: academy.hackthebox.com/
Hacktivity: hackerone.com/hacktivity/overview
Vulnerable U: vulnu.mattjay.com/
Grzegorz Niedziela: members.bugbountyexplained.com/premium/
Or th-cam.com/users/BugBountyReportsExplained
Sharing what matters in security: securib.ee/newsletter/
Intigriti: www.intigriti.com/
tl;dr sec: tldrsec.com/
Unsupervised learning: danielmiessler.com/subscribe
Pentest Book: pentestbook.six2dez.com/
Bugcrowd: bugcrowd.com/crowdstream
Trickest: trickest.com/
// Jason Haddix SOCIAL //
TH-cam: th-cam.com/users/jhaddix
LinkedIn: www.linkedin.com/in/jhaddix
Twitter: twitter.com/Jhaddix
Github: github.com/jhaddix
Boddobot: buddobot.com/
The Bug Hunters Methodology Live: tbhmlive.com/56
// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
X / Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
TH-cam: www.youtube.com/@davidbombal
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 - Introduction
04:11 - The Web Application Hacker's Handbook
07:16 - PortSwigger Web Security Academy
08:57 - OWASP Testing Guide
12:18 - Real-World Bug Hunting
13:35 - Bug Bounty Bootcamp
14:25 - Red Team Field Manual
16:09 - Red Team Development and Operations
17:24 - Operator Handbook
18:15 - Tribe of Hackers: Red Team
19:14 - The Pentester Blueprint
20:10 - OSINT Techniques
21:32 - Evading EDR
22:28 - Black Hat GraphQL
24:00 - Hacking APIs
26:17 - Black Hat Go
26:39 - Black Hat Python
27:41 - Black Hat Bash
29:04 - zseano's methodology
30:59 - Breaking Into Information Security
32:22 - Jason's Pentester Story
34:32 - Pentest Book
35:36 - HackTricks
36:48 - SecLists
37:23 - SecLists Origin Story
40:27 - Payload All The Things
41:43 - Unsupervised Learning
42:27 - tl;dr sec
43:21 - Bug Bytes Newsletter
44:10 - InsiderPhD
44:21 - High Five Newsletter
44:37 - Grzegorz Niedziela
45:26 - Vulnerable U
47:24 - Hacktivity
50:23 - HTB Academy & Try Hack Me
51:44 - PentesterLab
52:30 - The Bug Hunters Methodology Live
56:01 - Where to Start
58:11 - Attacking Network Protocols
hacking books
hack
hacker
hacking
python
python hacking
black hat python
gray hat hacking
linux
linux for hackers
bug bounty
nsa
nsa hacker
nsa hacking
ethical hacking
ceh
oscp
ine
try hack me
hack the box
hacking
ethical hacker
oscp certification
ctf for beginners
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

David bombal is the best channel I found in 2023 ❤

0:33 so sorry to occupy the web but this man is by far my favorite guest of David's! Just listen to this man talk, he actually goes so far in depth in subjects I've been searching for over a decade for and tells me precisely what I need to find them what I need to succeed them when I need to become a civil engineer and my worth work ethic literally knows no bounds when it comes anything I want to learn and become an absolute savant so I have no problem
I just like to say thank you so much for both of you gentlemen sharing your knowledge

Thank you David for the effort you put into these videos just for us and our benefit. It means the world to us.😊😊❤❤❤

David, thanks much for the help and amazing content you provide. Greatly appreciated. 🙂

Thanks

Undoubtedly one of the finest interviews and resources, well done as always!

Thanks.just downloaded web application hand book .will go through it .

I’m glad he mentioned the one guy who hated career pentesting, so many people think working in cyber means not working with people and I keep explaining 1. We are a support function 2 . If you want to “make the money” and have manageable hours you are going to pivot into more non technical roles , but yes you still need the knowledge and experience … the money is actually working with people

I appreciate what you do for your subscribers Sir.🙂🤞👍

I just watched your 2023 video on the same topic and now I am watching this one for 2024. I am more impressed with this one, somehow I have more confidence in this guest to point me in the right direction. Thank you. Love your channel.

David and Jason, you are both legends. Thank you so much for this informative & amazing show

Who needs cable tv when you can get content like this? Thanks a lot Dave, keep up the great work.

This is a goldmine, thanks a lot, David!

love your word David, proud South African here

Have a great year ahead sir 👏🏾🎊 got so much information

Thank you both for this wonderful information, I really enjoyed this

Good to learn something new everyday through your shots❤

👏 👏👏👏👏 your videos are right on the money David thank you

Thank you so much for Jason and David, this is absolutely a very fruitful videos for us.
Your fan from Malaysia

best video i ever saw got me updated on so much even after 10 months love the work david

Great list of resources. Thanks David!

I am a complete newbie in this space. Thank you David. I have some catching up to do.

Jason did an amazing video w microsoft. Very helpful.

Great video! Thank you for all the info!

THANKS A LOT FOR THIS, I'M STARTING MY JOURNEY FROM THIS YEAR

Thanks for another informative video, David. The RTFM sounds interesting, I'm going to have to give it a read.

The best channel I would recommend for anyone getting into security, love your work. keep up the good work! ❤

So much good content. Thanks David.

Two amazing people talking about hacking!!! Once someone told me try to learn from the best, so here i am , learning from the best people!!! Thank you both!!!

David, your channel is a treasure I'm so glad I've come across

Loving the content so far David! I'd love it if yourself or even with Occupy With the Web if you could look into and explore Responder attacks. Again thanks for the content👍

🙏Thank you, David and Jason. Very helpful.

David Bombalbee hit the nail again. This is the video I was waiting for. Thank you.

Love from India ❤️🇮🇳

Wow, one of the best video I watched! Thanks

Great stuff as always❤❤

David is single handedly responsible to education of tens if not hundreds of thousands of people

Learning a lot from you, Mr Bombal 🙏.

WOW, this video is amazing. We appreciate you guys, Steve and Jason.

Thank you David for all you do sir for the community!

I would recommend "Bob and Alice Learn Application Security" too.

Thank you, David and Jason!

Hi David this is so awesome work thank's

David you are just so phenomenal. Your channel has taught me about hacking and cybersecurity in general more than any other. Thank you for everything you do.

Hey David,I was just wondering if you would be able to bring us Chris Hadnagy on the show ,I would simply LOVE to see you colab with him and talk about social engineering a little bit ,I always feel like it's always talked about least and yet I personally feel like SE is the most important thing in Red teaming/pentesting,I'd love to see you interview him and share some insight on SE in the future !
As always great content ,I just can't miss a video ,thank you !

I gotta lot of reading to do!

You're mindset is superior and inspiration, thank you 😐😌

Thanks a lot David. I'm 15 and I have been into tech, programming and hacking since I was 12. Your videos have helped me with my learning so thank you for helping the community with your content.

I love the ground up approach you're taking for 2024 considering the constantly changing climate of this field. Appreciate all your efforts. p.s. Glad to see those suppressed networker yawns at a hacker making the edit :D

Amazing information, thank you!

thanks for sharing the resource

Hei David i am from India(kerala you should come visit here great place 😄), i love your videos they are perfect . I am gonna attend the C EH in a few days i am preparing for it. Thanks again for providing us such quality content. You can't even imagine how much I respect you. Thank you sir❤... thanks for your efforts.🙂

Hello David, love you man❤
I am a new learner. at this time this video is very important for me. maybe it can change my life.

I thank you Professor David ❤. Love to learn.#David . I so appreciate you and your mission to educate others and help people grow l thank you.

Absolutely loved the video🤩🤩🤩! The content was amazing. Could you please tell me the name of the product mentioned at 49:28 ? Thanks!

Hope We Would Have an Interview With Michael Bazzell on the Channel Soon , Thanks David for the efforts on the channel

no idea when to read the WSTG - but a useful information source indeed. thx!

Great video guys. Wish I found it earlier before it was too late for me.

Great and Worth watching podcast

awesome and great content .. bravo

I really appreciate what you do 😊. If I may ask 🙏. Can you please do some videos for digital forensics 🙂😊 please 🥺

"Real World Bug Hunting " by Peter Yaworski is really good i've read it -- thanks for the other resources

Jason's mind is a treasure trove!

once again thank you ❤

David, I feel like rate limiting you with this amount of content lol .. amazing work! p.s love Jason..what an outstanding guest! Final thought: THM has the worst customer service I've ever come across. HTB is a million times better.

Super helpful video.. We have a lot to do

My question is what pre-requisites or how much code or computer knowledge is necessary to even start to embark on this journey and work thru these resources?

Fantastic video!!! Free resource is the heaven for my bugget! It would be great if you could also create a video on how hacking victims should respond! Thank you Jason and David!!!

Very excited about Black Hat Bash book!

GREAT INFORMATION!🧠👀👂😃👍

DAVID! Has anyone told you that you are the freakin man?! Cause you are the freakin man!!!

I appreciate you ❤
Thanks so much ❤
To start all this project as I 2 laptop and server are needed

Great resources here!

Thank you very helpfull

Thank you,David

another amazing video from bombal and friends.

Keep going ur a legend David

Amazing Video ❤

Thank you for the various books as the hour was beneficial.
Any chance that you can get someone from a Blue Team books Practioner as already downloaded and noted the books to purchase as started on the Andy Gill book, but if you could get a list of blue defence books would be much appreciated as thank you both as well worth listening to and getting the books.

This list is for total beginners?

Hey should i give a shot on ccna exam in 2024 or should i wait until the new version comes out

Using the Web App book, how do you practice the content for out of date material?

thanks david for sharing to us useful content will you please recommend me the best place to learn python programming with realword projects for free for me i dont like books i like tutorials

Thanks for the shout @jhaddix! Appreciate you. +1 to all the resources Jason mentioned as well.

Very good bombal sir! But, what about you? What do you think is best in terms of you?

I would love to learn how to do this from you

What is the best book for defense and SOC?

There is no link to Gwendal's sick dot tools!!!

⚙️⚙️

My question David, To what extent can we trust end-to-end products?

hello sir, i want to make a career in clod computing specifically as solutions architect role do i need to have a networking knowledge to become solutions architect associate if yes the which networking certification should i go for and on which topics i should focus more??

Great stuff again

Hi David I want to be hacker how long does it take from me to be able doing hacking operations

hey david can you make a video on ccna 2024

EC concile ceh book is really good.

TO learn CS or hacking do i have to understand API ,stuff which is taught in Computer science

Thanks for your work sir 👍

Ohh this guy is a legend

Im wondering you havent mentioned "Hack the planet" books