書籍推薦(Books)

網絡攻防(Network Attack and Defence)

• 網絡攻防與技術實踐

• 網站入侵與腳本攻防修練

• 黑帽百科

• Hacking Exposed： Network Security Secrets & Solutions

• Web Hacking 101
   

• 下面的是未收錄資源

• Web 2.0 駭客技術揭密

• 網絡竟然這麼危險

• 黑客攻防技術寶典：Web實戰篇

• 白帽子講瀏覽器安全

• 白帽子講Web安全

• Web前端黑客技術揭秘

• Web應用安全權威指南

• HTTP權威指南

• 前端黑客

• SQL注入攻擊與防禦

• XSS跨站腳步攻擊剖析與防禦

• TCP/IP Illustrated, Volume 1: The Protocols (2nd Edition)

• TCP/IP Illustrated: The Implementation, Volume. 2

• TCP/IP Illustrated: v. 3: TCP for Transactions, HTTP, NNTP and the Unix Domain Protocols 

• 堆棧攻擊：八層網絡安全防禦

• 圖解TCP/IP

• 計算機網絡 by Andrew S.Tanenbaum

• TCP/IP協議詳解

• The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011

• The Browser Hackers Handbook by Wade Alcorn and others, 2014

• Nmap Network Scanning by Gordon Fyodor Lyon, 2009

• Practical Packet Analysis by Chris Sanders, 2011

• Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012

• 互聯網企業安全高級指南

• Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation

• Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats
   

逆向工程(Reverseve Engineering)

• 加密與解密(第三版)

• Reversing: Secrets of Reverse Engineering

• 逆向工程核心原理

• 琢石成器:Windows環境下32位匯編語言程序設計

• IDA Pro 權威指南

• 駭客的修練：使用IDA Pro進行底層分析(第二版)

• 0 Day 安全軟件漏洞分析技術(第二版)

• Windows PE權威指南

• Advanced Apple Debugging & Reverse Engineering: Exploring Apple code through LLDB, Python and DTrace

• リバースエンジニアリングバイブル ~コード再創造の美学~ 単行本

• アナライジング・マルウェア ―フリーツールを使った感染事案対処 (Art Of Reversing)

• リバースエンジニアリング ―Pythonによるバイナリ解析技法 (Art Of Reversing)

• デバッガによるx86プログラム解析入門【x64対応版】

• The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler (Released 7/2014 - ISBN 1593272898)

• Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation (Released 2/2014 - ISBN1118787315)

​

滲透測試(Penetration Testing)

• Hacking：The Art of Exploitation

• 黑客攻防技術寶典：系統實戰篇

• 黑客秘笈 渗透測試實用指南

• The Art of Software Security Assessment

• ​​The hacker Playground book 2

• Kali滲透測試技術實戰

• Owasp Testing Guide v4

• The Art of Exploitation by Jon Erickson, 2008

• Metasploit: The Penetration Tester’s Guide by David Kennedy and others, 2011

• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014

• Rtfm: Red Team Field Manual by Ben Clark, 2014

• The Hacker Playbook by Peter Kim, 2014

• The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013

• Professional Penetration Testing by Thomas Wilhelm, 2013

• Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012

• Violent Python by TJ O’Connor, 2012

• Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini, 2007

• The Shellcoders Handbook by Chris Anley and others, 2007

• iOS Hackers Handbook by Charlie Miller and others, 2012

• Kali Linux Web 渗透測試秘籍

• Nmap Network Scanning: The Official Project Guide to Network Discovery and Security Scanning (Released 1/2009 - ISBN0979958717)

• Hacking Exposed 7: Network Security Secrets and Solutions (Released 8/2012 - ISBN 0071780289)

• Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition (Released 1/2015 - ISBN 0071832386)

• The Browser Hacker's Handbook (Released 3/2014 - ISBN 1118662091)
   

漏洞挖掘(Vulnerability Discover)

• 揭秘家庭路由器0day漏洞挖掘技術

• 黑客：漏洞發掘的技術

• 代碼審計：企業級Web代碼安全結構

• 漏洞盒子手册 by nmask
   

密碼學(Cryptography)

• Applied Cryptography

• Practical Cryptography

• Serious Cryptography: A Practical Introduction to Modern Encryption

​

數碼鑑證學(Digital Forensic)

• Practical Malware Analysis: The Hands-OnGuide to Dissecting Malicious Software

• 惡意代碼分析實戰

• The Art of Memory Forensics by Michael Hale Ligh and others, 2014

• 勒索病毒程式設計：揭秘你所不知道的勒索病毒

• 網路鑑證學習手冊：封包分析x日誌調查x惡意程式檢測

• デジタル・フォレンジック概論～フォレンジックの基礎と活用ガイド～ 単行本

• 讓網路上的每個封包都無所遁形：精用Wireshark--第二版

• http://www.porcupine.org/forensics/forensic-discovery/

• Data-Driven Security: Analysis, Visualization and Dashboards (Released 3/2014 - ASIN B00MXHAU8A)

• Network Security Through Data Analysis: Building Situational Awareness (Released 2/2014 - ISBN 1449357903)

• The Practice of Network Security Monitoring (Released 8/2013 - ISBN 1593275099)

• Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems (Released 7/2011 - ISBN 1593272669)

• Applied Network Security Monitoring: Collection, Detection, and Analysis (Released 12/2013 - ISBN 0124172083)

• Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan (Released 5/2015 - ISBN1491949406)

• Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks (Released 4/2005 - ISBN 1593270461)

• The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk (Released 8/2012 - ISBN 007179039X)

• Security Operations Center: Building, Operating, and Maintaining your SOC (Released 11/2015 - ISBN 0134052013)

• Network Forensics: Tracking Hackers through Cyberspace (Released 6/2012 - ISBN B008CG8CYU)

• Wireshark 101: Essential Skills for Network Analysis (Released 2/2013 - ISBN 1893939723)

• Real Digital Forensics: Computer Security and Incident Response (Released 10/2005 - ISBN 0321240693)

• Forensic Discovery (Released 1/2005 - ISBN 0321703251)

• Windows Forensic Analysis Toolkit, 4th Edition (Released 4/2014 - ISBN 0124171575)

• The Art of Memory Forensics (Released 7/2014 - ISBN 1118825098)

• File System Forensic Analysis (Released 3/2005 - ISBN 0321268172)

• Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code (Released 11/2010 - ISBN0470613033)

電話鑑證學(Mobile Forensic and Security)

• 淺入淺出Android 安全

• Android Hackers Handbook by Joshua J. Drake and others, 2014

• Android Security Internals: An In-Depth Guide to Android's Security Architecture (Released 11/2014 - ISBN 1593275811)

• iOS Hacker's Handbook (Released 5/2012 - ISBN 1118204123)

• Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It (Released 1/2012 - ISBN1449318746)

Linux

• 鳥哥的Linux私房菜

• Linux Shell腳本攻略

• UNIX編程藝術

• Linux操作系統之奧秘

• Unix/Linux編程實踐教程

• UNIX環境高級編程

• Linux內核設計的藝術

• Linux內核設計與實現

• Linux Insides
   

軟件設計Software Design

• Software Design 中文版 01

• Software Design 中文版 02

• Software Design 中文版 03

• 模糊測試

• 程序員的自我修養 by Leo Hui

操作系統攻擊Operating System Attack

• 自己動手寫操作系統

• 操作系統：精髓與設計原理

• Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu

• MacOS and iOS Internals, Volume III: Security & Insecurity

• MacOS and iOS Internals, Volume I: User Mode

​​

工具手冊 Tools Guide/Manual

• Brupsuite手冊

• sqlmap用户手册

• Falcon使用手冊

• A Byte to Vim

編程Programming

• PHP基礎教程 - PHP大神推薦，PHP入門經典。

• PHP與MySQL權威指南 - 主要推薦其中的MYSQL部分，如果對數據庫不熟悉，可能會影響到後面SQL注入的學習。

• Javascript權威指南 - XSS的基礎，如果JS不熟練的話，可能XSS攻擊也不會很熟練。學習JS有助於後續的XSS攻擊的學習。

• Javascript DOM編程藝術

• Python基礎教程 - 寫腳本必備的編程語言，在日站的時候有奇效。

• 數據結構 - 數據結構啊，對逆向幫助很大的，以後也是專業必修課。

• 瘋狂JAVA講義  - 個人感覺是JAVA入門的比較好的書，而且比較新。

• 瘋狂Android講義 - 相比下面的第一行代碼，更推薦下面的這本android入門

• 第一行代碼 - 這本書作為android開發入門很合適，淺顯易懂。

• Android C++高級編程 - 使用NDK - 應該算為數不多的講解NDK開發的書籍，也是android開發必備吧。

• Android驅動開發權威指南 - Android驅動開發，大神推薦。不過我沒看過。

• Android軟件安全與逆向分析 - 想做Android安全的小伙子們可以看一看

• 深入理解Android - 深入理解Android，對Android系統分析的很透徹，做開發建議讀一讀，可以對app的理解更進一步的加深。

• Windows程序設計 - windows開發入門必看，沒有為甚麼。

• Windows核心編程 - 入門之後，向着更深的層次去進發吧。

• 寒江獨釣 - 到了這裏，繼續向windows的底層去衝擊吧！驅動開發必備。

• C和指針

• 寫程式前就該懂的演算法：資料分析與程式設計人員必學的邏輯思考術

• Grokking Algorithms An illustrated guide for programmers and other curious people

• 自作エミュレータで学ぶx86アーキテクチャ-コンピュータが動く仕組みを徹底理解!

網絡 Networking

• 思科網絡技術學院教程CCNA Exploration:網絡基礎知識

• 思科網絡技術學院教程CCNA Exploration:路由協議和概念

• wireshark數據包分析實戰

社會工程學 Social Engineering

• The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002

• The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005

• Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011

• No Tech Hacking by Johnny Long, Jack Wiles, 2008

• Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010

• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014