Resource Directory

This appendix is a curated directory of resources for learning, practicing, and staying current in ethical hacking and penetration testing. Resources are organized by category and include brief descriptions to help you choose the right ones for your current skill level.

All URLs and details were accurate at time of publication. The security landscape evolves rapidly — verify availability and pricing before committing time or money.

Online Practice Platforms

HackTheBox (HTB)

• URL: https://www.hackthebox.com
• Cost: Free tier available; VIP from ~$14/month
• Description: The most popular platform for practicing real-world penetration testing skills. Offers active and retired machines ranging from easy to insane difficulty. The "Starting Point" track is ideal for beginners. Pro Labs simulate enterprise environments.
• Best for: Chapters 10-17 (network/system exploitation), Chapters 18-23 (web exploitation)
• Skill level: Beginner to advanced

TryHackMe (THM)

• URL: https://tryhackme.com
• Cost: Free tier available; Premium from ~$14/month
• Description: More beginner-friendly than HTB, with guided learning paths that include instructions alongside challenges. Paths include "Pre-Security," "Jr Penetration Tester," "Offensive Pentesting," and "Red Teaming." Built-in browser-based attack machines (no local VM required for many rooms).
• Best for: Chapters 1-6 (foundations), beginners building first skills
• Skill level: Complete beginner to intermediate

PortSwigger Web Security Academy

• URL: https://portswigger.net/web-security
• Cost: Completely free
• Description: The definitive resource for learning web application security. Created by the makers of Burp Suite, it covers every major web vulnerability class with interactive labs. Topics include SQL injection, XSS, SSRF, access control, and more. The labs are real web applications you exploit in your browser.
• Best for: Chapters 18-23 (web application exploitation)
• Skill level: Beginner to advanced

PentesterLab

• URL: https://pentesterlab.com
• Cost: Free exercises available; Pro from ~$20/month
• Description: Structured exercises progressing from basic to advanced web and system exploitation. Exercises come with detailed write-ups after completion. Particularly strong on web application security, code review, and exploitation development.
• Best for: Chapters 19-22 (injection, XSS, server-side attacks)
• Skill level: Beginner to advanced

VulnHub

• URL: https://www.vulnhub.com
• Cost: Completely free
• Description: A repository of downloadable vulnerable virtual machines. Each VM is a self-contained challenge designed to be exploited. Download, import into VirtualBox/VMware, and attack. Community write-ups available for most machines.
• Best for: Lab practice (Chapter 3), Linux/Windows exploitation (Chapters 15-16)
• Skill level: Beginner to advanced

SANS Cyber Ranges

• URL: https://www.sans.org/cyber-ranges/
• Cost: Included with SANS course enrollment; some free community events (Holiday Hack Challenge)
• Description: Enterprise-grade lab environments for practicing network defense, penetration testing, and incident response. NetWars tournaments run at SANS conferences. The Holiday Hack Challenge (free, annual) is an excellent entry point.
• Best for: Chapters 35-37 (red team, incident response)
• Skill level: Intermediate to advanced

CTFtime

• URL: https://ctftime.org
• Cost: Free (CTF competitions are generally free to enter)
• Description: The central hub for Capture the Flag competitions worldwide. Lists upcoming CTFs, rankings, team registrations, and write-ups of past challenges. CTFs are the best way to develop rapid problem-solving skills and learn new techniques.
• Best for: All chapters — CTFs cover every domain
• Skill level: All levels (many CTFs have beginner-friendly categories)

Offensive Security Proving Grounds

• URL: https://www.offsec.com/labs/
• Cost: ~$19/month (Practice); ~$89/month (Play)
• Description: From the creators of OSCP. Machines closely mirror the OSCP exam environment. "Practice" tier includes community-created machines; "Play" includes Offensive Security-curated machines with official write-ups.
• Best for: OSCP preparation, Chapters 12-17
• Skill level: Intermediate

Damn Vulnerable Web Application (DVWA)

• URL: https://github.com/digininja/DVWA
• Cost: Free (self-hosted)
• Description: A deliberately vulnerable PHP/MySQL web application with adjustable security levels (Low, Medium, High, Impossible). Covers SQL injection, XSS, CSRF, file inclusion, file upload, command injection, and more.
• Best for: Chapter 3 (lab setup), Chapters 18-22 (web attacks)
• Skill level: Beginner to intermediate

OWASP Juice Shop

• URL: https://owasp.org/www-project-juice-shop/
• Cost: Free (self-hosted or cloud)
• Description: A modern, intentionally vulnerable web application built with Node.js, Express, and Angular. Includes a scoreboard that tracks discovered vulnerabilities. Covers the OWASP Top 10 and many more vulnerability classes. Available as a Docker image.
• Best for: Chapters 18-23 (web application security)
• Skill level: Beginner to advanced

Certifications

Entry Level

CompTIA Security+ (SY0-701) - Vendor: CompTIA - Cost: ~$404 exam fee - Format: 90 questions, 90 minutes, multiple choice + performance-based - Prerequisites: None (CompTIA recommends Network+ and 2 years IT experience) - Study time: 2-4 months - Value: The baseline certification for cybersecurity. Required for many DoD positions (DoD 8570 compliance). Good first step, but insufficient alone for penetration testing roles.

eLearnSecurity Junior Penetration Tester (eJPT) - Vendor: INE Security (formerly eLearnSecurity) - Cost: ~$249 (exam + training bundle varies) - Format: Practical exam (48 hours), 35 questions based on a live pentest environment - Prerequisites: None - Study time: 1-3 months - Value: Excellent first practical certification. Tests real hands-on skills in a lab environment. Much more affordable than OSCP as a starting point.

Certified Ethical Hacker (CEH) - Vendor: EC-Council - Cost: ~$1,199 exam fee (training packages $2,000-$3,500) - Format: 125 multiple-choice questions, 4 hours (also has a practical exam option) - Prerequisites: 2 years infosec experience or EC-Council training - Study time: 2-4 months - Value: Widely recognized, especially by HR departments and government agencies. Criticized by practitioners for being overly theoretical. The CEH Practical exam adds hands-on credibility.

Intermediate

Offensive Security Certified Professional (OSCP / PEN-200) - Vendor: Offensive Security - Cost: ~$1,749 (90 days lab access + exam; packages up to ~$2,749) - Format: 24-hour practical exam — exploit machines and write a professional report - Prerequisites: None officially; strong Linux, networking, and scripting skills required - Study time: 3-6 months (most people) - Value: The gold standard for penetration testing certifications. Respected by every employer in the industry. The "Try Harder" mentality teaches self-reliance. Exam is demanding and has a significant failure rate.

Practical Network Penetration Tester (PNPT) - Vendor: TCM Security - Cost: ~$399 (exam only; training courses ~$30 each or subscription) - Format: 5-day practical exam — full external-to-internal pentest + report - Prerequisites: None - Study time: 2-4 months - Value: Increasingly respected. Tests the complete penetration testing lifecycle including OSINT, Active Directory attacks, and report writing. More affordable than OSCP. Excellent value.

GIAC Penetration Tester (GPEN) - Vendor: GIAC / SANS - Cost: ~$979 exam only; ~$8,525 with SANS SEC560 course - Format: 82 questions (with CyberLive hands-on questions), 3 hours - Prerequisites: None (SANS SEC560 recommended) - Study time: 2-4 months (longer without the course) - Value: Highly respected, especially in large enterprises and government. The SANS course material is excellent. Expensive, but many employers will sponsor.

GIAC Web Application Penetration Tester (GWAPT) - Vendor: GIAC / SANS - Cost: ~$979 exam only; ~$8,525 with SANS SEC542 course - Format: 75 questions, 2 hours - Prerequisites: None (SANS SEC542 recommended) - Study time: 2-4 months - Value: The top web application penetration testing certification. Complements GPEN well for web-focused testers.

CompTIA PenTest+ (PT0-002) - Vendor: CompTIA - Cost: ~$404 exam fee - Format: 85 questions, 165 minutes, multiple choice + performance-based - Prerequisites: Network+, Security+, or equivalent experience - Study time: 2-3 months - Value: Acceptable entry-level pentest certification. Covers planning/scoping, information gathering, attacks, reporting. Less respected than OSCP/PNPT but DoD 8570 approved.

Advanced

Offensive Security Experienced Penetration Tester (OSEP / PEN-300) - Vendor: Offensive Security - Cost: ~$1,749+ - Format: 48-hour practical exam - Prerequisites: OSCP recommended - Study time: 3-6 months - Value: Focuses on advanced evasion, custom exploit development, and Active Directory attacks. A significant step up from OSCP.

Offensive Security Exploit Developer (OSED / EXP-301) - Vendor: Offensive Security - Cost: ~$1,749+ - Format: 48-hour practical exam - Prerequisites: Strong assembly/debugging skills - Study time: 4-6 months - Value: Windows exploit development: buffer overflows, ROP chains, SEH exploitation, format strings. For those pursuing exploit development careers.

Offensive Security Web Expert (OSWE / WEB-300) - Vendor: Offensive Security - Cost: ~$1,749+ - Format: 48-hour practical exam - Prerequisites: OSCP recommended; strong web development knowledge - Study time: 3-6 months - Value: White-box web application security testing through source code review. Targets advanced web app security roles.

GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) - Vendor: GIAC / SANS - Cost: ~$979 exam; ~$8,525 with SANS SEC660 - Format: 60 questions, 3 hours - Prerequisites: GPEN or equivalent experience - Study time: 3-6 months - Value: Advanced network penetration testing, exploitation, and fuzzing. One of the most respected advanced certifications.

CREST Registered Penetration Tester (CRT) - Vendor: CREST International - Cost: Varies by country (typically $500-$1,500) - Format: Practical exam (infrastructure or application) - Prerequisites: None officially; significant experience required - Study time: 3-6 months of focused preparation - Value: Highly valued in the UK, Australia, and APAC. Required for testing against certain regulated environments (UK financial services, government). CREST CCT (Certified) is the advanced tier.

Specialized

AWS Certified Security – Specialty - Focus: Cloud security on AWS; relevant to Chapter 29 - Best for: Cloud penetration testers and security architects

Certified Cloud Security Professional (CCSP) - Focus: Broad cloud security; relevant to Chapter 29 - Best for: Multi-cloud security professionals

Certified Information Systems Security Professional (CISSP) - Focus: Security management and architecture (broad, not technical) - Best for: Senior roles, management track, Chapter 40 (governance)

GIAC Certified Incident Handler (GCIH) - Focus: Incident handling and response; relevant to Chapter 37 - Best for: Those bridging pentest and incident response

GIAC Certified Forensic Analyst (GCFA) - Focus: Digital forensics and malware analysis; relevant to Chapter 37 - Best for: Forensics specialists and incident response leads

Conferences

DEF CON

• Location: Las Vegas, NV (August annually)
• Cost: ~$440 (cash only at the door)
• Description: The world's largest hacker conference. Villages cover every specialty — wireless, IoT, lock picking, social engineering, car hacking, AI. Talks range from beginner-friendly to cutting-edge research. The culture is welcoming but intense.
• Best for: Networking, learning new attack techniques, CTF competitions

Black Hat USA

• Location: Las Vegas, NV (August, same week as DEF CON)
• Cost: ~$2,995 briefings; $4,500+ with trainings
• Description: The more corporate counterpart to DEF CON. Features cutting-edge security research presentations and hands-on trainings. The Arsenal section showcases new tools. More expensive and formal than DEF CON.
• Best for: Professional development, tool demonstrations, enterprise security

BSides (Various Cities)

• Location: Global — over 100 cities worldwide
• Cost: Free to ~$50 (most are very affordable)
• Description: Community-organized, grassroots security conferences. Every major city has a BSides event. Talks are high quality, the atmosphere is welcoming, and they are the best place to break into the security community. Volunteer to get free access and meet people.
• Best for: Beginners networking, local community building

Wild West Hackin' Fest

• Location: Deadwood, SD (October) and San Diego, CA (March)
• Cost: ~$300-$500
• Description: Organized by SANS/John Strand. Combines conference talks with hands-on workshops and labs. More approachable than Black Hat, more structured than BSides. Strong focus on practical skills.
• Best for: Intermediate practitioners, active defense, purple teaming

GrrCon

• Location: Grand Rapids, MI (October)
• Cost: ~$200-$350
• Description: Mid-size conference with excellent talks and an inclusive community. Known for welcoming newcomers and having accessible content. CTFs and workshops available.
• Best for: Midwest-based practitioners, newcomers to conferences

ShmooCon

• Location: Washington, DC (January)
• Cost: ~$150
• Description: East Coast community conference with strong government and research representation. Tickets sell out extremely fast. Smaller, intimate atmosphere.
• Best for: East Coast networking, government/defense sector

OWASP Global AppSec

• Location: Rotates globally
• Cost: ~$500-$1,000
• Description: The premier web application security conference. Organized by the OWASP Foundation. Focuses exclusively on application security topics — research, tools, and methodology.
• Best for: Chapters 18-23 (web application security)

Podcasts

Darknet Diaries

• Host: Jack Rhysider
• Frequency: Bi-weekly
• Description: True stories from the dark side of the internet. Covers real hacking incidents, social engineering operations, and cybercrime investigations. Production quality is excellent. Arguably the most popular cybersecurity podcast.
• Best for: Understanding real-world hacking scenarios, motivation, all experience levels

Risky Business

• Host: Patrick Gray
• Frequency: Weekly
• Description: Cybersecurity news and analysis with industry expert guests. Australian-based but globally focused. The "sponsored segment" deep dives are often more valuable than the news segments.
• Best for: Staying current on the threat landscape, intermediate to advanced

Security Now

• Host: Steve Gibson (with Leo Laporte)
• Frequency: Weekly
• Description: Deep technical dives into security topics, vulnerability analysis, and protocol explanations. Has been running since 2005, with a massive archive of episodes. Steve Gibson explains complex topics clearly.
• Best for: Networking and protocol security (Chapter 6), cryptography (Chapter 28)

SANS Internet Storm Center (ISC) StormCast

• Host: Johannes Ullrich
• Frequency: Daily (~5 minutes)
• Description: A brief daily summary of the latest security threats and vulnerabilities. Five minutes a day keeps you current. Efficient way to stay informed.
• Best for: Daily threat awareness, all levels

Smashing Security

• Hosts: Graham Cluley and Carole Theriault
• Frequency: Weekly
• Description: Cybersecurity news with personality and humor. Covers notable breaches, scams, and privacy issues in an accessible style. Good for staying current without being overwhelmed.
• Best for: General security awareness, all levels

The CyberWire Daily

• Frequency: Daily
• Description: Daily cybersecurity news briefing covering threats, vulnerabilities, policy, and industry developments. Professional, concise, and well-researched.
• Best for: Industry awareness, career development

Hacking Humans

• Hosts: Dave Bittner and Joe Carrigan
• Frequency: Weekly
• Description: Focused on social engineering, phishing, and scams. Analyzes real social engineering attacks and discusses the psychology behind them.
• Best for: Chapters 9, 26 (social engineering)

YouTube Channels

IppSec

• Subscribers: 800K+
• Content: HackTheBox machine walkthroughs
• Description: The single best resource for learning HTB methodology. Each video methodically walks through a retired HTB machine, explaining every tool, technique, and decision. The level of detail and teaching quality is unmatched.
• Best for: HTB practice, real-world exploitation methodology, all technical chapters

John Hammond

• Subscribers: 1.5M+
• Content: CTF walkthroughs, malware analysis, hacking tutorials
• Description: Energetic and educational content covering CTF challenges, malware reverse engineering, and security tools. Excellent at explaining concepts while working through problems.
• Best for: CTF skills, malware analysis, beginner to intermediate

NetworkChuck

• Subscribers: 4M+
• Content: Networking, cybersecurity, cloud computing tutorials
• Description: High-energy, beginner-friendly content. Covers everything from setting up a home lab to getting security certifications. Great for motivation and foundational knowledge.
• Best for: Chapters 1-6 (foundations), complete beginners

The Cyber Mentor (TCM Security)

• Subscribers: 700K+
• Content: Penetration testing tutorials, course content, career advice
• Description: Heath Adams teaches practical penetration testing skills. His free content covers Active Directory attacks, privilege escalation, OSINT, and career guidance. The paid courses (TCM Security Academy) are affordable and thorough.
• Best for: Chapters 7-17 (recon through AD attacks), PNPT preparation

LiveOverflow

• Subscribers: 900K+
• Content: Binary exploitation, CTF challenges, browser security
• Description: In-depth technical content focused on binary exploitation, browser hacking, and CTF challenges. Does not simplify — expects the viewer to keep up. Excellent for those wanting to understand exploitation at a deep level.
• Best for: Advanced exploitation concepts, binary analysis, Chapters 27-28

STOK

• Subscribers: 300K+
• Content: Bug bounty hunting, web hacking, recon
• Description: Bug bounty methodology, recon techniques, and web vulnerability hunting. STOK shares real-world bug bounty approaches and tips for finding unique vulnerabilities.
• Best for: Chapter 36 (bug bounty hunting), web recon

David Bombal

• Subscribers: 2.5M+
• Content: Networking, ethical hacking, certification prep
• Description: Covers networking fundamentals, security tools, and certification preparation. Interviews with industry professionals provide career insights.
• Best for: Chapter 6 (networking), certification preparation

Nahamsec

• Subscribers: 300K+
• Content: Bug bounty hunting, web application security
• Description: Practical bug bounty content from a well-known bug bounty hunter. Focuses on recon methodology, web vulnerabilities, and the bug bounty workflow.
• Best for: Chapter 36 (bug bounty hunting), Chapters 18-23 (web attacks)

Blogs and News Sites

Krebs on Security

• URL: https://krebsonsecurity.com
• Author: Brian Krebs
• Description: Investigative journalism focused on cybercrime, data breaches, and the underground economy. Krebs consistently breaks major stories before mainstream media. Essential reading for understanding the threat landscape.

The Hacker News

• URL: https://thehackernews.com
• Description: Daily cybersecurity news covering vulnerabilities, breaches, tools, and industry developments. One of the most widely read security news sites. Good for staying current.

PortSwigger Daily Swig

• URL: https://portswigger.net/daily-swig
• Description: Web security news from the creators of Burp Suite. Focuses on web application security research, vulnerability disclosures, and security tool developments.

Bleeping Computer

• URL: https://www.bleepingcomputer.com
• Description: Covers malware, ransomware, data breaches, and security vulnerabilities. Known for timely reporting on active threats and ransomware campaigns. Also maintains a helpful forums community.

SANS Internet Storm Center

• URL: https://isc.sans.edu
• Description: Daily diary entries from SANS handlers covering emerging threats, vulnerability analysis, and tool reviews. The "diary" format provides quick, practical insights.

Google Project Zero Blog

• URL: https://googleprojectzero.blogspot.com
• Description: Technical write-ups of vulnerabilities discovered by Google's Project Zero team. Extremely deep technical analysis of zero-day vulnerabilities and exploitation techniques. Advanced reading.

Trail of Bits Blog

• URL: https://blog.trailofbits.com
• Description: Technical blog from a respected security research firm. Covers smart contract security, binary analysis, cryptography, and tool development. Advanced but well-written.

Specter Ops Blog

• URL: https://posts.specterops.io
• Description: Active Directory security, red teaming, and BloodHound research. Essential reading for anyone working in enterprise penetration testing and AD attacks.

Community Resources

Reddit

• r/netsec — Security news and research (technical, professional)
• r/AskNetsec — Questions about security careers and learning
• r/HowToHack — Beginner-friendly hacking questions
• r/oscp — OSCP preparation discussion and tips
• r/bugbounty — Bug bounty hunting discussion
• r/cybersecurity — General cybersecurity discussion

Discord Servers

• HackTheBox Official — Machine discussion, hints, study groups
• TryHackMe Official — Room help, community challenges
• TCM Security — PNPT study groups, career advice
• Nahamsec — Bug bounty community
• InfoSec Prep — Certification study groups

Local Community

• OWASP Chapters — Local chapters in most major cities; free meetings focused on application security. Find your chapter at https://owasp.org/chapters/
• BSides Events — Local security conferences in 100+ cities
• DC Groups (DEF CON Groups) — Local DEF CON-affiliated hacker groups. Find one near you at https://defcon.org/html/defcon-groups/dc-groups-index.html
• ISSA (Information Systems Security Association) — Professional association with local chapters
• Meetup.com — Search for "cybersecurity," "infosec," or "hacking" meetups in your area

Bug Bounty Platforms

HackerOne

• URL: https://www.hackerone.com
• Description: The largest bug bounty platform. Hosts programs for major companies including the U.S. Department of Defense, Google, Microsoft, and many others. Features a hacker reputation system, structured programs, and mediation for disputes.
• Best for: Beginners (many programs accept new researchers); Chapters 4, 36

Bugcrowd

• URL: https://www.bugcrowd.com
• Description: The second-largest platform. Includes both public and private programs. The Bugcrowd University provides free training. Programs span startups to Fortune 500 companies.
• Best for: Beginners transitioning to bounties; diverse program types

Intigriti

• URL: https://www.intigriti.com
• Description: European-based platform with a strong community. Hosts weekly XSS challenges that are excellent for skill development. Strong focus on web application vulnerabilities.
• Best for: European researchers, web vulnerability practice

YesWeHack

• URL: https://www.yeswehack.com
• Description: European platform with a focus on GDPR-compliant programs. Particularly strong in European government and enterprise programs. Offers a DOJO training platform.
• Best for: European programs, government bug bounties

Open Bug Bounty

• URL: https://www.openbugbounty.org
• Description: Platform focused on XSS and other non-intrusive vulnerabilities. Responsible disclosure platform where you report vulnerabilities found on any website (limited to non-intrusive findings). Good for building a track record.
• Best for: Complete beginners wanting to build reputation

Vulnerable Applications for Practice

Web Applications

• DVWA — Damn Vulnerable Web Application (PHP, multiple security levels)
• OWASP Juice Shop — Modern vulnerable app (Node.js, comprehensive)
• WebGoat — OWASP project with guided lessons (Java)
• bWAPP — Buggy Web Application with 100+ vulnerabilities
• HackTheBox Challenges — Web-focused challenges on HTB platform
• OWASP Mutillidae II — Vulnerable PHP application
• Pixi — Vulnerable API application for API security testing

Network and System

• Metasploitable 2 — Intentionally vulnerable Ubuntu Linux VM
• Metasploitable 3 — Windows and Ubuntu VMs with modern vulnerabilities
• VulnHub machines — Hundreds of downloadable VMs (see platform listing above)
• Kioptrix series — Classic beginner-friendly vulnerable VMs
• Mr. Robot VM — Themed vulnerable machine based on the TV show

Active Directory

• GOAD (Game of Active Directory) — Automated vulnerable AD lab deployment
• BadBlood — Populates an AD environment with vulnerable configurations
• DetectionLab — Pre-built Windows domain with logging and detection tools
• Vulnerable AD — Scripts to create a vulnerable AD environment

Cloud

• CloudGoat — Rhino Security Labs' "Vulnerable by Design" AWS environment
• Flaws.cloud — AWS-focused security challenges (free, browser-based)
• Flaws2.cloud — Sequel to Flaws.cloud, covering attacker and defender perspectives
• Thunder CTF — Google Cloud Platform security challenges
• AzureGoat — Vulnerable Azure environment

Mobile

• DIVA (Damn Insecure and Vulnerable App) — Android vulnerabilities
• InsecureBankv2 — Vulnerable Android banking application
• OWASP iGoat — iOS learning tool

Container / Kubernetes

• Kubernetes Goat — Vulnerable Kubernetes cluster
• contained.af — Container escape challenges

Recommended Books

Foundational

1. The Web Application Hacker's Handbook (2nd Edition) — Dafydd Stuttard, Marcus Pinto. The definitive web application security reference. Complements Chapters 18-23.

2. Penetration Testing — Georgia Weidman. Practical introduction to penetration testing with Kali Linux and Metasploit. Excellent for beginners. Complements Chapters 10-17.

3. Hacking: The Art of Exploitation (2nd Edition) — Jon Erickson. Deep dive into exploitation fundamentals including C programming, networking, and shellcode. Complements Chapters 12, 27-28.

4. The Hacker Playbook 3 — Peter Kim. Red team edition covering practical attack techniques with a focus on Active Directory environments. Complements Chapters 17, 35.

5. Practical Malware Analysis — Michael Sikorski, Andrew Honig. Comprehensive guide to malware reverse engineering. Complements Chapter 37.

Network and System

6. Network Security Assessment (3rd Edition) — Chris McNab. Thorough guide to network security testing methodology. Complements Chapters 10-13.

7. Rtfm: Red Team Field Manual — Ben Clark. Quick-reference command guide for pentesters. Keep on your desk during engagements.

8. The Linux Command Line (2nd Edition) — William Shotts. Essential Linux skills for anyone using Kali. Complements Chapters 3, 15.

9. Windows Internals (7th Edition, Parts 1 & 2) — Russinovich, Solomon, Ionescu. Deep understanding of Windows architecture. Complements Chapter 16.

10. Active Directory Attacks & Pentesting — Various (multiple resources). See SpecterOps blog and ired.team wiki. Complements Chapter 17.

Web Application

11. Bug Bounty Bootcamp — Vickie Li. Practical guide to finding and reporting web vulnerabilities. Complements Chapters 18-23, 36.

12. Real-World Bug Hunting — Peter Yaworski. Case studies of real bug bounty findings with technical details. Complements Chapter 36.

13. Web Hacking 101 — Peter Yaworski (free). Collection of real-world vulnerability reports with analysis.

14. Black Hat GraphQL — Nick Aleks, Dolev Farhi. GraphQL API security testing. Complements Chapter 23.

Advanced

15. Red Team Development and Operations — Joe Vest, James Tubberville. Comprehensive red team operations guide. Complements Chapter 35.

16. Attacking Network Protocols — James Forshaw. Deep protocol analysis and exploitation. Complements Chapters 6, 13.

17. Serious Cryptography — Jean-Philippe Aumasson. Practical cryptography for security professionals. Complements Chapter 28.

18. The Shellcoder's Handbook — Chris Anley et al. Binary exploitation and shellcode development. Complements Chapter 27.

Professional Practice

19. Writing for Security Professionals — Various SANS whitepapers. Technical writing guidance for pentest reports. Complements Chapter 39.

20. The Art of Deception — Kevin Mitnick. Social engineering from the perspective of a reformed hacker. Complements Chapters 9, 26.

Tool-Specific Documentation

These tools are referenced throughout this textbook. Official documentation is always the best starting point.

This resource directory is updated periodically. For the latest version with live links, visit the companion website. If you find a broken link or want to suggest an addition, please contact the author.