Product Store
53 resources available · members get 20% off everything
⚡ Get 20% off everything — from $8/month
Hands-On Hacking
A hands-on introduction to ethical hacking — network scanning, vulnerability assessment, exploitation, and post-exploitation with real lab exercises throughout.
Real-World Bug Bounty
Battle-tested bug bounty techniques used against real programs — SQLi, SSRF, IDOR, XXE, business logic flaws, and how to write reports that get paid.
Linux Basics for Hackers
From terminal basics to full privilege escalation — everything a hacker needs to know about Linux, including file permissions, scripting, SUID/GUID, and cron abuse.
AWS Penetration Testing with Kali Linux
Hands-on AWS penetration testing using Kali Linux — IAM misconfigurations, S3 bucket attacks, EC2 exploitation, Lambda abuse, and full cloud kill chains.
AWS Penetration Testing — Beginner's Guide to Hacking
Beginner-friendly AWS hacking guide — setting up your attack environment, IAM enumeration, S3 misconfigurations, and cloud privilege escalation step by step.
Active Directory — The Hacker's Guide
Complete Active Directory attack guide — enumeration, Kerberoasting, AS-REP roasting, Pass-the-Hash, DCSync, BloodHound, and domain persistence techniques.
Attacking Network Protocols
A hacker's guide to network protocol capture, analysis, and exploitation — ARP, DNS, SMB, HTTP, and custom protocol reverse engineering with Wireshark and Scapy.
Black Hat Go — Go Programming for Hackers and Pentesters
Build offensive security tools in Go — port scanners, packet sniffers, exploits, C2 frameworks, and network proxies written from scratch in Go.
Black Hat GraphQL — Attacking Next Generation APIs
Complete guide to GraphQL security — introspection attacks, batching attacks, injection, authorization bypass, and DoS techniques against GraphQL endpoints.
Black Hat Python — Python Programming for Hackers and Pentesters
Build hacking tools in Python — network sniffers, trojans, fuzzers, C2 channels, web scrapers, and offensive automation scripts.
Breaking into Information Security
Career guide for breaking into cybersecurity — certifications roadmap, skill development, resume tips, interview prep, and real-world career paths.
Bug Bounty Bootcamp
Complete bug bounty training from zero to first payout — recon methodology, XSS, SSRF, IDOR, SQLi, business logic, and writing reports that get accepted.
Building & Automating Penetration Testing Labs in the Cloud
Build your own cloud-based pentest lab — AWS/Azure/GCP vulnerable environments, automated provisioning with Terraform, and lab maintenance for practice.
Ethical Hacking — A Hands-on Introduction to Breaking In
Practical introduction to ethical hacking — network scanning, vulnerability exploitation, web attacks, social engineering, and the legal framework of penetration testing.
Evading EDR — The Definitive Guide to Defeating Endpoint Detection
Complete EDR evasion guide — understanding detection engines, AMSI bypass, ETW patching, process injection, custom shellcode, and behavioral analysis evasion.
Extreme Privacy — What It Takes to Disappear
Complete digital privacy guide — removing your online presence, anonymous communications, secure devices, private travel, and protecting your identity from stalkers and surveillance.
Gray Hat Hacking — The Ethical Hacker's Handbook (6th Edition)
Comprehensive ethical hacking reference — network attacks, vulnerability research, exploit development, reverse engineering, IoT hacking, and mobile security.
Hack & Leak
Real-world hacking and data exfiltration case studies — how major breaches happened, techniques used, and lessons for both attackers and defenders.
Hack The World with OSINT
Complete OSINT field guide — social media intelligence, email tracing, geolocation, phone number lookup, dark web research, and automating reconnaissance.
Hacking APIs — Breaking Web Application Programming Interfaces
Complete API security testing guide — REST/GraphQL/SOAP attacks, authentication bypass, mass assignment, BOLA, rate limiting bypass, and API fuzzing.
Hacking Kubernetes
Kubernetes security from an attacker's perspective — RBAC misconfigurations, container escapes, service account abuse, network policy bypass, and cluster takeover.
Hands-On AWS Penetration Testing
Practical AWS penetration testing with real lab exercises — IAM, EC2, S3, Lambda, RDS, and container service attacks with full exploit chains.
How to Hack Like a Ghost
Advanced operational security for hackers — anonymous infrastructure, traffic obfuscation, attribution avoidance, and staying undetected during red team engagements.
HTTP — The Definitive Guide
Complete HTTP reference for web security professionals — HTTP/1.1, HTTP/2, headers, caching, cookies, authentication, and protocol-level attack surface.
JavaScript for Hackers
JavaScript exploitation for security researchers — XSS payload crafting, DOM attacks, prototype pollution, browser exploitation, and Node.js security issues.
Metasploit — The Penetration Tester's Guide (2nd Edition)
Complete Metasploit Framework guide — modules, meterpreter, post-exploitation, pivoting, auxiliary scanners, and building custom exploits and payloads.
Network Basics for Hackers
Networking fundamentals from a hacker's perspective — TCP/IP, routing, switching, firewalls, VLANs, and how to attack and break each layer.
OSINT Techniques — 10th Edition (2023)
The most comprehensive OSINT resource — 600+ pages of open-source intelligence techniques for uncovering online information about people, organizations, and infrastructure.
Open Source Intelligence Techniques
Resources for searching and analyzing online information — social networks, search engines, archives, images, documents, and automating OSINT workflows.
Operator Handbook — Red Team Reference
Quick-reference red team field manual — Linux/Windows/Mac commands, network tools, exploitation one-liners, and operational cheat sheets for active engagements.
Penetration Testing Azure for Ethical Hackers
Azure penetration testing guide — Azure AD attacks, storage exploitation, function app abuse, managed identity attacks, and cloud privilege escalation chains.
Pentesting Azure Applications — The Definitive Guide
In-depth Azure application security testing — web apps, APIs, containers, service buses, Key Vault attacks, and full Azure attack surface enumeration.
Practical Cloud Security
Cloud security fundamentals and attack techniques — AWS, Azure, GCP security controls, IAM misconfigurations, network security groups, and container security.
Practical IoT Hacking
Definitive guide to attacking Internet of Things devices — firmware extraction, hardware debugging, radio protocols, MQTT attacks, and IoT network exploitation.
Practical Linux Forensics
Linux digital forensics guide — evidence collection, memory analysis, disk forensics, log analysis, malware artifact identification, and timeline reconstruction.
Practical Malware Analysis
Complete malware analysis guide — static and dynamic analysis, disassembly, debugging, unpacking, and reverse engineering real malware samples.
RTFM — Red Team Field Manual v2
The essential red team quick-reference — Windows/Linux commands, network tools, web exploitation, post-exploitation one-liners, and operational cheat sheets.
Red Team Development and Operations
Professional red team operations guide — engagement planning, C2 infrastructure, operational security, reporting, and running effective adversary simulations.
Reversing — Secrets of Reverse Engineering
Complete reverse engineering guide — x86/x64 assembly, disassemblers, debuggers, anti-reversing techniques, software cracking, and malware reversing.
Serious Cryptography
Practical cryptography for security professionals — block ciphers, hash functions, public key cryptography, TLS, random number generation, and cryptographic attacks.
The Android Malware Handbook
Android malware analysis and reverse engineering — APK analysis, smali code, dynamic analysis, evasion techniques, and real Android malware case studies.
The Art of Intrusion
Real hacker stories — the techniques, social engineering, and exploits used in famous break-ins told from the attacker's perspective by Kevin Mitnick.
The Art of Mac Malware
macOS malware analysis and reverse engineering — Mac-specific attack techniques, persistence mechanisms, code signing bypass, and analyzing real Mac malware.
The Car Hacker's Handbook
Automotive penetration testing guide — CAN bus attacks, OBD-II exploitation, ECU reverse engineering, wireless attacks on vehicles, and automotive security research.
The Hacker Playbook
Practical penetration testing guide structured like a football playbook — reconnaissance, scanning, exploitation, and post-exploitation plays with real-world scenarios.
The Pentester BluePrint — Starting a Career as an Ethical Hacker
Career guide for aspiring pentesters — skills, certifications, building a lab, getting hired, and navigating the ethical hacking industry.
The Shellcoder's Handbook
Discovering and exploiting security holes — buffer overflows, heap exploitation, format strings, return-oriented programming, and writing shellcode for multiple platforms.
The Social Engineer's Playbook
Practical pretexting guide — phishing scripts, vishing techniques, physical social engineering, building personas, and psychological manipulation tactics.
The Web Application Hacker's Handbook (2nd Edition)
The definitive web application security bible — finding and exploiting security flaws in modern web applications, covering all OWASP Top 10 and advanced techniques.
This Is How They Tell Me the World Ends — The Cyberweapons Arms Race
The untold story of the global cyberweapon trade — zero-days, nation-state hacking, surveillance tools, and the shadow market for digital weapons.
Tribe of Hackers — Red Team
Insights from top red team professionals — career advice, tools, methodologies, and mindset from the world's best offensive security practitioners.
Web Application Security
Modern web application security guide — XSS, CSRF, clickjacking, CSP, CORS misconfigurations, authentication attacks, and securing web applications.
Cyberjutsu — Cybersecurity for the Modern Ninja
Ancient warrior philosophy applied to cybersecurity — stealth, deception, situational awareness, and the mindset of a modern cyber warrior.