A list of books I have read and recommend
Hacking the Art of Exploitation 2nd Edition
This is a book that begins with an intro that gets your mind into the hacker spirit and then jumps straight into getting your hands dirty. If you read this book and do all the exercises you will learn the fundamentals of assembly code, C, basic exploit writing, and shellcode. You will also get a dose of network programming and crypto. This book can be challenging to digest but leave you prepared to move on to more complex topics.
The Shellcoders Handbook 2nd Edition
This book takes what you learned from Hacking the Art of Exploitation shown above and adds a few new elements. These 2 books complement each other nicely and I think reading this book second can help you keep growing your skills in exploit development. In this book you will learn more about fuzzing, ASLR bypass, and other types of overflow attacks. This will strengthen your overall vulnerability identification and exploit development abilities.
Web Application Hackers Handbook 2nd Edition
If you want to get a much deeper understanding of web application technologies and testing this is the book for you. It goes in depth on many topics from XSS, SQLi, CRSF, client side attacks, attacking authentication, and using Burpe suite to manually test for vulnerabilities.
Metasploit – The Penetration Tester’s Guide
This book starts from the fundamentals and goes all the way to developing your own modules in Metasploit the penetration testing framework. You can use these skills to identify vulnerabilities and conduct an organized penetration test. You really can’t lose with this book
Black Hat Python – Python Programming for Hackers and Pentesters
I’m a huge fan of this book. Scripting is a huge must for all penetration testers in my opinion and this book can take somebody with a decent set of Python skills and turn them into a truly versatile Offensive Python coder.
This book starts out a little more fundamental and works you into coding full fledged port scanners, zip file crackers, and AV evasion techniques. I recommend reading this book before Black Hat Python to build up the skills you need for more advanced scripts.
Social Engineering – The Art of Human Hacking
Social Engineering is a must have in you repertoire of techniques to gain access to networks and as they say the human is the weakest link in the chain. This book takes your through an extensive range of methods to explore the element of hacking the human.