Here's a short reading list I created yesterday about protecting your privacy:

Darknet: A Beginner's Guide to Staying Anonymous

How to Disappear: Erase Your Digital Footprint, Leave False Trails, And Vanish Without A Trace

Obfuscation: A User's Guide for Privacy and Protest

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

Complete Guide to Internet Privacy, Anonymity & Security

Tor and the Dark Art of Anonymity: How to Be Invisible from NSA Spying

Here's my list of the classics:

General Computing

• But How Do It Know? - The Basic Principles of Computers for Everyone
  
  
• The Elements of Computing Systems: Building a Modern Computer from First Principles
  
  
• Code: The Hidden Language of Computer Hardware and Software
  
  
• Gödel, Escher, Bach: An Eternal Golden Braid
  
  Computer Science
  
  
• The New Turing Omnibus: Sixty-Six Excursions in Computer Science
  
  
• Compilers: Principles, Techniques, and Tools, 2nd Edition (aka The Dragon Book)
  
  
• The Art of Computer Programming
  
  
• Algorithms, 4th Edition
  
  
• Introduction to Algorithms, 3rd Edition (aka CLRS)
  
  
• Essential Algorithms: A Practical Approach to Computer Algorithms Using Python and C#, 2nd Edition
  
  
• Grokking Algorithms: An Illustrated Guide for Programmers and Other Curious People
  
  
• Structure and Interpretation of Computer Programs, 2nd Edition (aka SICP, available for free on the MIT website)
  
  
• Discrete Mathematics with Applications, 4th Edition
  
  Software Development
  
  
• Designing Data-Intensive Applications: The Big Ideas Behind Reliable, Scalable, and Maintainable Systems by Martin Kleppmann
  
  
• Design Patterns: Elements of Reusable Object-Oriented Software (aka The Gang of Four)
  
  
• Think Like a Programmer: An Introduction to Creative Problem Solving
  
  
• The Pragmatic Programmer: your journey to mastery, 20th Anniversary Edition, 2nd Edition
  
  
• The Mythical Man-Month: Essays on Software Engineering
  
  
• Code Complete: A Practical Handbook of Software Construction, 2nd Edition
  
  
• The Design of Everyday Things
  
  
• Clean Code: A Handbook of Agile Software Craftsmanship
  
  
• Programming Pearls, 2nd Edition
  
  
• Soft Skills: The Software Developer's Life Manual
  
  
• Hello, Startup: A Programmer's Guide to Building Products, Technologies, and Teams
  
  
• Hacker's Delight, 2nd Edition
  
  
• Peopleware: Productive Projects and Teams, 3rd Edition
  
  Case Studies
  
  
• The Soul of a New Machine
  
  
• Masters of Doom: How Two Guys Created an Empire and Transformed Pop Culture
  
  
• Hackers: Heroes of the Computer Revolution
  
  
• Where Wizards Stay Up Late: The Origins Of The Internet
  
  
• Fire in the Valley: The Birth and Death of the Personal Computer, 3rd Edition
  
  Employment
  
  
• Cracking the Coding Interview: 189 Programming Questions and Solutions, 6th Edition
  
  
• The Complete Software Developer's Career Guide: How to Learn Programming Languages Quickly, Ace Your Programming Interview, and Land Your Software Developer Dream Job
  
  
• The Self-Taught Programmer: The Definitive Guide to Programming Professionally
  
  
• The Passionate Programmer: Creating a Remarkable Career in Software Development
  
  Language-Specific
  
  C
  
  
• The C Programming Language, 2nd Edition
  
  Python
  
  
• Automate the Boring Stuff with Python: Practical Programming for Total Beginners, 2nd Edition
  
  
• Python Crash Course: A Hands-On, Project-Based Introduction to Programming
  
  
• Python Programming: An Introduction to Computer Science, 3rd Edition
  
  
• Effective Python: 59 Specific Ways to Write Better Python
  
  C#
  
  
• The C# Player's Guide, 3rd Edition
  
  C++
  
  
• The C++ Programming Language, 4th Edition
  
  
• Starting Out with C++: from Control Structures to Objects, 9th Edition
  
  Java
  
  
• Introduction to Java Programming and Data Structures: Comprehensive Version, 11th Edition
  
  
• [Java: A Beginner's Guide](https://www.amazon.com/Java-Beginners-Seventh-Herbert-Schildt/dp/1259589315/, 7th Edition)
  
  
• Java: The Complete Reference, 11th Edition
  
  
• Core Java Volume I - Fundamentals, 11th Edition
  
  
• Starting Out with Java: From Control Structures through Objects, 6th Edition
  
  
• Effective Java, 3rd Edition
  
  Linux Shell Scripts
  
  
• The Linux Command Line: A Complete Introduction, 2nd Edition
  
  
• Wicked Cool Shell Scripts: 101 Scripts for Linux, OS X, and UNIX Systems, 2nd Edition
  
  
• Linux Command Line and Shell Scripting Bible
  
  
• Mastering Linux Shell Scripting
  
  Web Development
  
  
• Learning Web Design: A Beginner's Guide to HTML, CSS, JavaScript, and Web Graphics, 5th Edition
  
  
• Eloquent JavaScript: A Modern Introduction to Programming, 3rd Edition (also available for free on the author's website)
  
  
• JavaScript and JQuery: Interactive Front-End Web Development
  
  
• HTML and CSS: Design and Build Websites
  
  
• You Don't Know JS: Up & Going
  
  Ruby and Rails
  
  
• Ruby on Rails Tutorial: Learn Web Development with Rails, 4th Edition (Note: this book is somewhat out of date compared to the live version on the author's website.)
  
  
• The Well Grounded Rubyist, 3rd Edition
  
  
• Practical Object-Oriented Design in Ruby: An Agile Primer
  
  
• Agile Web Development with Rails 5.1
  
  
• Programming Ruby 1.9 & 2.0: The Pragmatic Programmers' Guide, 4th Edition
  
  
• Eloquent Ruby
  
  Assembly
  
  
• Assembly Language for x86 Processors, 8th Edition

I'm going to be brutally honest here, and I'm probably going to get down-voted, but I'm not impressed with the underlying code for the project. I don't even know where to begin.

You're obviously passionate about Javascript, but runtime engines and best practices have changed dramatically in the last few years. Some things that stick out could easily be chocked up to coding style or preference, but when those preferences aren't well-adjusted to current-day standards, it leads to a perpetuation of those bad practices and hinders the growth and evolution of web development overall.

I'm posting this here, instead of on Github, because these aren't quite bug reports. I'd be more than happy to contribute though.

1. Syntax and readability are more important than shortcuts.
   
   Cutting corners in the interest of character count is useless. It's better to be able to read the code than to have to interpret it line-by-line.
   
   For hinting, I recommend JSHint. It'll be nicer than JSLint, but it'll still likely hurt your feelings.
   
   Here are some JSHint errors/warnings that popped up:
   
   > The body of a for in should be wrapped in an if statement to filter unwanted properties from the prototype.
   
   > Expected an identifier and instead saw 'arguments' (a reserved word).
   
   > Expected a 'break' statement before 'case'.
   
   A lot of syntax errors can be solved by linting or hinting, and following a style guide. Here's Google's Javascript Style Guide. You'll find that most projects on Github follow the same code conventions, and for very good reason. When you make your code consistent and readable, other developers will be more likely to like you and contribute to your projects.
   
   
2. Read Douglas Crockford's Javascript: The Good Parts and Nicholas Zakas' Maintainable Javascript.
   
   
3. Use an AMD-style, modular system like Require.js or Yahoo Module Pattern because Global variables are evil. The basic idea behind a modular system is that every piece of functionality is broken down to its basic form, and no less. It helps to keep things organized. Even if you choose not to use a framework, following a trusted organizational pattern is a good idea. Consistency is key.
   
   
4. Check out Backbone.js or Underscore for data manipulation.
   
   I really like the project, but the code is unwieldy and confusing.

The "Practice of System and Network Administration"; probably a bit too early in your career but has some strong advice.

https://www.amazon.com/Practice-System-Network-Administration-Enterprise/dp/0321919165

There's also a volume 2 which is cloud/site reliability engineering related.

HTML and CSS are pretty simple, I would spend almost no time reading about them (Unless this is for some sort of job interview) for the most part you will just be googling "How to I make round borders" until you can do it by rote memorization.

JS, on the other hand, is a tricky beast. I would spend a majority of my time learning not just how to write javascript, but how to write good javascript.

javascript the good parts and Javascript garden is where I would start out learning. Javascript is easy to write, but hard to write well. You need to follow strong conventions otherwise your code will end up looking like spaghetti right quick and in a hurry. If you start playing around with the language, I would suggest using JSLint to make sure you aren't doing anything stupid.

After getting a good strong base in javascript jquery shouldn't be too hard. It is just a javascript library. perusing through the docs and getting a feeling for what it can do is probably all you really need. Just like any library you've used. You didn't learn all of the .Net framework, rather you would google and lookup specifics as you needed them. That is much the way you are likely to use jQuery. It can do a lot and you don't need to know everything it can do to use it effectively.

In short, javascript is where the traps are. The other things you mentioned are "I'm going to google this anyways" so I wouldn't really spend a large amount of time learning them.

In my opinion; every book in this bundle is a bag of shit.

Here's a list of reputable books, again in my opinion (All links are Non-Affiliate Links):

Web Hacking:

The Web Hackers Handbook (Link)

Infrastructure:

Network Security Assessment (Link)

Please Note: The examples in the book are dated (even though it's been updated to v3), but this book is the best for learning Infrastructure Testing Methodology.

General:

Hacking: The Art of Exploitation (Link)

Grey Hat Hacking (Link)

Linux:

Hacking Exposed: Linux (I don't have a link to a specific book as there are many editions / revisions for this book. Please read the reviews for the edition you want to purchase)

Metasploit:

I recommend the online course "Metaspliot Unleashed" (Link) as opposed to buying the book (Link).

Nmap:

The man pages. The book (Link) is a great reference and looks great on the bookshelf. The reality is, using Nmap is like baking a cake. There are too many variables involved in running the perfect portscan, every environment is different and as such will require tweaking to run efficiently.

Malware Analysis:

Practical Malware Analysis (Link)

The book is old, but the methodology is rock solid.

Programming / Scripting:

Python: Automate the Boring Stuff (Link)

Hope that helps.

I’d recommend this book

Consider buying these, or checking them out from local library:

Network Warrior

The Practice of System and Network Administration: Volume 1: DevOps and other Best Practices for Enterprise IT (3rd Edition) 3rd Edition

-----

Cisco / Networking

Stanford University Free Introduction to Networking Online Course
Cisco Learning Center - How to Study for CCNA for Free
Professor Messer's CompTIA Network+ Training Videos
Cybrary Free CCNA Training Videos
Cisco VIRL - Virtual Router & Firewall Training Tool
GNS3 Vault - Free Practice & Training Labs for Cisco Equipment
Cisco Live Training Convention Video Portal - Free Registration Required
Cisco Design Zone - Best Practices
PacketBomb - WireShark Training Center
NetCraftsmen - Network Consultants Blog
PacketPushers News & Podcasts
IOSHints - Ivan Pepelnjak's Blog/site
Cumulus Networks SDN Technical Videos
SDX Central - SDN Resources



-----

The Best of Cisco Live

Cisco Live is Cisco's annual Technology expo & training convention.

All of these presentations are available for free here: http://www.ciscolive.com/online - Many with video presentations of the lectures.

BRKARC-3001 - Cisco Integrated Services Router G2 - Architectural Overview and Use Cases (2013 Orlando) - 2 Hours
BRKARC-3001 - Cisco Integrated Services Router 4000 - Architectural Overview and Use Cases (2015 San Diego) - 2 Hours
BRKARC-2001 - Cisco ASR1000 Series Routers: System & Solution Architectures (2015 San Diego) - 2 Hours
BRKARC-1009 - Cisco Catalyst 2960-X Series Switching Architecture (2016 Las Vegas) - 90 Mins
BRKARC-3438 - Cisco Catalyst 3850 and 3650 Series Switching Architecture (2015 San Diego) - 2 Hours
BRKARC-3445 - Cisco Catalyst 4500E Switch Architecture (2015 San Diego)
BRKARC-3465 - Cisco Catalyst 6800 Switch Architectures (2015 San Diego) - 90 Mins
BRKARC-2222 - Cisco Nexus 9000 Architecture (2015 San Diego)

...

BRKCRS-3147 - Advanced troubleshooting of the ASR1K and ISR (IOS-XE) made easy (2015 San Diego) - 2 Hours
BRKCRS-3146 - Troubleshooting Cisco Catalyst 3650 / 3850 Series Switches (2015 San Diego) - 2 Hours
BRKCRS-3142 - Troubleshooting Cisco Catalyst 4500 Series Switches (2015 San Diego) - 2 Hours
BRKCRS-3143 - Troubleshooting Cisco Catalyst 6500 / 6800 Series Switches (2015 San Diego)
BRKDCT-3101 - Nexus 9000 (Standalone) Architecture Brief and Troubleshooting (2015 San Diego)
...

I work in web security. For those of you that will be working on the site, please read/have already read/be aware of the lessons found in:

• The Web Application Hackers Handbook - Everyone that makes interactive websites should at least skim this.
  
• SQL Injection Attacks and Defense - Everyone remembers "The Summer of Lulz," right?
  
• Web Application Obfuscation - There's more than one way to hide an attack.
  
  Expect your website to be attacked. Some advice:
  
  
• Blacklists^[1] never work. There is always a way around a blacklist. Whitelist^[2] every input.
  
• Never roll your own crypto.
  
• If it comes from the user's computer, it can be controlled by the user. No exceptions.
  
• Relying on security through obscurity will not work (ex: hiding the key to the building in a fake rock). Obscurity can be part of a strong multi-layered larger approach (hiding the key to the building inside a safe that is bolted to the foundation and hidden in a fake rock on well-lit grounds that are patrolled by competent and well-paid guards on a shorter duration than it would take to break into the safe), but never by itself.
  
• Never roll your own crypto.
  
• Basic Authentication: Just Say No
  
• Digest Authentication: Just Say No
  
• Never roll your own crypto.
  
• Encrypt-then-HMAC only. Never HMAC-then-Encrypt or Encrypt-and-HMAC.
  
• https encrypts the transmission of data, it does not make the transmitted data any more/less "safe".
  
• Did I mention "never roll your own crypto" yet? No? Okay. Never roll your own crypto.
  
• Never transmit sensitive data as GET requests over http. Use POST body parameter/value pairs over https.
  
• Never store the actual passwords, only store salted cryptographic hashes of the password. No, the users do not need to see their own password. If they forget it, email them a single-use time-limited link to a page where they can set a new one. No exceptions.
  
• Never roll your own crypto.
  
• Do not use MD5/SHA/SHA256/etc. for password hashing. No exceptions. Salted password hashing is a solved problem.
  
  If you'd like some advice, have any questions, I should be able to get back on reddit sometime tomorrow (unfortunately, I have a lot of work I need to get started on).
  
  [1] - Blacklist: Allow everything in except for things on this incomplete list of known bad things.
  
  [2] - Whitelist: Only allow in things on this list of known good things and reject everything else.

Some book recommendations:

• Clean Code
  
• Code Complete
  
• The Pragmatic Programmer
  
  Others that are great and related but not as "necessary" as the above three:
  
  
• Refactoring
  
• Design Patterns
  
• Head First Design Patterns
  
• Working Effectively With Legacy Code
  
• Beyond Legacy Code
  
  Unrelated to "better code" but still great:
  
  
• The Mythical Man-Month
  
• Soft Skills

Honestly, I'd go with Windows Powershell Best Practices instead. PSIAMOL is nice, but this one focuses more heavily on ensuring you not only get the syntax, but the proper script structure, code re-usability, high performance, and just a ton of other stuff.

PSIAMOL Teaches you how to use PowerShell. WPBP teaches you how to be good at PowerShell.

Once that's done, it wouldn't hurt to check out Code Complete which had such an impact I ended up re-writing several of my larger scripts after reading it...

It seems your problem is not programming, but architecture. Namely, how the client-server architecture that most of the web is based on works.

Unfortunately, I couldn't find something that's both easy to understand and comprehensive enough, and I can't really write it here, as either I would have to simplify it too much or I'd have to write way much more than I'm comfortable writing.

So keep google for client server architecture until you find a book/tutorial/article/video/etc that makes you understand and go from there. Don't worry about languages, liibraries, frameworks and all that mumbo-jumbo for now, just focus on understanding what happens when you interact with a website, from start to end. Once you understand that, choose a language, find a framework that you think you'd like and start learning it (some frameworks, like Django, have very comprehensive tutorials). And then you keep improving that until you're satisfied with your project - or you hit your deadline, that product got to ship someday!

EDIT: Actually, I do have a recommendation: the Computer Networking: A Top-Down Approach book. Reading the first chapter will probably be enough for you, but if you enjoy it, you can read a lot more and really (begin to) understand how the Internet (and computer networks in general) work.

How to disappear:

http://www.thesmokingjacket.com/lifestyle/stuff-you-should-know-how-to-disappear

http://www.amazon.com/How-Disappear-Digital-Footprint-without/dp/1599219778

http://www.skeptictank.org/hs/vanish.htm


Good luck.

The bottom line is that, whatever your rationale might be, this code is extremely difficult to read and understand for anyone who isn't you. I had to just skip over the entire tokenizer because I wasn't getting anything out of trying to read it, except for frustration. The algorithm portion isn't much better.

Good names are one of the best ways for an author to communicate how their code works to other programmers. They provide the foothold that the person reading the code needs so that they can begin understanding the algorithms. With what you've got here, the reader must already understand the algorithms before ever seeing the code, so that he can map the concepts he already has in his head onto the uninformative variable names.

I'll give you an example that I paraphrased from Code Complete, which, if you haven't heard of it, is one of the absolute classic works on the topic of how to construct good code. What do you think this code fragment is doing:

a = a - b;
c = d + sales_tax(d);
a = a + late_fee(e, a) + c;
a = a + interest(e, a);

Despite the good function names, it's still extremely difficult to figure out what this code is trying to accomplish; if I have to make a change in something that relates to this module, I don't know where to start. But, after we name the variables:

balance = balance - last_payment;
monthly_total = new_purchases + sales_tax(new_purchases);
balance = balance + late_fee(customer_number, balance) + monthly_total;
balance = balance + interest(customer_number, balance);

See how much easier it is now to see that this code is computing a customer's bill based on their outstanding balance and a set of new purchases from the current month?

Using good variable names allows anyone to just read your code and understand immediately what it is doing. Without good variable names, anyone reading your code has to already know what it is doing.

What do you want to do? "Security" is a nonsense term that doesn't mean anything to employers.

I'd pass on certs, as most of them are worthless and don't teach you anything relevant in the security field. OSCP is good and the SANS FOR 610 is good, but LOL at paying $6,000 for a certification.

Build a lab. For Malware Analysis learn REMnux, IDA Pro, Ollydbg, and look at C++ and C.

For Penetration Testing learn TCP/IP, play with Backbox and Kali when you have a soild understanding of TCP/IP and networking in general. Learn Python, Bash, and PowerShell.

Practical Malware Analysis

Practical Forensic Imaging

Those books are solid for learning IR and Malware Analysis.

Check out /r/netsecstudents

For fucks sake, stay off this sub-reddit for anything Security related. Just lmao at the responses in here. Too many people have read that shit book Phoenix Project and think Security is just policy and process.

​

You should be aiming to eventually get a position as a Security Operations Center (SOC) analyst.

A SOC analyst position gives you some insight into a whole range of different information security problems and practices. You'll see incoming recon and attacks, your org's defenses and responses, and the attacker's counter responses. You'll get experience using a SIEM. You'll become familiar with all of the tools in place and start to figure out what works and what doesn't. You'll learn the workflow of a security team and what the more senior engineers do to protect the enterprise. After a couple of years, you'll probably have a much better idea about your own interests and the path you want to pursue in your career.

Here's how you get there:

Step 0: Make a habit of using spellcheck, then proofreading what you've written.

Step 1: Get the Network+ certification (Skip the A+, it's a waste of time for your purposes). You MUST understand IPv4 networking inside and out, I can't stress that enough. A used Net+ study guide on Amazon should be less than $10. Professor Messer videos are great and free: https://www.youtube.com/user/professormesser

Mike Meyers has about the best all in one Network + book out right now, you can get that from Amazon. You can also check out Mike Meyers' channel on Youtube, he has a lot of Network+ videos: https://www.youtube.com/watch?v=TcIV\_qc-eOU

Step 2: Start learning some basic Linux. The majority of business computing is done on a unix type platform, this will not change anytime soon.

For Linux, I'd highly recommend "Unix and Linux System Administration Handbook" by Evi Nemeth, et al. The information is presented in a way that is comprehensible to regular people. You can get a used copy of the fourth edition for about $15.00. The second edition got me through my first three jobs back in the day :) https://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0131480057/ref=sr_1_fkmrnull_1?keywords=evi+nemeth+4th+edition&qid=1551450119&s=gateway&sr=8-1-fkmrnull

Step 3: Get a techie job, probably in entry level tech support or helpdesk. You have to do a year or two here to get some practical experience.

Step 4: Get the Security+ certification.

Step 5: While in your tech support job try to do every security related task you can.

Step 6: Attend Bsides conferences (very cheap), there is almost certainly one within a couple hours of you.http://www.securitybsides.com/w/page/12194156/FrontPage

Step 7: Join a local hackers group similar to NoVA Hackers or Dallas Hackers.

Step 8: Network with everyone you can at security conferences and in your hackers group.

Step 9: After you get those certs and some technical work experience, apply for every SOC position you can.

Step 10: Take the free online Splunk class while you're waiting.

Step 11: Keep going until you get that SOC analyst job.

Guess what, you're an infosec professional!

That SOC analyst job should pay between $50K and $60K. You'll stay there for a year to eighteen months and get a couple more certifications, then leave for a new job making $75K to $85K. After five years in the tech/cybersecurity industry you should be at $100K+.

Okay. It was /u/iconrad. Here is the thread:

https://www.reddit.com/r/linuxadmin/comments/2s924h/how_did_you_get_your_start/cnnw1ma

Also, I highly, highly recommend buying "The linux command line". Its a book aimed at beginners that will teach you the why, what and how of linux like no other. Its also free on the authors site in true libre fashion.

Not very specific to those technologies but:

>Web Application Hackers Handbook (2nd edition: http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470) is pretty thorough with the vectors of attack, examples, and includes a methodology for pentesters.

>The Tangled Web - a "light" but delightful read from Zalewski on the history and modern security of web apps. He also wrote the http://code.google.com/p/browsersec/

Both are pretty recent and cover some good ground.

I'm the manager of application security and research at a mid-level software vendor with over 400 developers and testers and I want to recommend you ignore all of the more generic advice currently in this thread. As someone with coding experience and interest, you have a unique path to infosec that so many companies want, but find it extremely difficult to hire for.

Any company that ships software has to consider the security of their application - full stop. Most rely on scanners or annual third-party vulnerability assessments for this, but obviously that falls short. They need people who can build security in from an architectural standpoint. Someone who can actually implement the fixes suggested by the above methods, and ideally, someone who can help implement security as an integral part of the SDLC instead of as a bolt-on premise.

My recommendation is to make your way through 24 Deadly Sins of Software Security and The Web Application Hacker's Handbook. If you can understand the bulk of concepts in these two books, you'll be leagues ahead of almost any developer you find yourself up against in a hiring scenario. For the coup de gras, learn about threat modeling. It's a great way to teach other developers and testers security and to build security into any system during design instead of post-release. Check out this book which is actually probably a little too comprehensive, use this card game from Microsoft (it seems silly, but I promise you it works), and watch this talk one of the guys on my team gave at BSides Cincinnati.

If you have any questions, PM me.

Networking is networking. There's no difference who does it.

​

Regardless, this is a timeless book: https://www.amazon.com/TCP-Illustrated-Protocols-Addison-Wesley-Professional/dp/0321336313

I'm not sure I'd consider Powershell devops than a core Windows administration tool. Devops to me would be like Chef, Puppet, Ansible, Salt, etc. (Puppet I think would be good for a Windows person to learn.)

You can do Powershell in a month of lunches: https://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

You can do the Microsoft Virtual Academy as well: https://mva.microsoft.com/en-us/training-courses/getting-started-with-powershell-3-0-jump-start-8276

Powershell is very object oriented and pipelined, it's not a bunch of "++1, !, +3," style of true programming. It's more of a "get-aduser doej"

A lot of the commands are the same syntax prefixes, like "get" and "export".

Don't be discouraged, envision yourself knowing this inside and out in a year, and your mind will work you toward this goal.

What, specifically, do you work with that you think can benefit from scripting?

Powershell in a month of lunches is apparently quite good, that will cover Powershell from the basics to relatively advanced concepts, although I don't recall it covers AD.

Once you have a grasp of PowerShell, the AD modules are not much trouble to learn at all, MCSA should at least cover some of that.

Also - Take a look under the "resources" tab on the right of this sub.

This problem is super easy to solve:

• Read book "Hackers: Heroes of the Computer Revolution" by Stephen Levy ^[[0]]
  
  
• Come to the realization that you are incompetent when compared to CompSci pioneers.
  
  
• Keep doing what you're doing.
  
  Every cliche has morsels of truth: "Rome wasn't built in a day", comes to mind. Most folk, like you and I, are just not geniuses. However, that doesn't mean we can't work toward being very proficient in a subject and become contributors.
  
  Your coworkers are light years ahead of you, even if they started a few months ago. The growth of knowledge is exponential and they just spent more time at "The Craft". As time goes on, levels will even out between proficient coworkers.
  
  Also, please note, there are 18.2 million developers world ^[[1]]. Every time I can't get something or doubt myself, I always ask if I'm dummer then the whole group who already achieved what I'm trying to do. Usually, the answer is "No" and I continue to Google to fill my gaps of knowledge.
  
  Presiden Abraham Lincoln once said:
  
  > "If I only had an hour to chop down a tree, I would spend the first 45 minutes sharpening my axe."^[2]
  
  That means as a programmer, you will spend 75% of your time learning/reading/searching and 25% coding.
  
  
  Edit: formating
  
  
  [0]: https://www.amazon.com/Hackers-Heroes-Computer-Revolution-Anniversary/dp/1449388396/ref=sr_1_3?ie=UTF8&qid=1465623565&sr=8-3&keywords=hackers
  
  [1]: http://www.computerworld.com/article/2483690/it-careers/india-to-overtake-u-s--on-number-of-developers-by-2017.html
  
  

Buy a book called "how to disappear," Then you may want to contact this guy: http://www.frankahearn.com/ : he will make it close to impossible for someone to track you online.

Then if you and your family move, you will need to move to a different state, and start doing things completely different than what you are doing now. If you're a car sales man, you'll have to find a new profession.

Move to another state and change your name, if you feel your life is in danger, you can contact a lawyer that can help you change your name and seal the records.

Changing a name and Moving states might do the job really, I'm a private investigator and even when I get all of the persons information it is still hard to find them.

If you TRULLY want to disappear, you need to stick to your guns and not say "oh, well I'm going to go back home for the holidays" changing your identity means CHANGING your entire LIFE, and that's why sometimes not even the Witness Protection Program works as intended.

What ever you do, DO NOT buy a firearm if you don't intend to use it. many people get killed with their own weapons.

TL;DR - Change your name, Move, Start a new life

Excellent questions! If you are a CS grad you are ahead of the game. However, it all depends on what you want to do. I suggested learning programming/CS principles for two reasons:

1. The more you understand how computers, code, compliers, software, stacks, memory randomization, CPU protection rings, and the such work the better you are at hacking. You can find novel ways to get into systems and exploit them, etc.
   
   
2. You can write basic tools on the fly. It is amazing the tools you can create with a few lines of code when you have access to nothing but a GCC compiler in a *nix environment.
   
   If you want to find zero day exploits, yes learn how low level languages work. It would be very helpful in that case.
   
   Otherwise, Learn python (or whatever is popular at the time) to write your own exploit tools....or to modify existing ones.
   
   
   If you want to be apart of a red team learning lower level languages could make you a better exploiter. However, IMO, I would start with just learning the basics of hacking.
   
   
   These two books are old but they are absolute standards for anyone starting off:
   
   https://www.amazon.com/dp/1593271441/ref=cm_sw_r_cp_awdb_t1_GYIACb1Z2YXFA
   
   And:
   
   https://www.amazon.com/dp/1593275641/ref=cm_sw_r_cp_awdb_t1_zZIACbMH0WTMP
   
   
   Also, learn as much as you can on how windows/Linux/virtual machines (and containers) work. The more you know about how an OS works the easier it is to exploit.
   
   Learn to exploit, there are a ton of free sites to help you learn:
   
   http://overthewire.org/wargames/
   
   
   https://www.cybrary.it
   
   
   
   www.vulnhub.com
   
   
   http://google-gruyere.appspot.com
   
   
   
   Learn CTF challenges:
   
   https://ctflearn.com
   
   
   When you are able to hack take part in real challenges:
   
   
   https://ctf365.com
   
   
   Then start your career with a RESPECTED CERT, OSCP:
   
   
   https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
   
   The OSCP is no joke and it is a timed, 24 hour cert test. Yes, you read that right, 24 hours.
   
   Unless you want a government gig stay away from C|EH, it is a joke cert in the community. Again, unless you need to work for a gov agency
   
   
   
   Finally, and I cannot stress this enough.....LEARN CLOUD COMPUTING!!! It is here to stay and on-prem systems are dying a slow death. It will change how you exploit systems and how software is engineered/deployed.
   
   

Well, we hit the 10000 limit. Reserving this comment for the misc. section.

FREE TIME/FUN/MISC.
The Art of Deception: Controlling the Human Element of Security
The Art of War
Steal This Computer Book 4.0: What They Won't Tell You about the Internet
How to Disappear: Erase Your Digital Footprint, Leave False Trails, and Vanish without a Trace
The Best of 2600: A Hacker Odyssey
Super Crunchers: Why Thinking-by-Numbers Is the New Way to Be Smart
Casting the Net: From ARPANET to INTERNET and Beyond thanks sjhill
A Quarter Century of UNIX thanks sjhill
A Reading List For the Self-Taught Computer Scientist thanks zinver
How to Talk So Kids Will Listen & Listen So Kids Will Talk thanks segamix
The Black Swan: The Impact of the Highly Improbable thanks AgonistAgent
Snow Crash thanks AgonistAgent
Cryptonomicon thanks Mirple

Sorry for getting all dramatic, but for me you're asking a red pill/blue pill question. I applaud your curiosity and can only recommend you follow your gut and take the red pill. The truth is by asking the question you already know what to do next. Just keep going. However I'll give you a few ideas because you got me excited.

1. Get in touch with your osx terminal
   
2. Get linux ASAP
   
3. Learn the command line
   
   

   OSX Terminal
   

   
   Underneath the shiny GUI surface of your mac you have an incredible unix style OS just waiting to be played with and mastered. A few tips to get you going.
   
   
   

   Download iTerm 2. Press cmd-return, cmd-d and command-shift-d.
   

   
   Congrats. you now have a hollywood hacker style computer
   
   

   Copy and paste this line into your terminal and say yes to xcode.
   

   
   ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
   
   Awesome you now have homebrew. A linux style package manager.
   
   

   May as well get cask too.
   

   
   brew install caskroom/cask/brew-cask
   
   Now you can install programs by typing a couple of words.
   
   try
   
   brew cask install virtualbox
   
   

   Get Linux ASAP
   

   
   Linux is relatively easy to get up and running and awesome fun. try any of these options
   
   

• Download virtual box and install a 'virtual machine' to run linux on your mac (see above).
  
• Buy a Raspberry Pi.
  
• Create a bootable usb and install refind on your mac.
  
• Take a friends old laptop and install linux on it from your live usb distro.
  
  If any of the above seems slightly daunting don't sweat it. Be confident and you may just surprise yourself at how much you can learn in such a short amount of time.
  
  

  Learn the command line
  

  
  The command line opens up the wonderfully powerful and creative world of unix. Push on.
  
  

• Get the basics down with codecademy
  
• Play with some books (this or this for eg)
  
• Watch some youtube videos (this guy's good for webdev)
  
• Learn a text editor (Try Vim. You already have it. Type 'vimtutor' in your terminal to get started)
  
  

  Play, Play, Play
  

  
  Do what gets you excited.
  
  I got a big kick out of learning ssh and then pranking my friends with commands like
  
  say hello friend, i am your computer. i think your friend two-gun is very handsome. Is he single?
  
  or
  
  open -a "Google Chrome" https://www.youtube.com/watch?v=X0uYvQ_aXKw
  
  Do what you find fun. Oh and check out Richard Stallman. He's a good egg.
  
  Enjoy.
  
  

  edit-0
  

  forgot iTerm link
  

  edit-1
  

  Wow! Gold! Ha! Thank you. This is so unexpected! I'd like to thank the academy, my agent, my mom...

I was in your same shoes 3 years ago when I took my first SA internship. I was the only person on site for 8 employees locally, 30 around the country.

I was scared to make actions at first but the first thing you need to do is learn your network in and out and document the shit out of everything before you even make a change. After that, you will be confident and I am sure of it.

1.) Begin a document called "IT Department Handbook" - add everything you find to it, except passwords. Refer to it, love it, it will always save you. Include disaster recovery in it. Make it so that a third grader can understand it. I have one thats 50 pages right now. This will save you as it has saved me so many times. Make it confidential though, because it will end up holding information you don't want people to see on the outside such as IP addresses and your network map.

2.) Keep passwords file but separate from the system and indistinguishable. I actually keep a password file on my phone in my memo's app but I don't have the full account usernames associated with each one. I provide really indistinguishable hints to the username, usually riddles that only I would know.

3.) Get Veeam endpoint backup and find a place to backup your DC (full backup) and any databases at the very least. You can create a standard for backups later.

3a.) Find the Domain Controller's recovery password immediately.

3b.) Create a recovery USB for all your servers and put them in a location where you can find them later.

4.) Get a Network Diagram going, then after that...

5.) List all Roles and Features each server has on the network diagram, what each server stores, what applications run on them and how essential they are to the business. Example: Domain Controller. No domain controller, no work can be done. CRM: No crm, people can't keep of their cases on the webserver but rather locally, they can live without it for a short time. Start thinking about disaster recovery.

6.) Develop a Khanban System. It's an agile project management method I learned from reading This Book -- I highly suggest buying this to help you better your practice. Put tasks in the backlog and move the ones you think need to be done sooner than others to your daily or weekly sprint.

7.) Find out who uses what server for certain tasks. This may take a while but it helps.

8.) Something I do personally before doing any changes to Group Policy or Regedit is I save their current configurations before making changes. Therefore, if something doesn't work right after a setting is changed, you can quickly revert back to it's last state.

9.) If you have the capability and hardware, get clustering going. So if a DC1 fails, DC2 takes over and everyone can still authenticate and work.

10.) If you have the capability and hardware, create a test environment reflecting your live network on a very small scale but enough to test "Ok so if I make this change, can people from workstations still login, can they still access the development server... etc." - you can create a test domain under your current forest and have it remain separate in this test environment.

11.) If it's not already in place (this might take some time) create a naming nomenclature standard. I.E. DC1.example.com (domain controller 1), DC2.example.com, PS1.example.com (production), WEBS1.example.com (webserver), TE1.example.com (test env.), WK1.example.com (workstation number 1...2...), VM1.example.com (virtual machines). This will help when it comes to debugging issues. My boss likes to make personal names for his servers which drives me fucking nuts because we have 20 servers between us and our clients that we manage. It's a lot better for him to mention "yea I cant get into PS1." rather "I cant get into rabbit" - and there I am trying to remember which server rabbit is and what features it holds off the top of my head; which is where a network diagram can come into play.

This book has been suggested a few times so I finally got around to reading it. I think it has some good information in it. I'm only about halfway through it, but I like it so far.

Time Management for System Administrators

Other books would be any of the social books like "How to influence people", "7 healthy habits..." Etc.

I haven't read this one yet, but It has been suggested to me if you plan to go more into management/leadership Start with Why

Other books that have I have ear marked due to being mentioned:

• The Devops Handbook
  
• The Practice of System and Network Administration
  
• The Practice of Cloud System Administration
  
• Cognitive Behavioral Therapy - This one might have been a joke, but as someone who has dealt with depression and burnout on the job. I think this could be beneficial.
  
• How to win friends and influence people
  
• How to win friends and influence people in the Digital Age
  
  Also, do a search for "Books for IT Professionals" to find a lot of other suggestions.

Most current information you are going to want to read online. There is no substitute for that. The books I'm currently reading through are:

The Web Application Hacker's Handbook 2nd Ed

The Tangled Web

Metasploit: The Penetration Tester's Guide

Webbots, Spiders and Screen Scrapers

NoStarchPress fanboy all the way :)

Keep in mind, though, that the technical requirements are only half of being employable. You also need to be a good employee, who can work with the client and keep them satisfied. For those, I recommend:

True Professionalism

Trusted Advisor

Thank you all for your responses! I have compiled a list of books mentioned by at least three different people below. Since some books have abbreviations (SICP) or colloquial names (Dragon Book), not to mention the occasional omission of a starting "a" or "the" this was done by hand and as a result it may contain errors.

edit: This list is now books mentioned by at least three people (was two) and contains posts up to icepack's.

edit: Updated with links to Amazon.com. These are not affiliate - Amazon was picked because they provide the most uniform way to compare books.

edit: Updated up to redline6561

• 14 The C Programming Language
  
• 11 Structure and Interpretation of Computer Programs
  
• 8 Introduction to Algorithms
  
• 7 Compilers: Principles, Techniques and Tools
  
• 6 Programming Erlang
  
• 5 The Mythical Man-Month
  
• 5 The Pragmatic Programmer
  
• 5 Applied Cryptography
  
• 4 Beautiful Code
  
• 4 The Little Schemer
  
• 4 Programming Perl
  
• 3 Types and Programming Languages
  
• 3 Gödel, Escher, Bach
  
• 3 OpenGL Programming Guide
  
• 3 Code Complete
  
• 3 Artificial Intelligence: A Modern Approach
  
• 3 Programming Pearls
  
• 3 ANSI Common Lisp
  
• 3 A Brief History of Time
  
• 3 Agile Web Development with Rails
  
• 3 Concrete Mathematics: A Foundation for Computer Science
  
• 3 Modern Operating Systems
  
• 3 Paradigms of Artificial Intelligence Programming
  
• 3 Operating System Design and Implementation
  
  

Every quality software should have tests. So...

Read the unit tests / features tests first. Those will show you how a specific piece of the code works.

Also:

1. Play with composer packages.
   
2. Learn about PHP SPL
   
3. Learn about design patterns and beyond
   
4. Learn TDD, setup PHPUnit, Behat, Mink, PHPSpec
   
5. Read PHP The Right Way
   
6. Learn about clean code, EBI, DCI and how to put MVC on a shorter leash here: http://ikke.info/clean_code.html and here http://ikke.info/todo.txt and check out the #cleancode IRC channel on freenode
   
7. Read a couple of books like: PHP Objects, Patterns and Practice or Code Complete or Clean Code or The Pragmatic Programmer or The Mythical Man-Month
   
8. Start an open-source project or contribute to one
   
   
   There are a lot to learn and if you really like programming you will never stop learning.
   
   

La mia classe (5° Informatica) ed un'altra (4° Informatica) sono le uniche dell'istituto con la LIM montata in classe e disponibile 24/7. Ne abbiamo anche un paio in altri laboratori.

Noi le LIM le usiamo spesso, sono parecchio utili in diverse materie e rendono la lezione più interattiva e meno pesante (No non sto cercando di vendervele).

Ad esempio in Italiano ci possiamo proiettare i testi degli autori che studiamo (reperibili gratis di solito visto che gli autori sono defunti da un bel po') e la Prof ci appunta sopra tutto quello che vuole, cosi': A) lei è contenta B) tu non ti perdi nulla C) Salvi il PDF e ce lo hai a casa sincronizzato su DropBox

In Storia mettiamo foto/quadri famosi oppure ogni tanto qualche reperto storico preso da YouTube (o addirittura vediamo documentari di Piero Angela).

In Inglese molto spesso usiamo Internet per trovare informazioni/qualcosa di più sugli argomenti che stiamo affrontando (in particolare inglese tecnico e specifico del campo informatico), visto che il libro qualche volta sbaglia (probabilmente perchè è scritto da gente che non ci capisce quasi nulla di informatica / programmazione)

In Matematica viene usata sia per disegnare grafici di studio di funzione / calcolo di limiti con software specializzati (GeoGebra ad esempio) che per vedere lezioni svolte su YouTube o esempi di esercizi affrontati in modo diverso da come li affronta il prof (Consiglio https://www.youtube.com/user/LessThan3Math).

Per materie più tecniche come (informatica / sistemi & reti / progettazione sw / elettronica) proiettiamo sempre documentazione / testi tecnici scritti da gente che ne sa veramente (ad esempio questo http://www.amazon.com/Computer-Networks-Edition-Andrew-Tanenbaum/dp/0132126958 per sistemi & reti), che alla fine rendono inutili i libri di testo che le altre classi usano. Inoltre ci facciamo girare i programmi scritti a casa senza andare nei vari laboratori, oppure le simulazioni dei circuiti per elettronica.

Poi in ogni materia la LIM viene usata come lavagna e non c'è più il problema dei gessi finiti, del cancellino sporco, del "non c'è più spazio, posso cancellare ragazzi?", si salva tutto e lo si rilegge a casa.

Ovviamente poi sulla LIM si vedono bene i Film per le ore buche, si gioca bene a Scacchi/RTS con il touch e c'è anche un ottimo impianto audio per sentire anche dalle altre classi i video di YouTube, ma questa è un'altra storia.


Noi usiamo cosi' tanto e penso cosi' bene la LIM perchè i prof hanno seguito un corso per imparare tutti i minimi segreti, o meglio a raccogliere un pennarello finto e scrivere.

La nostra classe è anche una delle poche che usa il tablet al posto dei libri cartacei, se vi interessa dopo vi posso scrivere anche di questo.

La nostra scuola usa anche un registro elettronico al posto di quello cartaceo, anche qui se volete vi dico i pro e contro.


TL;DR: Abbiamo la LIM, elenco gli usi della LIM, se i prof la sanno usare è utilissima. Infine un TL;DR.

Visto che il commento è stato di gradimento di alcuni allora spiego anche i tablet e i registri elettronici.

Tablet

All'inizio della terza la nostra classe è stata scelta per questo progetto di usare i tablet in classe, in particolare al posto dei libri cartacei e / o come supporto di lavoro.

La scuola si è offerta di pagare metà tablet mentre noi dovevamo pagarci l'altra metà. Il tablet scelto è stato un Nexus 7 32GB di prima generazione. Un buon tablet. Chi aveva già un tablet a casa (4 o 5 su 27) avevano il permesso di usare il loro.

Consegnato il tablet (dopo aver atteso 1 mese e mezzo circa, forse 2) abbiamo subito acquistato i libri di testo disponibili sulla piattaforma Scuolabook. Il prezzo dei libri digitali è minore rispetto a quello di quelli cartacei.

Il primo problema che abbiamo riscontrato è stato riguardo all'applicazione per tablet di Scuolabook (sia Android che iOS): crashava di continuo, lenta, faceva tutto tranne quello che doveva fare. Ti faceva passare la voglia di studiare. Alla fine ci siamo un po' abituati.

Qui nasce ora la domanda: meglio la carta o il tablet? Sono gusti. E' una cosa personale, c'è gente che non lascerebbe i libri di carta per nulla al mondo, soprattutto se ci devi studiare sopra, ma ad esempio io mi sono abituato abbastanza bene a studiare sui pixel. I quaderni, almeno quelli, sono sempre di carta.

Cosa può servire il tablet? Si evitano fotocopie, si scrive abbastanza veloce con la tastiera, eviti di trovare forme falliche sugli appunti etc etc.

In 3° molti perdevano tempo con giochini vari e cazzate del genere ma anche a causa del wifi scarso della scuola la nullafacenza è via via scomparsa. Ora il tablet viene usato per cazzeggiare solo in lezioni particolarmente noiose, perchè prima o poi i giochi finiscono.

Il problema dell'app scarsa di Scuolabook è stata risolta rimuovendo i DRM dai libri e convertendoli in PDF da aprire con adobe.

Dopo/domani scrivo riguardo il registro.

Learn how to access all service guides and manuals.... Learn unix/linux basics. Maybe build a small home lab, you can buy cheap servers and networking equipment online. Never say "I don't know" say "I will have to do some research". Nobody knows everything... Google is your friend.... When you are at work do not browse this sub.. Start reading up on that things they want you to work on now.......I am not an admin but work in data centers every day fixing servers. Been in the industry for 13 years.... still get worried about people finding out I have no idea what I am doing lol

Great Guide
UNIX and Linux System Administration Handbook

Well firstly, language is a big choice right now. If you're looking to make a financially fulfilling career in a young company or on your own, I'd recommend learning javascript to later use node.js, and learning ruby. Personally, I'm a node.js developer, so I would recommend moving toward the JS world and using really cool things like socket.io and mongoDB. Ruby is a fantastic language overall. It's a bit slow, but it does a great job regardless, and tons of really cool startups use it. At the moment, I would say that these are the two most profitable paths to take in web development.

http://codeacademy.com is a fantastic place to start. It does a great job at teaching the fundamentals of programming. If I recall correctly, the javascript courses take you from the absolute basics to building some kind of useful application, such as a calculator or todo list.

Once you've made your way through the tutorials at codeacademy, move on to http://codeschool.com. Their tutorials are a bit more advanced, and leave you with a real application and real knowledge on how to take an idea and turn it into a real product. For node magic after you've moved through Codeschool, check out http://nodeschool.io/

Here are a few books I would recommend

JAVASCRIPT

• Javascript: The Good Parts
  
• Node.js in Action
  
  RUBY
  
  
• Why's Poignant Guide to Ruby
  
• Ruby on Rails Tutorial

MS Virtual Academy Powershell Jumpstart

Powershell in a Month of Lunches by Don Jones

PowerScripting Podcast

/r/Powershell

• The Practice of System and Network Administration, Third Edition
  
• UNIX and Linux System Administration Handbook, Fifth Edition
  
• The Practice of Cloud System Administration: DevOps and SRE Practices for Web Services, Volume 2, First Edition
  
• Windows Server 2016 Unleashed, First edition
  

I think the two suggestions you'll see the most will be:

Code Complete

Pragmatic Programmer

I'm sort of in the same boat as you, except with an aero and physics background rather than EE. My approach has been pretty similar to yours--I found the textbooks used by my alma mater, compared to texts recommended by MIT OCW and some other universities, looked at a few lists of recommended texts, and looked through similar questions on Reddit. I found most areas have multiple good texts, and also spent some time deciding which ones looked more applicable to me. That said, I'm admittedly someone who rather enjoys and learns well from textbooks compared to lectures, and that's not the case for everyone.

Here's what I gathered. If any more knowledgeable CS guys have suggestions/corrections, please let me know.

• Intro-ish: Structure and Interpretation of Computer Programs by Abelson & Sussman
  
• Math: Mathematics for Computer Science by Lehman et al.
  
• Computer Architecture: Computer Systems A Programmer's Perspective by Bryant & O'Hallaron
  
• Algorithms: Introduction to Algorithms by Cormen et al.
  
• Programming Languages: Programming Language Pragmatics by Scott
  
• Computational Theory: Introduction to the Theory of Computation by Sipser
  
• Operating Systems: Modern Operating Systems by Tanenbaum & Bos
  
• Networks: Computer Networks by Tanenbaum
  
• Compilers: Compilers by Aho et al.
  
• Security: Security Engineering by Anderson
  
• Type Theory: Types and Programming Languages by Pierce
  
• AI: Artificial Intelligence: A Modern Approach by Russell & Norvig
  
  Full disclosure: I haven't actually read more than the preface of any of those books. Software engineering topics are more directly applicable to me than CS topics right now, so here are some that I've actually started reading:
  
  
• The Pragmatic Programmer by Hunt & Thomas
  
• Clean Code by Martin
  
• Code Complete by McConnell
  
• Design Patterns by Gamma et al.

Some very good books on networking basics:

Computer Networks

TCP/IP Illustrated

I have all these except the CEH (which shouldn't be on this list lol...) and they're all pretty good in their own way. Starting over, I'd go through hacker playbook while reading through the art of exploitation. You'll be pretty rounded at this point, blackhat python and metasploit will be a breeze. Do the ceh one if you're getting a job that wants to see embossed paper. Also, check out Web Application Hacker's Handbook, and Shellcoder's Handbook.

https://www.youtube.com/playlist?list=PL6D474E721138865A

https://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

https://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

I've heard good things about this.

Code Compete or maybe Code

I like a nice ham sandwich for a lunch point.

As far as getting into PS. This is the usual recommendation.

https://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

Enjoy your book and sandwich.

This is my favourite:

http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742

Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:

1. Programming. Definitely learn "C" first as all of the Exploitation and Assembly courses below assume you know C: The bible is pretty much Dennis Richie and Kernighan's "The C Programming Language", and here is the .pdf (this book is from 1988, I don't think anyone would mind). I actually prefer Kochan's book "Programming in C" which is very beginner freindly and was written in 2004 rather than 1988 making the language a little more "up to date" and accessible. There are plenty of "C Programming" tutorials on YouTube that you can use in conjunction with either of the aforementioned books as well. After learning C than you can try out some other languages. I personally suggest Python as it is very beginner friendly and is well documented. Ruby isn't a bad choice either.
   
   
2. Architecture and Computer basics:
   Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
   Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".
   
   
3. Operating Systems: Choose which you want to dig into: Linux or Windows, and put the effort into one of them, you can come back to the other later. I would probably suggest Linux unless you are planning on specializing in Malware Analysis, in which case I would suggest Windows. Linux: No Starch's "How Linux Works" is a great beginner resource as is their "Linux Command Line" book. I would also check out "Understanding the Linux Kernel" (that's a .pdf link). For Windows you can follow the Windows Programming wiki here or you can buy the book "Windows System Programming". The Windows Internals books are generally highly regarded, I didn't learn from them I use them more as a reference so I an't really speak to how well they would teach a "beginner".
   
   
4. Assembly: You can't do much better than OpenSecurityTraining's "Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration" class lectures from Xeno Kovah, found here. The book "Secrets of Reverse Engineering" has a very beginner friendly introduction to Assembly as does "Hacking: The Art of Exploitation".
   
   
5. Exploitation: OpenSecurityTraining also has a great video series for Introduction to Exploits. "Hacking: The Art of Exploitation" is a really, really good book that is completely self-contained and will walk you through the basics of assembly. The author does introduce you to C and some basic principles of Linux but I would definitely suggest learning the basics of C and Linux command line first as his teaching style is pretty "hard and fast".
   
   
6. Specialized fields such as Cryptology and Malware Analysis.
   
   
   Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)
   
   *edited a name out
   
   
   
   
   
   

> had any tips for solidifying the foundations.

I strongly recommend the book How Linux Works by Brian Ward, at No Starch Press. 392 pages.

Update: Here's a sample chapter Disks and Filesystems

While published in 2015, most of it is still very relevant. Page for page, it's the best Linux book I've encountered. Topics range from simple to complex, and intuitively organized as well. I found it applicable, of course, to most of Arch.

Good luck.

If I may - I humbly recommend to read a proper book on bitcoin, not some fluff piece.. Just assuming from the way that you chose your post title that you might be interested in a more substantial bitcoin reading :) Please ignore if that's not the case, don't wanna ruin your reading pleasure or anything.

Economic perspective: The Bitcoin Standard - The Decentralized Alternative to Central Banking

Not technical at all, very beginner friendly, but also not a lot of practical information: The Internet Of Money

Gently technical, beginner friendly: Inventing Bitcoin: The Technology Behind the First Truly Scarce and Decentralized Money Explained

Technical deep dives:

• Mastering Bitcoin (also available for free online, as it's an open source book)
  
  
• Programming Bitcoin
  
  
• Grokking Bitcoin

Automate the Boring Stuff taught me the basics and I recommend it highly. It's free.

If you encounter an error spend about an hour trying to solve it before asking for help. If you get an error with an error message from running the program you copy and paste the error message into a search engine and look for answers there. If the program behaves differently than you expect it too without giving you an error message you have probably made a mistake in your instructions to the program and these can be hard to find.

r/learnpython is great when you can't solve your problem(s), they're helpful as long as you say what you have tried, upload your code to pastebin.com and say what you want the program to do.

also when giving variables names please give them describing names. look at this example:

name = "chra94"

n = 6

name_length = 6

clearly name_length describes itself better than just n. Many beginners me included make the mistake of naming variables poorly which makes the code harder to read. good variables makes reading the code easier.

Be prepared to read documentations for both python but also tools (they're called modules or libraries) written in python for python. One day you might want to make a program that modifies or creates spreadsheets. There are libraries for that and even if you just watch a tutorial on how to use it it's easier to be able to search and read the documentation for the module than finding a tutorial specific for that one little thing you want to do that the other tutorial didn't cover.

Following the Automate the Boring Stuff book you will be able to make a rock, paper, scissors-game, making a number guessing game and such. Should you want more excercises you could look at codingbat over here at CodingBat for that.

Some day you might want to do a project. A program that's useful. Maybe it'll download the ten best wallpapers from r/wallpapers each day. Maybe you'll make a chatbot Slack or Discord or IRC. Anwyay. After having made a couple of programs that can be used over and over again by someone else than me I have realized that I have to plan much, much more ahead. My programs got messy, difficult to read, difficult to change and honestly I've lost control over them. I wish I had read Code Complete earlier. It praises planning your program thoroughly. According to some stats in the book mistakes uncovered after planning are between five to ten times more costly to fix than if they were discovered while the requirements for the program were figured out. (Theses stats are for small companies. Bigger companies can be as much as 100 times more expensive to fix.) TL;DR: Time spent planning is between three to ten times better spent than fixing stuff because you didn't bother to plan enough.

*TL;DR:** Do Automate the Boring Stuff untill you want to make stuff on your own and read chapter three of Code Complete.


Best of luck buddy and remember: Plan your projects ahead.

• The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, 2nd Edition (2012)
  
  This book covers rootkit development, not analysis, on Windows 7 and x86/IA32. It's a must read, if you're interested in rootkits.
  
  
• Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats (Release date set to january 2019)
  
  While not yet released, it looks very promising. Over the years, Microsoft has continually introduced better protections against rootkits and malware in Windows. Among other things, the book will cover how some of the rootkits/bootkits seen in the wild have bypassed protections such as Secure Boot, kernel-mode signing, Patch Guard and Device Guard.
  
  I'd also recommend having a look at the following books:
  
  
• Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (2012)
  
  
• Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation 1st Edition (2014)
  
  
• The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory 1st Edition (2014)
  
  
  Also, Windows Internals for both Windows 7 and Windows 10 is a great reference to have laying around.

I'm taking it right now. The books I read through or started before the OSCP in no particular order:

• Penetration Testing: A Hands-on Introduction to Hacking
  
• The Hacker Playbook 2: Practical Guide To Penetration Testing
  
• Black Hat Python: Python Programming for Hackers and Pentesters
  
  Honestly, if I could go back and prepare for the course again, I would have just learned the basics of python and then really focused on bash scripting. You're going to learn a metric fuck ton in the course. Remember, you're not paying just for the cert - you're paying for a course to get you to the cert.

Swiggy is wise. Listen to Swiggy.

Also check out the book, “How to Disappear.” Don’t keep it at home. Keep it at a friend’s house.

https://www.amazon.com/How-Disappear-Digital-Footprint-Without/dp/1599219778/ref=mp_s_a_1_2?ie=UTF8&qid=1540691872&sr=8-2&pi=AC_SX236_SY340_QL65&keywords=how+to+disappear&dpPl=1&dpID=51f4Ko3VWyL&ref=plSrch

I highly recommend doing these things

Buy/Read this:

http://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

Look this over:

https://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx

Check out the hey script guy columns

Last browse the script repository for examples

https://gallery.technet.microsoft.com/scriptcenter/site/search/?f%5B0%5D.Type=ScriptLanguage&f%5B0%5D.Value=PowerShell&f%5B0%5D.Text=PowerShell

First of all, for any software development questions you may have, I suggest you post your questions on Stackoverflow because the people there will surely provide you with answers.

Now, for a list of books I recommend:

JavaScript

JavaScript: The Definitive Guide; if you're new to JS, start with this one.

JavaScript: The Good Parts; not a beginner's book, but a must-read if you are going to use JS

If you are going to be using JS, you will most probably be developing using a framework, and for that I seriously recommend mastering jQuery because as they say, you will write less and do more!

CSS

CSS Mastery: Advanced Web Standards Solutions

Web Usability

Don't Make Me Think: A Common Sense Approach to Web Usability; the book that shows the users' perspective when viewing a website

Performance

High Performance Web Sites: Essential Knowledge for Front-End Engineers and Even Faster Web Sites: Performance Best Practices for Web Developers;if you want to get serious about performance for your websites

i recommend code complete 2 as a must read for getting the fundamentals right.

http://www.amazon.com/Code-Complete-Second-Steve-McConnell/dp/0735619670

The dark side has lot of facets, it depends on what you want to achieve.

If you are already working on web applications and web in general, then you may want to start with the Web Application Hackers Handbook by Dafydd Stuttard and Marcus Pinto.

This is a very valid book and with your existent knowledge it will be a very interesting read: i may also advise you to read The Tangled Web by Michal Zalewski, this instead will give you a very in-depth look of browsers' quirks and their inner working, quirks you'll learn to exploit.. for science!

Then there is the world of binary reverse engineering and exploitation, my preferred literature on this is Hacking: the art of exploitation: keep in mind that the techniques there may be outdated, but the reasoning and much of the concepts are still valid. It's a very specific book with very detailed information and you are required to know a bit of assembler, C and very low-level stuff.

Happy hunting and good luck!

I have the UNIX and LINUX System Administration Handbook It's awesome and has a pirate boat on the front, so you know it's good. It's great for best practices type stuff, and there's a little bit of sysadmin humor mixed in.

I also have the Linux Command Line and Shell Scripting Bible which is good for CLI reference.

Other than that, you can find a ton of stuff on the web. Is there anything in particular you are looking for?

Big fan of that book. New edition due soon too!

If you liked that, I strongly suggest reading Michael Zalewski's (author or this trick) book The Tangled Web; there are entire chapters on what quircks there are in HTML parsing (some stuff you can't even believe that it's accepted by the browsers).

Thanks ;). Not so skilled on that and my advice might be misleading; though I got a background in cs:This would be my suggestion for someone beginning.

• Understanding how comp works. Books: Code and Element of computing systems -> Video NandToTetris
  
• Programming( web programming(HTML/Javascript/PHP etc),C, bash, Python,(other script lang e.g perl, ruby etc) and assembly. In that order and database(e.g msql)
  
• Networking. book Computer Networking: A Top Down Approach. video Computer Networks by David Wetherall. Also some CCNA books
  
• How Linux works, Windows internals, and Modern Operating Sytems
  
• Cryptography by Christof Paar and cryptopal challenges
  
• Computer System Security
  
• Any other materials related to infosec. look at HowToHack resources on the sidebar. Also opensec
  
• Play some CTF e.g OverTheWire, smashthestack
  You can also search for those books pdf by using google hacks eg filetype:pdf "title of the book here" or intitle:index.of "title of the book here"

IMHO, knowing the basics is vital. For JavaScript, I recommend buying and reading, "JavaScript: The Good Parts".

https://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742/ref=sr_1_1

While Metasploit is a good tool, I would advise you to stray away from it until you learn. (I’m ignoring the fact that you rarely use Metasploit for web penetration testing in the real world anyways...)


You can carry out most of web penetration testing with just few tools like BurpSuite (this is the main one), a directory bruteforcer (gobuster, dirbuster, dirb, wfuzz..) and Nmap. These 3 tools should give you initial idea about the web application and its structure. Then it boils down to your enumeration and ability to spot weird or possibly vulnerable behavior. What is considered as “weird” or “vulnerable” behavior? According to OWASP, countless things. They made a whole web penetration testing guide for that reason - you can find it here: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents.


Alternatively, this book (https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470) covers web based exploitation in great depths and I highly recommend you obtain it. It was one of my first books ever and is definitely among my favorites.


Another useful resources:
https://portswigger.net/web-security

https://www.hackerone.com/hacker101


EDIT:
Yes, there are other very specific tools which come in handy such as wpscan or sqlmap. While I don’t mind wpscan that much, I strongly believe one should be able to do a manual sql injection before using sqlmap (therefore avoid sqlmap when learning). This way you understand what is happening behind the green terminal ;).

PS: Sorry for formatting, typed this up on a phone. I’m also pretty tired so please excuse my janky grammar!

> Supponiamo che uno (anzi, più di uno visto che siamo tutti componenti di un LUG) voglia iniziare a smanettare un po' in quest'ambito, che cosa consigli?

di farlo :)

> Mettere su un webserver e iniziare a tentare di bucarlo con gli exploit conosciuti può essere una buona idea oppure è meglio prima procedere con altro?

Tutto fa brodo (mi', ventesimo proverbio, mi sto biscardizzando :). Però per prima cosa devono essere chiare le problematiche agli strati più bassi: boot da media esterno, forensics "malevola" (accesso al fs, reset delle password, estrazione delle password, trojanizzazione dell'OS, ..), MITM e i suoi derivati, poi nmap e network/service discovery come se piovesse, analisi di tutti i servizi esposti, poi "finalmente" potete dedicarvi anche alla parte (web) applicativa.. :)

Ci sono moltissimi "playground" per divertirsi ed imparare, sia come vm da scaricare che contest, crackme & co. online, alcuni al volissimo:

• https://sourceforge.net/projects/metasploitable/
  
• https://github.com/rapid7/metasploitable3
  
• https://www.vulnhub.com/
  
  (copio & incollo dal sorgente che usiamo per generare la documentazione che distribuiamo a corsi & co, spero mantenga la formattazione - non è aggiornatissimo):
  
  

  Esercizi
  

  Elenco di applicazioni vulnerabili che possono essere utilizzate per imparare/approfondire le vulnerabilità nelle applicazioni web:
  
  

• OWASP Broken Web Applications Project (varie applicazioni, VM image)
  
• http://www.badstore.net/ (Perl, CGI, Live CD)
  
• http://code.google.com/p/bodgeit/ (J2EE)
  
• Pentesterlab (Live CD + slides + howto)
  
• Web For Pentester
  
• Web For Pentester II
  
• CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability
  
• PHP Include And Post Exploitation
  
• CVE-2012-6081: MoinMoin code exec
  
• Rack Cookies and Commands Injection
  
• XSS and MySQL FILE
  
• From SQL injection to Shell
  
• From SQL injection to Shell II
  
• From SQL injection to Shell: PostgreSQL edition
  
• CVE-2012-2661: ActiveRecord SQL injection
  
• https://www.owasp.org/index.php/Webgoat (J2EE, Tomcat)
  
• http://railsgoat.cktricky.com/ (RoR)
  
• McAfee
  
• http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx (.NET 1.x)
  
• http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx (J2EE)
  
• http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx (Ruby On Rails)
  
• http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx (ColdFusion)
  
• http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx (C++, client/server)
  
• Altre
  
• http://suif.stanford.edu/~livshits/work/securibench/index.html (J2EE)
  
• http://suif.stanford.edu/~livshits/work/securibench-micro/index.html (J2EE, Tomcat)
  
• http://samate.nist.gov/SRD/ (vari linguaggi)
  
  Elenco di applicazioni vulnerabili da altri siti:
  
  
• Vulnerable Test Websites
  
• Vulnerable Web Applications for learning
  
• Deliberately Insecure Web Applications For Learning Web App Security
  
  
  

  Libri consigliati
  

• The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
  
• Dafydd Stuttard, Marcus Pinto
  
• 816pp, Wiley; 2 edition (September 27, 2011) - ISBN-10: 1118026470
  
• The Tangled Web: A Guide to Securing Modern Web Applications
  
• Michal Zalewski
  
• 320pp, No Starch Press; 1 edition (November 26, 2011) - ISBN-10: 1593273886
  
• Writing Secure Code, Second Edition
  
• Michael Howard, David LeBlanc
  
• 798pp, Microsoft Press; 2nd ed. edition (January 4, 2003) - ISBN-10: 0735617228
  
• The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
  
• Mark Dowd, John McDonald, Justin Schuh
  
• 1200pp, Addison-Wesley Professional; 1 edition (November 30, 2006) - ISBN-10: 0321444426
  
• Detecting Malice
  
• Robert "RSnake" Hansen
  
• 300+pp, ebook
  
• Libri e pubblicazioni del progetto OWASP in formato cartaceo
  
  
  

  Metodologie e check-list
  

• danielmiessler.com: Web Application Security Testing Resources
  
• The Open Web Application Security Project (OWASP)
  
• OWASP Development Guide
  
• OWASP Secure Coding Practices - Quick Reference Guide
  
• OWASP Code Review Guide
  
• OWASP Testing Guide
  
• VulnerabilityAssessment.co.uk: Penetration Testing Framework
  
• Isecom: OSTMM - Open Source Security Testing Methodology Manual
  
  
  

  Cheat sheets
  

• pentestmonkey.net: SQL Injection, elenco completo
  
• ferruh.mavituna.com: SQL Injection
  
• owasp.org: XSS Filter Evasion, elenco completo
  
  > Da esperto di sicurezza, hai qualche consiglio su qualche "giochino" da far vedere in conferenze e relazioni per sensibilizzare le persone sull'argomento? Attualmente noto che fa molta presa questo iter (che è più sensazionalistico che altro):
  > creo una rete wifi aperta senza dir loro nulla e aprendo wireshark
  > durante la conferenza loro ovviamente la utilizzano senza pensarci troppo
  > a fine conferenza mostro loro quante cose avrei potuto prelevare se solo avessi voluto
  
  Ehm.. sarà anche sensazionalistico, ma lo faccio spesso anche io, con anche la parte di MITM sui certificati in automatico. Anche phishing/malware via mail, magari con split screen (cosa fa l'utente, cosa si vede sul "back-end"), con uno dei vari tool che ci sono metasploit, beef o con banali 10 righe di (linguaggio di scripting web a tua scelta).
  
  
  

Digital Forensic workbook is a great source for building foundational knowledge on many of the general computer forensic techniques. It covers info such as file system forensics, acquisition, software write blocking, registry analysis, email analysis, internet history analysis, recovering data in unallocated space, etc. Labs are included with the book so you can test the content learned against sample data.

Learning Malware Analysis Guides you through static analysis, dynamic analysis, using IDA pro, and other dismembers to determine the intent of malicious files.

Practical Malware Analysis

Wireshark Network Analysis

You may want to narrow that down a bit, but okay, here are some highlights, with amazon links to help disambiguate.

• Game Programming Gems series -- (8 books currently) Lots of snippets and articles contributed from developers across the game industry.
  http://www.amazon.com/Game-Programming-Gems-Adam-Lake/dp/1584507020/
  
  
  
• Game Engine Architecture by Jason Gregory -- Great intro to the details of how game engines are built. It's a good balance for detail and readability for a beginner. Even for someone just using engines such as UDK or Unity3d I would recommend this to understand what is going on under the hood.
  www.amazon.com/Game-Engine-Architecture-Jason-Gregory/dp/1568814135/
  
  
  
• 3D Game Engine Design -- More technical and detailed descripting of designing and developing a game engine, but not as noob friendly as Game Engine Architecture
  http://www.amazon.com/Game-Engine-Design-Second-Edition/dp/0122290631/
  
  
  
• 3D Game Engine Architecture -- Follow up to 3D Game Engine Design that goes in to lower level detail and general updates.
  http://www.amazon.com/Game-Engine-Architecture-Engineering-Applications/dp/012229064X/
  
  
  
• Artificial Intelligence for Games by Millington / Funge -- I believe this is the current "must read" for game AI. The only book I've seen that goes in to Behavior Trees and other modern concepts.
  http://www.amazon.com/Artificial-Intelligence-Games-Second-Edition/dp/0123747317/
  
  
  
• AI Programming Wisdom series -- 4 books, like Game Programming Gems but for AI. Not a must have but I'd recommend them. They seem to be out of print though, so good luck finding them.
  http://www.amazon.com/AI-Game-Programming-Wisdom-CD-ROM/dp/1584500778/
  
  
  
• Real Time Rendering -- One of the better books on rendering. I'm not a big render guy but this is the book that everyone recommends to me.
  http://www.amazon.com/Real-Time-Rendering-Third-Edition-Akenine-Moller/
  
  
  
• Real Time Cameras -- THE book on how to implement cameras well, written by THE guy when it comes to video game camera systems.
  http://www.amazon.com/Real-Time-Cameras-Mark-Haigh-Hutchinson/dp/0123116341/
  
  
  
• Code Complete -- The only book not game related I'm listing, it's basic stuff to help you learn to write better code. There are parts that I (and many others) disagree with but in general it's a lot of good advice.
  http://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670/
  
  
  There are many others, but looking at my shelf these are the big ones that stick out for recommendations.

Learning to hack, with little knowledge of it, will be a journey. You have some background in CS which will definitely help.

Learning to hack, from scratch, is where things become difficult. Where do you start? How do you learn? Luckily there's a vast amount of resources to learn from online.

To start learning is a matter of what you prefer.

Like watching videos/lectures?
https://www.udemy.com/penetration-testing/
https://www.udemy.com/learn-ethical-hacking-from-scratch/

Prefer reading books on the subject?
https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641
https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442

Most universities have Ethical Hacking / Cyber Security courses, can always check there.

I'd recommend learning Python, SSH, and the Linux Terminal in general to get started. But learning how those apply to hacking is a matter of learning and practice.

Hope this helped, and good luck!

You will pick up the knowledge fairly quickly, but the wisdom part comes slowly.

Read some books:

• Phoenix Project https://www.amazon.com/Phoenix-Project-DevOps-Helping-Business-ebook/dp/B00AZRBLHO/ref=sr_1_1?s=books&ie=UTF8&qid=1495835961&sr=1-1&keywords=the+phoenix+project
  
• Practice of System and Network Administration https://www.amazon.com/Practice-System-Network-Administration-Enterprise/dp/0321919165/ref=dp_ob_title_bk
  
• Toyota Kata https://www.amazon.com/Toyota-Kata-Managing-Improvement-Adaptiveness/dp/0071635238/ref=sr_1_1?s=books&ie=UTF8&qid=1495835986&sr=1-1&keywords=Toyota+kata
  
• GTD https://www.amazon.com/Getting-Things-Done-Stress-Free-Productivity/dp/0142000280
  
• Five Dysfunctions of a Team https://www.amazon.com/Five-Dysfunctions-Team-Leadership-Fable/dp/0787960756/ref=sr_1_1?s=books&ie=UTF8&qid=1495836025&sr=1-1&keywords=five+dysfunctions+of+a+team
  
• How to win friends and influence people https://www.amazon.com/How-Win-Friends-Influence-People/dp/0671027034
  
• Powershell in a month of lunches https://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617294160/ref=sr_1_1?s=books&ie=UTF8&qid=1495836112&sr=1-1&keywords=powershell+in+a+month+of+lunches
  
  Start humble, stay humble, be quick to listen and slow to speak, and don't make changes on Friday!

Not an expert, but heard this title being bandied around: https://www.amazon.co.uk/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742

Start here.

Read those left to right. You will learn a lot about networking, a lot about Python and how that is commonly used to hack, and then a lot about Kali Linux. You won't learn how to use the tools, but you will learn what they are.

I would also recommend "Operating System Concepts" but it is a bit pricey. I like that book because it doesn't teach you how to use a bunch of commands in linux, rather it teaches you how operating systems work and why they work that way. Very interesting, and there is an entire section on security. Also, "Penetration Testing" is a good one, and it is cheap too. You will learn how to use some Kali tools, but you'll also learn the important stuff. Buffer overflows and format string attacks are what you need to know how to do. You need to know how to look at and manipulate memory.

If you want to figure out how to do it yourself, read the first four books. If you want a step-by-step guide of exactly what to do, read the last book. It is also pretty important, IMHO, to know a bit about operating systems, but honestly you don't need that one. It just tells you why things are the way they are, which is sometimes helpful when you're like "oh I wonder if I can hack in like this" but then you remember that you could, but they changed it because you could.

Good luck on your endeavors!

Edit: I looked at the sidebar and it agrees with me about learning how OS's work. It says: I think the best place to start is to get a solid understanding of OS concepts first. The combo of Linux, C, and ASM are almost essential to really understanding how everything melts together. I like this resource: http://wiki.osdev.org/Expanded_Main_Page.

Read JavaScript: The Good Parts by Crockford. He goes over structuring JavaScript in an OOP fashion. More generally it's a great book that will bring your understanding of JS from intermediate to the beginnings of expert.

I've mentored several Junior linux team members and I always recommend : https://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0134277554

While not RH specific, it is has a wealth of information on Linux in general and serves as a good reference.

I wouldn't call this game "finished," not even in quotes. Implement scoring correctly with display in the game and disappearing/respawning balls, correct deflection (as if the paddle were rounded), smoother AI motion and correct keyboard input (it's backwards and seems to rely on autorepeat). Then the game will be a "finished" pong game.

I can't comment on the Javascript code really, but if you're just learning Javascript, I really recommend reading Javascript: The Good Parts. It's a very short book on how Javascript really works, with no real attention given to irrelevant APIs (to game programmers) and the like.

I also recommend looking at one of the several HTML5 game libraries out there. I'm using ImpactJS, but it costs money. If you want something free, you could try looking at Crafty. They abstract a lot of things and you can focus on making games, and not with the details of HTML5 APIs.

When I was starting to learn JS which was not that long ago at all and I am still learning I started with this video series:
https://www.youtube.com/playlist?list=PLz5rnvLVJX5VdVNddvRTj68X6miAWQ5pz

.then this one
https://www.youtube.com/playlist?list=PLz1XPAFf8IxbIU78QL158l_KlN9CvH5fg&disable_polymer=true

.then this one
https://www.youtube.com/playlist?list=PL4cUxeGkcC9jAhrjtZ9U93UMIhnCc44MH

.then I read:
https://www.amazon.com/gp/product/0596517742/ref=oh_aui_detailpage_o07_s00?ie=UTF8&psc=1

.then I read: https://www.amazon.com/gp/product/1430264489/ref=oh_aui_detailpage_o06_s00?ie=UTF8&psc=1
and
https://www.amazon.com/gp/product/1118871650/ref=oh_aui_detailpage_o06_s00?ie=UTF8&psc=1

.then I read:
https://www.amazon.com/gp/product/1491904240/ref=oh_aui_detailpage_o04_s00?ie=UTF8&psc=1
and
https://www.amazon.com/gp/product/1491904240/ref=oh_aui_detailpage_o04_s00?ie=UTF8&psc=1

.then
When I felt like I had a good enough grasp on vanillajs I started a giant project in Angularjs. Where I advanced my skills with git big time. Other resources I used are:
Atom: https://www.youtube.com/playlist?list=PLYzJdSdNWNqwNWlxz7bvu-lOYR0CFWQ4I

Rest api with MEN (lol): https://www.youtube.com/playlist?list=PL4cUxeGkcC9jBcybHMTIia56aV21o2cZ8

Docs are great for js: https://developer.mozilla.org/en-US/docs/Web/JavaScript

These were good for angularjs just incase you were interested:
https://www.youtube.com/watch?v=FlUCU13dJyo&list=PL4cUxeGkcC9gsJS5QgFT2IvWIX78dV3_v

Honestly I cant link one of this guys videos because they all help sooooo much:
https://www.youtube.com/user/shiffman

Copy paste from a post I made earlier

Malware RE isn't really all that much voodoo as it seems, you take the executable and break it down into steps.

First check out the PE headers and find what strings you can, characteristics. Figure out if the malware is packed or not.

A quick and dirty way to get an idea of what it does it run it with certain tools on the system and a linux box to intercept all network communications. This is called behavioral analysis.

After that you can load it into a disassembler like IDA Pro and start looking for interesting functions or windows API calls. Things like WriteFile, VirtualAllocEx, ReadFile then figure out that they are doing.

After that you can take it into your debugger (I like OllyDbg) and set some breakpoints at interesting functions to see what the malware is doing in the stack. Like I said, its not voodoo once you look into it further.

Creating the malware is a whole different story and outside my skill set. In fact I hate programming and know only high level programming, basically I can interpret code and what it wants to do. But I have an easier time reading Assembly (lol) than something like C++. But coding malware is just like coding anything else, design it for what you want it to do and get to work. Stuff like Stuxnet had probably at a minimum 10 extremely talented coders behind it.

Here is a great list of learning sources.

Cybrary.it Malware Analysis Course - Free

Opensource Malware Analysis Course - Free

Dr. Fu's Malware Analysis Course - Free

OpenSecurityTraining.info - Free

SANS FOR610 Reverse Engineering and Malware Analysis - Expensive

Practical Malware Analysis

Practical Reverse Engineering

Malware Analyst's Cookbook

Good on you for looking to grow yourself as a professional! The best folks I've worked with are still working on professional development, even 10-20 years in to their profession.

Programming languages can be thought of as tools. Python, say, is a screwdriver. You can learn everything there is about screwdrivers, but this only gets you so far.

To build something you need a good blueprint. For this you can study objected oriented design (OOD) and programming (OOP). Once you have the basics, take a look at design patterns like the Gang of Four. This book is a good resource to learn about much of the above

What parts do you specify for your blueprint? How do they go together? Study up on abstract data types (ADTs) and algorithms that manipulate those data types. This is the definitive book on algorithms, it does take some work to get through it, but it is worth the work. (Side note, this is the book Google expects you to master before interviewing)

How do you run your code? You may want to study general operating system concepts if you want to know how your code interacts with the system on which it is running. Want to go even deeper with code performance? Take a look at computer architecture Another topic that should be covered is computer networking, as many applications these days don't work without a network.

What are some good practices to follow while writing your code? Two books that are widely recommended are Code Complete and Pragmatic Programmer. Though they cover a very wide range (everything from organizational hacks to unit testing to user design) of topics, it wouldn't hurt to check out Code Complete at the least, as it gives great tips on organizing functions and classes, modules and programs.

All these techniques and technologies are just bits and pieces you put together with your programming language. You'll likely need to learn about other tools, other languages, debuggers and linters and optimizers, the list is endless. What helps light the path ahead is finding a mentor, someone that is well steeped in the craft, and is willing to show you how they work. This is best done in person, watching someone design and code. Also spend some time reading the code of others (GitHub is a great place for this) and interacting with them on public mailing lists and IRC channels. I hang out on Hacker News to hear about the latest tools and technologies (many posts to /r/programming come from Hacker News). See if there are any local programming clubs or talks that you can join, it'd be a great forum to find yourself a mentor.

Lots of stuff here, happy to answer questions, but hope it's enough to get you started. Oh, yeah, the books, they're expensive but hopefully you can get your boss to buy them for you. It's in his/her best interest, as well as yours!

The Practice of System and Network Administration, Second Edition

UNIX and Linux System Administration Handbook - 4th Edition

[TCP/IP Illustrated, Volume 1: The Protocols - 2nd Edition] (http://www.amazon.com/gp/aw/d/0321336313/)

These should be part of every ops department's library, if not already in your own personal one.

I'd go read books about the A+ cert (you don't need to certify but it's great material).

For other technical things I recommend a lot of books that are amazing:

• Clean Code: A Handbook of Agile Software Craftsmanship
  
  
• Computer Networking: A Top-Down Approach (6th Edition)
  
  
• Introduction to Java Programming, Comprehensive Version (9th Edition)
  
  
• Scripting with Objects: A Comparative Presentation of Object-Oriented Scripting with Perl and Python
  
  
• Art of Computer Programming, Volume 1: Fundamental Algorithms (3rd Edition) WARNING: GOD TIER
  
  Use technology books to learn processes, not end results. To be a better IT person, you should know how computers work as a system, not how to do say "Map network Drive in Windows", learn how those drives are mapped, what are the underlying fundamentals?
  
  

UNIX and Linux System Administration Handbook (5th Edition)

https://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0134277554

I can definitely recommend this book

There's a reason why there is a Javascript book (1096 pages) and another called Javascript: The Good Parts (176 pages).

I think the bible could use a similar treatment.

JavaScript: The Good Parts

I highly recommend JavaScript: The Good Parts. I'd say to read that one first because it explains how you should think when programming in JavaScript. Knowing the syntax and function names is no good unless you how to use them.

Pick up Powershell in a month of lunches and grab a free month trial of pluralsight. Two great resources for learning the basics.

For your lab, check on your local craigslist; someone is always getting rid of some gear there. If not there try EBay, can’t swing a dead cat without hitting a CCNA lab kit like these: Cisco Lab Kit

Once you have lab equipment, get some windows servers spun up as that will make learning powershell both applicable and rewarding to you.

Check out the following books:

TCP/IP Illustrated, Volume 1: The Protocols: The Protocols v. 1 (Addison-Wesley Professional Computing) https://www.amazon.co.uk/dp/0321336313/ref=cm_sw_r_cp_api_i_HsfhDb3TC15DK

By Gary A. Donahue Network Warrior (2nd Edition) https://www.amazon.co.uk/dp/B00NBJPIV8/ref=cm_sw_r_cp_api_i_ltfhDbJCDDXG7

The Practice of System and Network Administration.

A few general principles:

• Automate the setup of said servers. Pick a configuration manager: Puppet, Chef, Ansible, Salt. Keep the code for said CM in revision control.
  
  
• Separate your datastore (DB) from your frontend (webservers).
  
  
• Separate your backups from everything else.
  
  
• Set up a scheduled maintenance window in which you patch all of your boxes up-to-date with the latest security fixes. Include reboots where necessary (kernels need love too, and relatively few places have implemented hot-patching kernels).

You've already done the first step: admitting that college can only teach the fundamentals while the rest of the things you need to know, you will learn while working.

With that out of the way, here's the next step: apply the Joel Test to your new employer.

If it gets an 11 or 12, you'll be fine. Find a senior developer there to mentor you and you'll be a decent software engineer in 1 - 2 years.

Otherwise, while you might learn a lot of new stuff in your first job, they might be inadequate, outdated, or outright incorrect. In this case, plan an exit strategy ASAP so that you can leave to another company that has a much higher score in the Joel Test. In this fast paced software industry, it makes no sense to spend 5 years in a company where you'd only get to grow the same amount as another guy who just spent 6 months in a better company.

Next step: read. No, not those "Teach yourself [insert language that will be deprecated in 2 years] in 24 hours" books - find the books that teach software engineering, lessons that don't get outdated. Here's the usual suggestions:

• Code Complete 2
  
• The Pragmatic Programmer
  
• The Mythical Man-Month
  
• Peopleware
  
• Rapid Development
  
• Refactoring
  
• Head First Design Patterns
  
  Finally, if you have free time, find a local user group or open source community and join them. Not only will you learn fundamentals like version control and automated testing, you'll also be up to date to the latest trends in the industry. Because of this, high school/college students who are active in these communities have a great advantage over their purely academic classmates, not to mention the connections they get in the industry allow them to be employed faster.

Three CS fundamental books in the order I'd suggest someone read them if they don't have a background in CS.

• Modern Operating Systems - Tanenbaum. This, or any good OS book is something that anyone writing software that runs on servers should read. If you happen to only write frontend JS or HTML, you can probably skip it or push it to the end of the list.
  
  
• Design Patterns:
  Elements of Reusable Object-Oriented Software - "Gang of Four". My preferred way to consume this book is to read it lightly, understand the basics of the patterns, and then come back to them individually when you encounter them in the wild or think you want to employ one of them.
  
  
• Algorithms - Sedgewick. If you want a more mathematically rigorous treatment, Introduction to Algorithms - "CLRS" is excellent as well.
  
  
  
  
  Then there are these books that aren't really "CS books", but are geared more twoards practitioners.
  
  
  
• Clean Code - Martin
  
  
• Code Complete - McConnell
  
  
• Working Effectively with Legacy Code - Feathers
  
  
• The Managers Path - Fournier This one might seem like a weird suggestion, but even if you don't have plans to become a manager, it can help with understanding the path to a Tech Lead type of role. You'll also get a good idea of how your boss can and should be helping you, and what you should be asking of them.

It's all covered in here, and it's 360 titillating pages

Web dev having trouble finding work? Buy this book and this book, read them and contact [email protected].

I'd suggest you first take an ASM course.
This would be a great start
http://opensecuritytraining.info/Training.html
Next, you have two options.
You can get this awesome book
https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901
or you can start with this course
https://samsclass.info/126/126_S16.shtml
which is a reduced version of the book.

After you're done, I think the best thing to do is to find someone who can sponsor you to attend SANS 610 course.

For reverse engineering:

1. http://www.amazon.com/Practical-Reverse-Engineering-Reversing-Obfuscation/dp/1118787315/ref=sr_1_1?s=books&ie=UTF8&qid=1450459302&sr=1-1&keywords=reverse+engineering
   
   
2. http://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817/ref=sr_1_2?s=books&ie=UTF8&qid=1450459302&sr=1-2&keywords=reverse+engineering
   
   
3. http://www.amazon.com/IDA-Pro-Book-Unofficial-Disassembler/dp/1593272898/ref=sr_1_7?s=books&ie=UTF8&qid=1450459302&sr=1-7&keywords=reverse+engineering
   
   For malware analysis and malware techniques
   
   
4. http://www.amazon.com/Practical-Malware-Analysis-Hands--Dissecting/dp/1593272901/ref=sr_1_10?s=books&ie=UTF8&qid=1450459302&sr=1-10&keywords=reverse+engineering
   
   
5. http://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033/ref=sr_1_2?s=books&ie=UTF8&qid=1450459367&sr=1-2&keywords=malware+analysis
   
   
6. http://www.amazon.com/Art-Memory-Forensics-Detecting-Malware/dp/1118825098/ref=sr_1_5?s=books&ie=UTF8&qid=1450459367&sr=1-5&keywords=malware+analysis
   
   For programming
   
   
7. Complete Reference C and Complete Reference C++
   
8. NASM Manual
   
   
9. Intel Software Developer Manual (http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html)
   
   This should be enough for you to get started.

If you read Hackers, a book published in 1984 about the people and culture behind the early days of computing, which also contains a large part about the computer game industry of the time and how it was formed up (early history of Sierra, Broderbund, etc) and the people behind it, you'll see that many people (like Ken Williams) were very profit driven from the beginning. Of course there were also people on it doing it because they liked games and computers, just like today.

(also interesting trivia: this book was an inspiration for John Carmack when he was young and probably shaped his desire to share his code and knowledge openly)

Meh.. If you want to know more about Bill Gates and his achievements, you should do some research.

You can start by reading Hackers - Heroes of the computer revolution.

This really isn't as ridiculous as people are making it out to be. Encryption is commonly employed in malware as an anti-reverse-engineering measure. When you're a malware author and you want to make it harder for a malware analysis lab to figure out what it is that you did with a piece of malware (say you're targeting this malware at stealing credit card information, navigating a corporate network, compromising admin accounts within a company, etc.) you can encrypt your actual program code and include a snippet of code that runs on execution to decrypt the code by reading, decrypting, and writing back the region of memory where the encrypted code lives. This makes it a bit more annoying for a malware analyst to disassemble your malware and figure out what it's doing.

Python 6 is a bit silly though. Python 2.7 will be in use until the end of time.


For anyone curious about reading further, Practical Malware Analysis is a good resource.

For anyone who reads this and goes "Wow! What else can powershell do that I haven't heard about??"

https://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

https://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

• "The Practice of Systems and Network Administration" by Thomas Limoncelli, Christina Hogan, and Strata Chalup
  
  
• "Time Management for System Administrators" by Thomas Limoncelli
  
  
• "Getting Things Done" by David Allen
  
  
• "UNIX and Linux System Administration Handbook" by Evi Nemeth, Garth Snyder, Trent R. Hein, and Ben Whaley
  
  
• "Essential System Administration" by Æleen Frisch
  
  Even more formatting fun!
  
  By the way, thank you for this list.

macOS Support Essentials

Learning the bash Shell

Learning Unix for OS X

UNIX and Linux System Administration Handbook

What's New in macOS

(edit: ...if that's what you're going for)

man pages really are good enough once you got the basics down. They were 20 years ago, and I don’t think the quality has decreased. If you want truly great man pages, FreeBSD is the place to go.

To get the basics down, start with something like this

Once you understand that, follow up with something like this

Young people today.. they pick Arch to “learn something” (or just to be cool - I can’t decide), and when the learning part starts, they want the answers served without any effort.
There’s nothing wrong with wanting to learn, just don’t expect to be finished in 4 hours.

I’ve spent 20 years as a Unix system administrator and/or developed systems running on Unix. Before I had kids I spent a few years working on Stampede Linux. My first Linux distribution was “Yggdrasil Plug&Play Linux fall ‘93”. I still learn new stuff frequently, and it usually starts with something I find on the internet, which then get tried on my own machine, and finally i use man pages for troubleshooting/fine tuning.

If that fails, I do what everybody else does, i ask google, and if I still can’t solve the issue, I will ask somewhere. Last issue I had was Debian <-> FreeBSD NFSv4 mounts with Kerberos that would freeze frequently. I spent a couple of weeks debugging that before asking, and learned a great deal in the process. After google started returning only purple links, I finally asked on a couple of forums.

Code Complete: http://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670

Applicable to any OO language you are using.

Hey man. Good to hear that you are interested in programming. :)

I don't think "books" is a good suggestions. There is a lot to read and not a lot of time in the world. Plus, programming tends to be more fun.

That being said, however, I am going to go ahead and recommend reading Code Complete. I think that book should be required reading for every programmer. You will learn a lot and it is also a fairly amusing / interesting read.

I would also like to suggest that you use StackOverflow and follow interesting conversations in it. One of the tricks to programming is to become very engrossed in it. Find things you find interesting and read/learn just for the sake of it. If you think you know language 'X' well -- go to StackOverflow, sort by votes, filter by tag and tag the language you want to read about. I guarantee you will find a lot of "Woah, I did not know language 'X' could do that."

One last thing w.r.t all the 'what languages should I learn' hullabaloo. Start a little higher level. It sounds like you want to learn an Object-Oriented language. Do you know what your other options are?

http://en.wikipedia.org/wiki/Comparison_of_programming_paradigms#Main_paradigm_approaches

There's a quick overview of the different 'types' you'd expect to see. OO is a clear one, especially for industry development, but functional languages and others may also end up being used for your job. :)

EDIT: A little more on topic. I started with C++ in school. Some concepts were difficult -- pointers, references/pass-by-reference/de-referencing, and to a lesser extent garbage collection / memory allocation.

The main argument for learning C++ first is that it gives you good fundamentals. Every programmer should know what a pointer is. And a double pointer, for that matter! The main argument against learning C++ is that you can blow your foot off much easier than in Python. And that's no fun. And if you're the type of person who isn't ...tenacious enough to try and repair your own blown off foot -- perhaps a higher-level language would be a better choice. In this way you can become more accustom to the frustrations of coding (and how to cope) before introducing more complex issues.

That isn't to say you can't create just as large a clusterfuck with Python. You can. It has its own nuances. It's just that the library support (code already written for you) is going to be more extensive. A good comparison would be driving an old car vs a new car. The engine is harder to repair in the new car (can't get at the parts), runs better, but you don't get a feel for whats in the engine. Its more of a black box. That old '57 Chevy (C++) has its engine laid bare (not as much as C), but if you're no mechanic you might break your car and abandon it.

Just do what you find fun! You're still young :)

Code Complete (haven't yet read ed. 2, but the first edition was tremendous)

1. Code Academy has some free resources for getting started: https://www.codecademy.com/learn/learn-the-command-line Overthewire is also usually recommended. Also, just start using Linux and google solutions as things come up that you don't know how to do. Regarding pentesting methods - There's a lot of resources out there, check the sidebar, but this book lays out the standard methods used: https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641 (you can probably find it cheaper with a no starch press discount code)
   
2. WSL and python (or just python, but might as well get used to linux at the same time). Also, bash and powershell scripting.
   
3. Yes, the book above isn't free, so like I said, sidebar and such. Ask for it for your birthday, do odd jobs, etc. You don't have to make things expensive, but you're eventually going to have to spend a little bit here and there.
   
4. Anything. Kali is kind of the standard, which is basically Ubuntu Gnome (actually Debian based) with all the tools installed. Windows is good for some tools though, and just to learn the environment since Windows environments are typically the target.
   
   Also, second what /u/BigDaddyXXL said.

(re-comment of a re-comment of a re-comment but...)

One of the books I see come up time and again in recommendations for OSCP prep is Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman.

She has also done a video series along the same lines as the book that is available for free from Cybrary.

As a pentester you would typically need to follow a methodology of some sort. Here is a well known one http://www.pentest-standard.org/index.php/Main_Page

Typically you would first enumerate all open tcp/udp ports using a port scanner such as nmap. Then you would analyze ports one by one to see if they contain any vulnerabilities. If it’s a service running an outdated version of a particular software you would look up exploit-db and see if there is a corresponding exploit. Then tweak it to give you reverse shell to your IP address in metasploit or netcat. If it’s a web service you would use web methodology such as the one from here https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/ to look for web vulnerabilities in the web application and attempt to gain a shell that way. After you get a shell you might be highest privileged user or you might need to escalate your privileges. If you are regular user you look for ways to escalate your privileges depending on operating system you are logged in to. Get hackthebox vip account because this will give you access to retired vms and especially windows.

The OSCP certification is pretty much is doing combination of the steps described above on multiple machines. There is a book which goes over this methodology as well https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

Here is a great resource that many people use as a resource to study for OSCP as well https://xapax.gitbooks.io/security/content/
And if you search for oscp survival guide you can get additional resource to reference. Also rtfm is a good reference book as well.

Edit: here’s a good guide on using methodology with template you can import https://411hall.github.io/OSCP-Preparation/

Learn PowerShell in a Month of Lunches is one of the most widely-recommended books on starting PowerShell. I'd recommend following along and physically typing commands in to see what happens - don't just read it.

Alternatively, if you've got the time, one of the most comprehensive introductions is the Microsoft Virtual Academy course on PowerShell 3.0. Don't worry - even though PowerShell 5.0 has been released, this is still very relevant information. It's long - almost 8 hours of videos - but these guys know what they're talking about and they explain it quite well.

Beyond that, check out the resources in the sidebar of this sub. There are a couple other intro books and guides, as well as a lot of script resources to look at.

Finally, once you have a feel for what the language is, the best way to discover what the language can do is to find something you already do a lot, and figure out a way that PowerShell can automate that process. It sounds like your senior engineers have some examples of this already, but don't be afraid to expriment. I have to produce a lot of Excel reports, so the PSExcel module for PowerShell lets me automatically create those reports.

Hope that helps!

You're not going to get a better intro than "TCP/IP Illustrated, Vol. 1" by W. Richard Stevens. Ignore the other volumes.

https://www.amazon.com/TCP-Illustrated-Vol-Addison-Wesley-Professional/dp/0201633469

You're an experienced programmer: this


You're a mathematician/scientist/engineer/etc: this



You are "ok" with another language: this


You're more of a "video tutorial" learner: this (and your local library probably gives you free access, seriously check)


You're completely new to programming: this


You're 9 years old: this

UNIX and Linux System Administration Handbook's Chapter 10 - Logging

The TCP/IP Illustrated series is very good, if you have some basic knowledge. If you are just starting out, then I'd recommend Tanenbaum's Computer Networks. Whatever book you get, make sure it's one that focusses on Ethernet and TCP/IP, for the most part. You can specialize into other networks later as you need to, but those two are the most widely used in industry by far.

Another way to learn about networking is through practice. Set up a home network, write a basic client and server using sockets, play with tcpdump, etc.

Worth noting that there is a third edition that is significantly updated. I own both would say they're both good but you'll get a lot more out of the third edition.

https://www.amazon.ca/Practice-System-Network-Administration-Enterprise/dp/0321919165

A principle in web app security: user input cannot be trusted.

With that in mind, the following are the kinds of user input you can mess around with: query parameters, post params, file uploads, cookies, http headers, even out-of-band inputs like emails (if they get processed) or all of the above but for a different but related service.

Sometimes user input can be crafted to exploit unexpected behavior. Causing a 500 error may give you interesting error messages. Maybe form input isn't sanitized and you can perform sql injections, XSS, and the like. File uploads - do the files appear to be uploaded to their server (and not something like S3)? Try dropping php files (if it's a php application), try XXE if Word or Excel documents are expected. All sorts of fun possibilities can be explored wherever there is any user input.

Another subject worth studying: attacking authentication. Is there no rate limiting? Usernames can be enumerated? How about a brute force attack? Take a look at the session token in the cookies - can you reuse them? Are they custom-made (does not appear to be generated by a known framework)? Try attacking the token-generation scheme itself. Discovered an XSS vuln and the cookie entry for the session token is not set to http only? Write a script to steal them cookies - that'll be your XSS payload - sit back and wait for someone to bite.

I think exploring these topics is a great start.

Recommended reading:

https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

Edit: to add, the tools you have listed are info gathering tools. That's the first thing you want to use to give you a nice idea about potential attack vectors. Sometimes dirbuster can yield nice results in itself. For example, I found a deployment script sitting on a prod server - with AWS keys!!! Tip for info gathering: you can use builtwith to see what tech the target is using, and tailor info gathering scripts (like dirbuster) for that.

Best place to start is: http://www.amazon.com/Practical-Malware-Analysis-Dissecting-Malicious/dp/1593272901 ;)

Additionally, I study Computer Science & Systems Engineering, that helps a lot ;)

Penetration Testing: A Hands-On Introduction to Hacking
https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

Offensive Computer Security Spring 2014 Homepage Florida State University
http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity

Offensive Security Certified Professional
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional

The Hacker Playbook 3: Practical Guide To Penetration Testing
https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1980901759

MIT Course Number 6.858 :Computer Systems Security
https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014

More at http://Learn.SharjeelSayed.com

Ok, it doesn't matter why you did it. You did it, and that's what matters. The important thing to remember during all of this is that there's no going back. The best thing you can do to help yourself is just focus on your plan.

Now, what I'm about to tell you is very important: they already now. The NSA. You have, at a maximum, about 48 hours before the FBI kicks down your door and slaps a pair of stone cold cuffs on you.

Your first step is to erase everything: incinerate all your papers, cell phones, hard drives, everything. Anything that could possibly clue them in to where you're heading.

Second step: research. This is a great book to read up on. Obviously you don't have months to put this plan into action, but it'll still give you a good idea of what you're doing.

Now you need to pick a destination. There are two options: either go for the Walter White and hide out in a tiny house in the middle of nowhere for the rest of your life, or the "hiding in plain sight" option and settle down in a nice mansion on a tropical beach somewhere. Due to your extremely likely economic situation I think you'll have to go with Walter White unfortunately. All that's left to consider now is the country: obviously you want a poor, derelict nation, preferably hostile to the United States government - like Canada.

With careful planning, smart movement, and a little luck, you should be able to cross the border a few days. Don't both with credit cards, they'll have your face on INTERPOL within hours. Godspeed, Link_Mau5

I'm just two months into my first real job for programming and have a few books I've been going through.

Clean Code is a book not just about writing code, but good code that is easily maintained and passed down to other people to understand.

Working Effectively with Legacy Code was a great read coming into company that has been around for 20 years and is on the third iteration of their product.

I am doing web development so You don't know JS, Javascript: the good parts and then Javascript The Definitive Guide have all been a great help.

If you aren't much a book person, Pluralsight.com is awesome for info on tons of different technologies and is well worth the monthly cost. Go follow every major name in your preferred technologies on twitter. They will tweet all sorts of cool things to learn about. Also, PODCASTS!!!. I don't even listen to music anymore. If I'm in the car alone I'll be listening to Dot Net Rocks or Javascript Jabber.

Lastly, there are subreddits for every tech imaginable. Go subscribe to them and hit everyone up for where they get all their info!

The key to building bigger systems is writing modular code. I don't mean just code made of modules, I mean code in which the module boundaries are in the right places. Code divided into the most meaningful and distinct chunks.

You want to divide areas of responsibility into separate modules, in such a way that each module has a clear, distinct and succinct area of responsibility and the interfaces between modules (the function calls and data passed) are simple and minimal. Finding the right boundaries takes thinking deeply about the problem, and considering different ways to model it. When you get it right, you will find that changing implementation of one part of the code is much less likely to cascade into other areas.

The idea that this is an important way to think about designing a program is called the separation of concerns principle.

Patterns that can help with this include dependency injection which is often required for unit testing, and which forces you to separate modules and aspect oriented programming which deals with modularizing cross-cutting concerns, things like caching, logging and error handling which often show up in many different places in your code and undermine modularity.

Code Complete by Steve McConnell addresses these issues and has lots of helpful advice for dealing with large projects and large systems.

> So something that would take in excess of 3 years to master is out, if you catch my drift.

You seem to be misguided on this point - while you can pick up the basics/fundamentals of programming pretty quickly, if you're so inclined, the actual practice of writing software, and writing it well, is going to take a lot of time investment. I look back at code/software I wrote when I was just starting out professionally, and while they worked, I know how poorly they compare to what I can write/design now.

Having 3 years of software development experience when starting from zero would probably leave you at 'junior' or 'mid' level at the end, and if you don't have a more experienced developer mentoring you throughout the process, you may be at a disadvantage. From the sound of it, your school has no actual programmers/developers.

With that said:

• I would look at online resources to start out, like Learn X in Y Minutes or codecademy. Start playing around a lot and doing exercises.
  
• For a beginner, a language like Python or Ruby tends to be easiest to start with, as they are simple to install and experiment with.
  
• Additionally, learn about databases. MySQL and PostgreSQL are database systems that are widely used and free. Learn about database modeling, schema design, and how to actually write SQL.
  
• Understand that pretty much anything you write or make in the first year or so that isn't very simple will probably be horrible hack jobs. You may not think they are, but trust me, they will probably have poor design, use nasty hacks, employ bad practices, and so forth. This is where on-going improvement is a necessity, and why people read books like Clean Code, The Pragmatic Programmer, and Code Complete.
  
• Also, a mark of a good developer - assessing whether or not you have to actually write that code or software. I am not familiar with student management systems, but is it really going to be necessary to write your own, from scratch? Think of the following implications:
  
  • You are now your own support for your software - anyone in the school that has a problem with your app, you become the go-to person for fixing it or answering their questions, no matter how dumb the questions may be.
    
  • You become the point person for issues in the supporting system of the software - the database and the machines it runs on, primarily. You may be lucky enough to have IT helping you in this aspect, so hopefully you have an IT department that can do things like back up the database, maintain it, and restore it if something breaks.
    
  • Your software will likely be a hackjob - I do like to stress this point again, because none of us, starting out, turn out good software of moderate complexity without a couple years of experience. Time and time again I look at code written by fresh graduates or junior developers that are basically hacks or need a lot of cleanup/rewriting. Who will look over your code to tell you that?
    
  • Someone will have to maintain this software - and this will be you, but eventually, you might leave this job, so who will take over for you? Your school should be prepared for this eventuality.
    

Not game-specific, but these books are definitely industry essential books when it comes to anything related to software development.

In no particular order (though Code Complete should probably be first):

• http://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670
  
• http://www.amazon.com/The-Pragmatic-Programmer-Journeyman-Master/dp/020161622X
  
• http://www.amazon.com/Programming-Pearls-2nd-Edition-Bentley/dp/0201657880

Code Complete and Pragmatic Programmer are great books about programming as a craft and are both language agnostic.

Clean Code

vs

Code Complete

I suggest this book, Code Complete. It has nothing to do with Python and it's pretty old at this point but by reading it, I know for a fact that it has a lot of the same ideals. knowledge, values and tips that my college teachers tried very hard to impose upon me in what is considered one of the best IT college courses in my country https://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670

You can also procure your HR department (or your boss) and share the situation. Tell them you'd like to enroll in some courses to get up-to-speed with everyone else around you, since you don't have the same training as them. Most companies (or at least a lot of them) will offer to pay the entire thing for you too.

If you haven't read it, I recommend Code Complete. It's a classic for a reason.

You read code far more than you write it, so do whatever you think is necessary to make the code more readable. You seem to be beyond the basics (self-documenting code, etc), so a few advanced tips:

• Within a script, you can open up additional tabs that let you write more scripts so that they're all bundled together under one script name. You can use this to break a complex script down into smaller and smaller sub scripts without cluttering up your resource tree.
  
  
• Abolish "magic numbers." In your example, if there's a number that you use that could potentially change, make it a macro (constant), enum, or global variable with a descriptive name. Macros and enums are substituted at compile time, so they don't have any "look-up" overhead during run-time.
  
  
• I think you've already discovered why a lot of developers use scripts as often as possible: because it's easier to find and fix them than delving into an object's various events (or a room's creation code). Other than drawing, I usually have an event call a script, and the scripts are named hierarchically, e.g. sc_Creature_player_move
  
  There are a lot of good practices such as encapsulation, information hiding, and idempotence, that are too in-depth to get into here. IMO, GameMaker makes it really hard to follow some of these good practices, so I hope these suggestions are helpful to you.

• The Passionate Programmer: Creating a Remarkable Career in Software Development by Chad Fowler
  
• Head First Design Patterns by Eric Freeman and Elisabeth Robson
  
• The Pragmatic Programmer: From Journeyman to Master by Andrew Hunt and Dave Thomas
  
• Clean Code: A Handbook of Agile Software Craftsmanship by Robert C. Martin
  
• Code Complete (2nd Edition) by Steve McConnell
  
• Refactoring: Improving the Design of Existing Code by Martin Fowler

One of the best ways to learn is by studying other people's code. Using book references like the one you have on C# is a great start. Make sure you ask questions to yourself and really study the code. Questions to keep in mind: why is this line before that line? What would happen if these two lines were swapped? How could I make this easier to read? Do all of these lines make sense when grouped together in a function? How can I break this down into a simpler class/object?

Those are the kinds of questions professional developers ask themselves on a daily basis. If you start asking yourself those kinds of questions early, you'll become a very competent programmer.

I highly recommend new programmers to read Code Complete: http://www.amazon.com/dp/0735619670/ref=cm_sw_r_tw_awdm_ZlAbvb1GP04MC

The fact that you've submitted this question indicates that you're on the right track. You just need practice.

Clean Code http://amzn.com/0132350882

Code Complete 2 http://amzn.com/0735619670


Both are great books. I just finished reading Clean Code and I highly recommend it.

cc him on code reviews for your day to day scripts and proactively go over the small ones with him, line by line, a few times a week.

I have a list of exercises(pm me if you are intested) from: http://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0131480057 -- I assign 4 of these exercises weekly and go over it in 1:1s. Buy him a few books, and explain that you can't send him to a conference because of budget issues this year, but you want to invest in his career development -- it will go along way to building the mentor-mentee relationship.

The thing I like about this book, its age does give a good historical perspective, but the questions at the end of the chapters are easily adapted into good questions to fit a particular environment.

I've used this approach to bring up 3 jr linux sysadmins so far.

Computer Networking: A Top Down Approach by Kurose and Ross is often highly recommended.

Things you should download:

• Metasploitable VM (intentionally vulnerable Linux)
  
• Kali Linux (lots of tools including Aircrack and Metasploit already installed)
  
• "TCP/IP Illustrated"

The Practice of System and Network Administration: Volume 1: DevOps and other Best Practices for Enterprise IT (3rd Edition) https://www.amazon.com/dp/0321919165/ref=cm_sw_r_cp_apa_i_YBkxDb2D8ZNHG

/thread

Yep, if you're a Windows admin you need to learn powershell.

This is a great book to get started.

Are you an experienced programmer already? If so, Javascript the good parts. http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742/ref=sr_1_1?ie=UTF8&s=books&qid=1251072337&sr=8-1

Hi! I recommend the following books:

• Clean Code and The Clean Coder
  
  
• The Mythical Man-Month
  
  
• The Pragmatic Programmer
  
  
• Code Complete
  
  You can find other similar books here and here.
  
  One that I especially liked (although closer to an algorithms textbook, but also had very cool "War Stories") is called The Algorithm Design Manual.
  
  Have fun reading! :D

I heartily recommend Steven Levy's "Hackers". One of my all-time favorites.

If you are debugging you can manipulate the execution path. For example, the IsDebuggerPresent function call returns a nonzero value when the program is running in the context of a debugger. In intel x86 asm, return values are generally stored in EAX. Next there will be a comparison between EAX and zero. If they don't match, the malware will typically terminate.

When using a debugger you can set EAX to 0 before the comparison takes place. This way even though you are debugging, the malware will not know it is running in the context of a debugger.

There are also ways where you can patch the executable to change sections of code. This way you won't have to manually change the register values each time. Instead everytime IsDebuggerPresent is called, it will take the execution path you want everytime.

Sorry if this is confusing, I'm not sure the best way to explain this. This is more advanced analysis techniques / reverse engineering, so if you don't know assembly then it might be over your head.

There are some good resources out there to learn though. Practical Malware Analysis is the go-to book. I've heard good things about the Leena tutorials on tuts4you. There was also a blogger called The Legend of Random (might be down) who made some cracking tutorials. I personally think a good way to learn is to write a simple windows program (using a higher level language) and reverse the binary. This way you know what the source code is and see what it looks like in ASM. (Make sure to do these in VMs or another isolated environment).

Learn to write simple C programs. Then debug your own C programs, preferably in OS X or Linux using gcc/gdb. Then disassemble your own C code (learn how to disable optimization in the compiler; try it with no optimizaiton and then with increasing levels). Then look at C++ and (gasp) Visual BASIC and such. Turns out a ton of malware is written in these languages, and the snarl of garbage that you'll uncover that is just part of the auto-generated message handling stuff for VB will astound you, so don't start there...but it's important to understand those structures when you see them.

Then follow tutorials about reversing other programs. There are great books on this.

It helps a lot to know assembly language, but you'll tend to pick it up as you go.

You'll want better tools than just command-line disassemblers. I prefer IDA Pro.

There's a great book that uses IDA Pro with many examples to address precisely your questions.

Here's another great book on malware analysis that covers all kinds of tricks you might bump into when working on real targets.

I see all this as a long-term iterative exercise. It's fascinating.

”How Linux Works” is one of the better in depth explanations of Linux I've read.

It's written in a way that anyone can read and understand it, but it gets pretty deep into Linux under the hood.

2nd this.

The Linux Command Line. Author offers free PDF for download or you can support and buy from amazon.

http://linuxcommand.org/tlcl.php

 

https://www.amazon.com/Linux-Command-Line-Complete-Introduction/dp/1593273894/r

Tcp/up basics But seriously, TCP/up illustrated by Stevens

The senior part is more of a technical grade level and not necessarily management... granted I'm in the lead role here, it's my first time as one. All I can say is what help me spring forward at a lull at mid-level was picking up Thomas Limoncelli's books, [the sysadmin one] (https://www.amazon.com/Practice-System-Network-Administration-Enterprise/dp/0321919165/ref=sr_1_1?ie=UTF8&qid=1512041042&sr=8-1&keywords=thomas+limoncelli) and [the cloud one] (https://www.amazon.com/Practice-Cloud-System-Administration-Practices/dp/032194318X/ref=sr_1_3?ie=UTF8&qid=1512041042&sr=8-3&keywords=thomas+limoncelli) /r/sysadmin recommends them too. These are your best practice books, these tell you why to do things, not how. It will turn you from being the guy that mops the floor in a burning building into knowing when to yell, "FIRE!"

Cert wise, unless a specific company or contract requires it, I don't bother with the time and money on certs if you already have years of experience on the books. I'd probably go for a Security+ and then go for a Red Hat and/or CCNA certification as they are both prestigious. Red Hat is a big deal just by its practical application test.

If you want to go into cloud related stuff, you might want to brush up on your programming. This is what is limiting me, I have very minimal bash scripting experience coming from military in the Windows world then making a move to Linux.

Honestly, I would focus on being both as they both overlap very often unless you are in really large stovepipe enterprise environments, but you never know if you need to make a move to something smaller where you have the many hats role. I'd get your degree in something Computer science related (CS, CIS, EE, CE, etc) and then go RHCSA/CE and maybe Sec+/Net+ or instead of Net+ just go for something Cisco related. My networking is Net+ strength at best and I resent not doing better when I was younger.

EDIT: Also, if you can do the math, BS is Computer Science all the way... sysadmins are still really kind of not doing well in the degree program department, mainly because were so... trade-like I guess. Honestly, we're the new Millwrights like my dad was. We keep the factory going and fix it when production stops. It's kind of cool actually, it's nice to be able to have some kinship to my dad in that way.

But for the love of God, please, please, learn JavaScript itself to a good standard before even touching jQuery.

Even though jQuery makes writing web apps a lot easier and saves you a lot of development time, it is still a JavaScript library and as such, if you don't have a good grasp of JavaScript, you're going to be writing jQuery code that may well work correctly, but you're not going to have any idea why it works correctly and as such, debugging and writing advanced jQuery code is going to be a nightmare.

I appreciate that you might not want to spend any money on learning JavaScript, but if you're really interested in the language and want to know it well (and you already have a solid foundation in programming), then I highly recommend getting JavaScript: The Good Parts and reading through that. It's short (176 pages), you can read it in an afternoon (though the first time round, some of the stuff might go over your head), and although it may be very opinionated, most of what Crockford says is pure gold and at the end of it you will have a thorough understanding of how JavaScript works and how you can write good JavaScript, which will aid you tremendously when you start using libraries such as jQuery.

Apologies for my rantiness, it's just that JavaScript is seen as a 'toy' language by many, a simple language that people can just jump in and use without learning it first, as evidenced by people suggesting diving straight into jQuery, which is a reputation that I think is undeserved. JavaScript may not be the prettiest of languages, but it's here to stay, and if you learn to use it properly, you'll find that beneath the design mistakes lies a simple and beautiful programming language that just wants to be loved.

Code Complete

Probably the best book on "thinking like a software engineer" is Code Complete.

For now, here are a few general tips off the top of my head:

• Build your toolkit as you go. Don't just be trying to construct abstractions. You should be hunting for useful abstractions. Write code that is reusable. Whatever code you wrote is solving some sub-problem of your larger solution: are there related sub-problems you could attack with a similar strategy? Can you tweak some piece of code such that it can be reused to make your life easier elesewhere?
  
  
• Code as documentation. You are not just writing code for the purpose of accomplishing some end-goal, you are writing code so that if something breaks down the line, you will be able to figure out what needs to be fixed. This means your code should explain itself. Even if you don't anticipate anyone other than yourself will ever see your code, it might be months or years before you revisit some old code and you should anticipate that you will have forgotten basically everything about how it works. How can you make "future me"'s life easier in the process of building some solution? You should always be trying to name and structure variables/functions/objects such that it's clear what your code is doing and how information and decisions flow through your program.
  
  
• Solve for scalability early. Premature optimization should generally be avoided, but it's often the case that there are small changes you can make very early on to make your code orders-of-magnitude more performant. Are you choosing appropriate data structures for the problem? Are you factorizing your code and dependencies in a reasonable way? Are you excising unused dependencies from your code? Are you limiting i/o? Are you moving large chunks of data around? Can your code be containerized into microservices?

I've been coding for a few years and for a while was just focused on getting things to work.  Now I'm at a point where I know I'll figure out any given problem with my accumulated knowledge and/or additional research, and I'm noticing that not planning ahead is the most significant (lack of) action that will set me back at this stage in my practice.

 
To remedy this, I've been looking into architectural patterns (MVC, MVP, MVVM, etc.), and UML diagramming.
 

-----

 
Architectural patterns were initially difficult to grasp, as many of the explanations available online dig into topics that might not make sense yet if you are inexperienced with architecture.  The MVC Java Tutorial by Derek Banas is the best introductory explanation of architectural patterns that I've come across (he also has some great videos on design patterns & other topics).
 
Some books that cover code structure & architecture in more detail:

• Clean Code: A Handbook of Agile Software Craftsmanship
  
  
• Code Complete: A Practical Handbook of Software Construction
  
   
  The author of Clean Code, Bob Martin, has a ton of talks that are a great source of info, and has also produced the CleanCoders series.
   
  
  -----
  
   
  Also check out some Software UML Examples.  I find that mapping out an overhead view of your project before starting to code gives you a chance to make sure the majority of relationships, life-cycles, and high-level details are planned out correctly from the start.  You'll still have to make inevitable adjustments while coding, but it's much more efficient than figuring it all out from the inside while you're building it.
   
  yEd Graph Editor is a good freeware option for creating UML diagrams.
   
  If you find that you really like the UML approach, check out Enterprise Architect.  It's definitely worth picking up since it allows you to generate file structures from your UML diagrams, with all of the boilerplate filled out already (class/method/variable definitions, etc.).
   
  
  -----
  
   
  Also related, SourceMaking has some good wikis on:
  
  
• Design Patterns
  
  
• Refactoring
  
  
• Anti-Patterns
  
  
• UML
  
   
  (Although their UML material is pretty in-depth and may be overkill if you just want to use UML as a quick way to plan out code.  But it's legit if you want to go all-out UML mode)

> I first build a very simple prototype that has some basic actions and game principles I want to have in my game. I do not care for design nor code quality.

IIRC, this technique is highlighted in Code Complete. The key point the author made there was that it's OK to take shortcuts while prototyping, as long as you're willing to throw all that code away before doing the real work. (Of course, it's not that black and white.)

Code Complete 2nd Edition is what you want.

http://www.amazon.com/Linux-System-Administration-Handbook-Edition/dp/0131480057

This has been one of my favorite books: http://www.amazon.com/Linux-Bible-Christopher-Negus/dp/111821854X/

And I read through this entire book: http://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0131480057/

They are both great!

Edit: I can't type much because my internet is going out regularly at the moment, otherwise I'd love to elaborate further.

> windows server/services?

Microsoft's TechNet and MSDN are Microsoft's main reference portals for operations and development, respectively.

For structured learning, Microsoft offers their MCSE Program. Each exam covers a specific topic, and there are learning objectives and links to reference material available. Microsoft Press will usually have a self-study guide available for each exam.

There's also the Microsoft Virtual Academy, but I've never used it and can't vouch for its quality. Of course, it's free, so....

> linux server/common services? (Could be distro specific)

For professional use, the most commonly used Linux distributions are RHEL/CentOS and Ubuntu. (Debian is also popular, but it's close enough to Ubuntu that you can lump the two together.)

Both RHEL and CentOS have documentation available:
RHEL Documentation Page
Ubuntu Server Guide

RHEL's documentation is far more thorough and complete. However, Ubuntu has community support in the form of the Ubuntu Forums and Ask Ubuntu, and I've personally found it easier and faster to find specific information and solutions for Ubuntu.

For structured learning, Red Hat has a certification track available (which is obviously focused on Red Hat technologies), and LPI has a certification track that is more vendor-neutral. There are self-study books available for Red Hat's certifications, but they are all outdated for the current exams, and I don't recommend buying them until they're revised for RHEL 7.

For self-study, the closest thing to a Linux system administration bible that currently exists is the UNIX and Linux System Administration Handbook. However, it's a bit dated in certain respects.

Linux support and documentation, like its development, is spread out over the Internet. If you're looking for how to do something, usually the best place to start is Google. Searching for "[stuff] Ubuntu" or "[things] CentOS" will usually send you to the right place. Stack Exchange is also a pretty good resource:

• Stack Overflow, for scripting and coding questions
  
• Server Fault, for questions regarding system and network administration
  
• UNIX and Linux, for questions about Linux in general
  
  > Networking
  
  Networking education is split into two worlds: theoretical/academic computer networking, and practical, vendor-specific networking.
  
  For theoretical networking, your best bet is to pick up a textbook. We recently had a thread discussing recommendations.
  
  For practical, vendor-specific networking, the big player is Cisco. Cisco has a certification track available with course objective and reference materials. For self-study, anything written by Wendell Odom is gold; however, bear in mind that you really need a lab for self-study to be effective.
  
  Other companies, like Juniper or HP, also have networking certifications available, but I only recommend them as a supplement.
  
  Lastly, while I describe Cisco's training as "practical," that doesn't mean that the theoretical aspect of networking is unimportant for a professional. There is an industry-wide push toward software-defined networking, and if your SO wants to get in on that, she'll need to have a firm understanding of computer networking theory.
  
  > NetSec
  
  Hardcore NetSec isn't really my field, but /r/netsec has a Getting Started Guide with some resources available.

I've heard that this is the best handbook for UNIX/Linux administration:

http://www.amazon.com/Linux-System-Administration-Handbook-Edition/dp/0131480057

Don't use batch. It's outdated and should only be used for compatibility with very old versions of Windows.

PowerShell is the right way to to do this. I'm assuming when you say "create 20 users in Windows Server 2012" you are referring to Active Directory (AD) users, and not local users. You'll want to use the New-ADUser cmdlet to create the AD users. For importing from a csv file, you will need to use the Import-Csv cmdlet.

I won't tell you how to write the script, you should learn that on your own. The two cmdlets I mentioned should point you in the right direction. If you know nothing about PowerShell and need to learn the basics then get the book Learn PowerShell in a Month of Lunches. The book will teach you everything you need to know to get started with PowerShell.

My buddy used this. He highly recommended it to me.

https://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

Here are a few of my favorites:

Design patterns:

• http://addyosmani.com/resources/essentialjsdesignpatterns/book/#designpatternsjavascript
  
• https://leanpub.com/javascript-allonge/read
  
• https://leanpub.com/javascript-spessore/read
  
  The JavaScript language:
  
  
• http://www.amazon.com/Effective-JavaScript-Specific-Software-Development/dp/0321812182
  
• http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742
  
  And as a general language reference, MDN is the best: https://developer.mozilla.org/en-US/
  
  Hope that helps!

To expand upon this ...

1. In game dev just because a language has a feature doesn't mean it's a good idea to use it. Professional game devs are concerned about the run-time costs. That means knowing the costs of the features your language provides.
   
   For example, see this talk about how Ubisoft uses C++
   
   

• CppCon 2014: Nicolas Fleury "C++ in Huge AAA Games"
  
  They avoid most of modern C++ features because there is little, or no benefit, and the (run-time) performance cost is too high.
  
  To be a great programmer, you should know both the strengths and weakness of every language feature. They were designed and added to the language to solve a certain problem. What is the context? Where does it NOT perform?
  
  

2. As you move from indie to professional game dev you will be more focused on budgets. Memory Budgets. Performance Budgets. Polygon Budgets. Shader Budgets. How how to manage memory with a mid-level language like C is a fantastic skill to have. You should have a grasp of using memory/object pools which can be used in Javascript to further boost, say your particle system performance.
   
   
3. OOP does not scale and leads to terrible performance. For now, don't worry about it.
   
   
4. Javascript is a shitty designed language.
   
   On the negative side, it has tons of small gotchas. One of the ways to minimize it biting you in the ass is to use this hack at the beginning of your .js file
   
   "use strict";
   
   This will prevent the browser from allowing you to use variables that haven't before declared.
   
   On the plus side, it is fantastic for rapid prototyping.
   
   

• ALL Javascript programmers should have Douglas Crockford's book JavaScript: The Good Parts
  
  Now I didn't say you shouldn't use Javascript. Whether you write your game in C or Javascript is (slowly) becoming irrelevant as you can compile Javascript to C, or compile C to Javascript.
  
  Use whatever language you feel fits your dev style.
  
  All programming languages suck. Some just more.
  
  The more programming languages you know, the better the programmer you will be.
  

It's not quite what you asked for, but the parent of this reply answers that.

JavaScript: The Good Parts offers a wonderful Computer Science style discussion of JavaScript.

Code Complete by Steve McConnell

Speaking as someone who was great at reading but bad at retaining, learned to retain while in college getting a liberal arts degree, and has been reasonably successful at teaching himself programming languages since graduating...

Read things twice. Not necessarily the whole book, but for each paragraph you come across, think about what it's saying. If it is introducing something new, then read it a second time.

Read things out loud. Not even stuff you're trying to learn, and not necessarily to an audience. But (if you're taking my advice about reading things twice) do your second go-through out loud. You'll find that often your intonation is wrong - you didn't catch that something was a question, or you thought you were on the last clause of a sentence but you were wrong. Dedicate some small part of your brain to listening as you read out loud, and fixing these problems. This will help you get the structure of a thing - which parts are introductory, cursory, or parenthetical, and thus can be skipped over; which parts are REALLY IMPORTANT, which parts are actually pretty damn funny but you missed the joke the first time...

Don't just read. Explain to people what you're reading. My housemates and girlfriend have probably sponged half the stuff I've taught myself (about programming, musical instruments, bicycles, pretty much anything I've decided to learn about) because I'm constantly asking if they mind if I explain a concept to them. It helps that we're all young, intelligent, curious people.

Have a conversation with the book. When you come across something that seems wrong, don't just plow through - see if you can figure out why it just said what it did. Maybe you read it wrong. Maybe you misunderstood an earlier concept. Maybe you thought the dude was speaking when it was the lady. The point is that after that initial moment of confusion, you'll have a moment when it Suddenly Makes Sense - cultivate your enjoyment of that moment. It's one of the greatest pleasures of reading.

Do the stuff you're reading about. In the case of programming, do the exercises. If you're reading a book about a foreign language, acclimate yourself to the rules of pronunciation. In a work of fiction, hand the part of you that experiences emotions over to the author and let him or her shove you around to whatever he or she wants. If there's a math concept that doesn't quite make sense, pull it up on Wikipedia and read the links that describe any of the fundamental elements that you're missing.

If you want to get into programming, read one of the Head First books. They talk a lot about effective ways to learn things, in addition to putting those principles into practice in how they teach programming. This book started me on my current routine of reading a chapter of (whatever computer book, currently Code Complete) when I first wake up in the morning.

Apologies for the wall of text, I hope that was helpful. I'll edit to add anything that I think of.

Two things: The coursework from my CS degree, and reading books about software engineering.

I've spoken in other places about the former, and for the latter, I recommend The Pragmatic Programmer, Code Complete, and Design Patterns: Elements of Reusable Object-Oriented Software

https://www.amazon.com/dp/0201633612/?tag=stackoverflow17-20

https://www.amazon.com/Head-First-Design-Patterns-Brain-Friendly/dp/0596007124

https://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670

And you could check stack overflow for question on general programming books. I would always go for a general concept functional programming over how to functional programming in haskell.

But I'll be perfectly honest, I'm a victim of the curse of knowledge so I honestly don't know how one should start. What I do remember is that I had huge problems with syntax (how do I tell language X to do a for (Employee e in employeeList), how do you write a switch and stuff, why would I ever need a ternary operator, and like that.

But once you master the basics of how to write x, y and z in your preferred language, you absolutely need to understand design patterns, you absolutely need to understand how code is supposed to be written, you absolutely need to understand data structures, you absolutely need to understand inheritance and polymorphism, you absolutely need to understand lambdas and functional programming.

Then you can get to the more "neat" stuff like the benefits of having immutables, and "job specific stuff" like how to solve race conditions in threading; sockets and web communication, etc.

[Code Complete] ( http://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670) 960 pages, no fluff, essential reading to any programmer.

These are the coding conventions every Java developer should follow:
Oracle's Code Conventions for the Java Programming Language

If there are industry-wide coding conventions for the particular language, follow those. (i.e.: Java , C#); otherwise, most companies will enforce some conventions (i.e. most companies have their own C++, C coding conventions); otherwise, establish some, and stick to it. This book has general guidelines on coding conventions and best practices: Code Complete 2

http://www.lulu.com/product/ebook/owasp-testing-guide/17463506?productTrackingContext=author_spotlight_1412179_

http://nostarch.com/tangledweb.htm

http://www.syngress.com/hacking-and-penetration-testing/Web-Application-Obfuscation/

http://www.syngress.com/hacking-and-penetration-testing/Seven-Deadliest-Web-Application-Attacks/

http://www.syngress.com/hacking-and-penetration-testing/SQL-Injection-Attacks-and-Defense/

http://www.webhackingexposed.com/

http://www.amazon.com/Web-Application-Hackers-Handbook-Discovering/dp/1118026470/ref=dp_ob_title_bk

Servers should always be hardened and because everyone likes long guides the National Vulnerability Database actually maintains a lot of information regarding hardening servers. So for the actual server itself can be hardened using the following guide located here. That is for Red Hat Enterprise Linux 5. It will change from distro to distro, but some things are pretty standard. I agree with PalermoJohn as well that learning more about networking will certainly help you in securing your server and network.

For applications running on your web server the link for OWASP Top 10 that Rsaesha posted will help you. If you have more time and would like to learn about Application Security, The Web Application Hacker's Handbook is a great resource to learn a lot about security in Web Applications.

Both application and network level security are required to truly secure your web server.

Cheers!

IMO, these books are the best ones for web pentesting:

The Web Application Hacker's Handbook

The Tangled Web

OWASP Testing Guide v4

the easiest way is to strictly identify which part is really the variable:

foo=test

cp $foofile testdir/. # cp: missing destination file operand after 'testdir/.' ($foofile doesn't exist and expanded to null, not enough required params for cp)

cp "$foofile" testdir/. # cp: cannot stat '': No such file or directory ($foofile still doesn't exist, but expanded to '' due to double quotes usage - good practice)

cp ${foo}file testdir/. # will compy 'testfile' if exists

Also it is usefull to access command line params from inside the script if there are more than 9 params, to access 10th param use ${10}

and here is some list i noticed for myself of how to use this braces, while reading this book - would recommend:

Sorry for formating issues, reddit treats spaces and new lines in special way..


variable substitution:
substitution:

Bash supports various variables substitutions:

$a - will be substituted with 'a' value

${a} - same as $a but could be concatenated w/ string w/o spaces:

${a}.txt - will be expanded in a_value.txt

${11} - 11th positional parameter given to script from shell

${var:-word} - if 'variable' is set, the result will be its value

if 'variable' is unset - the result will be 'word'

$(var:=word} - if variable is set results in its value substituted

if variable is unset, it will be assigned to 'word'

such assignment will not work for positinal params(see 'shift')

and other special variables

${var:?word} - if variable is unset error with reason 'word' will be

generated, exit code of such construct will be 1

${var:+word} - if 'variable' is set, the result will be 'word',

(but variable's value will not be changed)

otherwise result will be EMPTY string

Example:

$ echo ${variable:-ls} - variable unset - ls used

> ls

$ export variable=1

$ echo ${variable:-ls} - variable is set- its value used

> 1

$ echo ${variable:+ls} - variable is set - ls used

> ls

$ echo ${variable1:+ls} - variable unset - empty line used

>

${!prefix} or ${!prefix@} - returns NAMES of existing variables

that starts from 'prefix.

Example:

$ echo ${!BASH}

> BASH BASHOPTS BASHPID BASH_ALIASES BASH_ARGC BASH_ARGV BASH_CMDS

string variables substitution:

${#var} - returns length of string in variable's value

Example:

$ var=123456789 #this could be interpreted as a string too now

> 9 #string length is 9

${#} or $# or ${#@} or ${#} - returns number of positional parameters

of the script being executed

${var:number} - return string from number to the end, spaces trimmed

variable is unchanged.

Example:

$ var="This string is to long."

$ echo ${var:5} #returns string from 5th symbol

> string is to long.

Example: spaces are trimmed:

$ echo ${var:5} | wc -c #count chars

$ 19

$ echo ${var:4} | wc -c #return starts from space

$ 19 #space is trimmed so same number of chars

${var: -number} - return string from end to number, spaces trimmed

NOTE - space between ':' and '-' signs

Example:

$ echo ${var: -5}

> long.

${var:number:length} - return string from number till end of lenth

Example:

$ echo ${var:5:6}

> string


${var: -number: -length} - return string number between number(from the

end) and length (also from the end)

NOTE: number must be > than length

Example:

$ echo ${var: -18: -2} #var is This string is to long.

> string is to lon

${@} - return all values of positional params

leaving spaces inside strings (like "$@" ) - bcs it know how

many arguments script has

${} is the same form, it seems

${@:num} - displays values of positional params but from num

$(@:1) - works same as ${@}

${@: -2} works , but starts from the end

${@:num:length} - same as with strings but with positional params

${@: -num: -length} - same as with strings but with positional params

${param#pattern} - finds shortest match and deletes it (lazy match)

Example:

foo="file.txt.gz"

${foo#.}

>txt.gz

${param##pattern} - finds longest match and deletes it (greedy match)

Example

${foo##.}

>.gz

${param%pattern} - same as # but deletes from the end of the file

Example:

foo=file.txt.gz

${foo%.} - note . instead of . in # example

>file.txt

${param%%pattern} - same as ##

${foo%%.}

>file

Search and replace:

${param/pattern/string} - replaces first occurance of pattern with string

${param//pattern/string} - replaces all occurances of pattern with string

${param/#pattern/string} - replaces only if at the beginning of the line

${param/%pattern/string} - replacesonly if at the end of the line

Tanenbaum's textbook is par for the course THE best low-level exploration of the fundamental concepts of operating systems. It is, however, HIGHLY theoretical, and requires a solid base of knowledge prior to even starting it. It also is not useful for learning specifics about every day tasks.

This is a phenomenal introduction to the concepts and some of the practice of Linux:
http://www.amazon.com/How-Linux-Works-Superuser-Should/dp/1593275676/ref=sr_1_1?ie=UTF8&qid=1454103950&sr=8-1&keywords=how+linux+works
And here is a practical-first exploration of how to use Linux:
http://www.amazon.com/Linux-Command-Line-Complete-Introduction/dp/1593273894/ref=sr_1_3?ie=UTF8&qid=1454103950&sr=8-3&keywords=how+linux+works

I would highly recommended reading these two books, then picking up a copy of Tanenbaum's, and finally this:
http://www.amazon.com/s/ref=nb_sb_ss_i_2_9?url=search-alias%3Daps&field-keywords=unix+and+linux+system+administration+handbook&sprefix=linux+sys%2Caps%2C204&rh=i%3Aaps%2Ck%3Aunix+and+linux+system+administration+handbook

If you actually study and practice implementing the topics discussed in these four books then you will have a far better understanding than 90% of the Linux users I've interacted with.

Learn sysadmin skills (linux sysadmin especially), learn to program in atleast one language can be anything: javascript or even python. Learn to hack web applications. Learn about infrastructure penetration testing. Have a look at hackerone.com and bugcrowd.com. Here are some guides to get your started:

Here is a copy paste of what I sent to another guy. Anyways here is my reading list: Check this too for practice: (List of vulnerable web applications that you can try on)https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project Try hackerone and bugcrowd too. Live sites you can hack. Some Stuff to read: https://forum.bugcrowd.com/t/common-assessment-tool-cheatsheets/502 https://forum.bugcrowd.com/t/researcher-resources-tutorials/370 https://ghostbin.com/paste/5o5zc https://www.reddit.com/r/netsec/comments/4k7y0q/video_of_hack_on_catalan_police_union/ http://0x27.me/HackBack/0x00.txt https://www.reddit.com/r/netsec/comments/3782hv/here_are_some_burp_suite_tutorials_for_you_guys/ Also read: 1. The Web Application Hacker's Handbook. (800 pages but just browser through it) 2. The Database Hackers's Handbook 3. Android Hacker's Handbook 4 . This book is good if you still very new: https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641 Also read this: https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf and this: https://github.com/jhaddix/tbhm Also check my subbreddit: /r/netsec_reading http://www.slideshare.net/bugcrowd/how-do-i-shot-web-jason-haddix-at-defcon-23 Some more blackhat stuff: https://ghostbin.com/paste/5o5zc https://www.reddit.com/r/netsec/comments/4k7y0q/video_of_hack_on_catalan_police_union/ http://0x27.me/HackBack/0x00.txt https://www.reddit.com/r/netsec/comments/3782hv/here_are_some_burp_suite_tutorials_for_you_guys/

This is the best book. Sets a firm foundation that you get nowhere else.

How Linux Works, 2nd Edition: What Every Superuser Should Know

https://www.amazon.com/dp/1593275676/

Final Step: Just disappear. Better than giving the bitch the satisfaction of whinging to her cunt buddies the rest of her life that her "chiiildren are viiictims b/c their Daddddy keeeled himself".

Best revenge is to live life to the fullest in some far-off tax shelter without an extradition treaty with your home country.

Also check out this book: How to disappear by Frank Ahearn.

I'm a big fan of JavaScript: The Good Parts. I'm not sure if it is quite intermediate, but it is a terrific (and short) read.

Secrets of the JavaScript Ninja is a bit more advanced. It's written by the guy who created jQuery. I found some of the coding style to be sort of strange, but it does have a lot of great information.

I can really recommend this book: http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742 (not an affiliate link ;) )

JavaScript is amazing if you embrace it's prototype-orientation and assorted ugly warts.

Link for those curious. Thanks for the tip!

Also, there's a CBT Nuggets video series on Powershell for those who dig CBT Nuggets kind of learning.

If you want him to get a firm grasp on it, There's this book as well: http://www.amazon.com/Linux-System-Administration-Handbook-Edition/dp/0131480057

A friend of mine works for one of the guys who wrote it and my understanding is that it's teaches you more than you thought you knew about linux.

I suggest getting a copy of the UNIX and Linux System Administration Handbook.

While Munger and Buffet are fantastic wealth generators based on value investing, they're definitely not software engineers. If you want to make a somewhat informed decision on Bitcoin and what cryptocurrecies represent, you should strive to educate yourself and not listen to what these two say about something they don't understand.

Andreas Antonopolos is a great educator: https://www.youtube.com/user/aantonop

The book published about his talks is also a fantastic resource:
https://www.amazon.com/Internet-Money-Andreas-M-Antonopoulos/dp/1537000454

This site contains a list of sites providing collections of malware samples : https://zeltser.com/malware-sample-sources/. If you haven't read any book about malware analysis yet I would recommend you to start with https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901 since you could get yourself easily infected as a beginner

Do these courses:

https://www.cybrary.it/course/comptia-network-plus/

https://www.edx.org/course/introduction-computer-science-harvardx-cs50x

https://www.codecademy.com/learn/python

https://www.learn-c.org/

http://opensecuritytraining.info/IntroX86.html

https://www.cybrary.it/course/ethical-hacking/

https://www.cybrary.it/course/advanced-penetration-testing/

https://www.coursera.org/learn/build-a-computer Don't skip over that because you know how to 'build' a computer aka put a computer together from parts; it is a course about building a computer from literal scratch aka: starting with logic gates, not a course on how to 'build a sweet gaming rig' or something.

Read these books:

https://www.nostarch.com/pentesting

http://www.amazon.com/The-Shellcoders-Handbook-Discovering-Exploiting/dp/047008023X

https://www.nostarch.com/hacking2.htm

https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

Do these for practice:

http://overthewire.org/wargames/bandit/ (and others on there, that is just the best beginner wargame)

http://www.hackthebox.eu

http://www.root-me.org http://www.pwnable.kr/

https://www.codewars.com/

http://www.abatchy.com/2017/02/oscp-like-vulnhub-vms

https://pentesterlab.com/exercises/web_for_pentester (Lots more on there besides that as well)

This should get you well on your way to getting started!

Some resources which will indirectly help you for GREM

https://amzn.com/1593272901

https://amzn.com/1118787315

https://amzn.com/1593272898

That's a good setup you have going on, honestly. If you're looking for more resources, I can think of a few resources to supplement what you're already reading/doing

The Tangled Web - https://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886

SQL Injection Attacks and Defense - https://www.amazon.com/gp/product/1597494240

Hacking Exposed: Web Application - https://www.amazon.com/HACKING-EXPOSED-WEB-APPLICATIONS-Edition/dp/0071740643/

https://pentesterlab.com/bootcamp - At this point, you can probably filter out what's relevant to you or not, this will map out other topics related to what you need to know, and may fill in any gaps you have at this point.

OWASP - https://www.owasp.org/index.php/Main_Page [Borderline vital to web app exploitation, Highly recommend if you haven't explored this site yet]

Now, the books and study materials are nice and all, but the most important thing is practical experience, and I see you've identified that by engaging yourself in DVWA. A few additional hands on labs you could dive into are vulnhubs that target the web (Broken Web Applications Project by OWASP is a must):

https://www.vulnhub.com/?q=Web&sort=date-asc&type=vm

Wargames (Overthewire / Smashthestack):

http://overthewire.org/wargames/natas/

SecurityInnovation (canyouhack.us):

http://canyouhack.us/ - It will start off with web challenges, feel free to stop when it starts getting into binary exploitation. What you've learned up to this point should carry you through the web application portion of this challenge, although some lateral thinking is required, which is also a skill you'll need for the GWAPT.

Google-Gruyere - https://google-gruyere.appspot.com/

Since you stated that you were going through the WAHH book, the labs over at mdsec may be a good investment for you at this point to follow along (although not exactly required if you properly use the resources above)

http://mdsec.net/labs/

https://www.wechall.net/challs - Again, filter out what you need to practice here. Lots of good challenges for multiple different areas of study.

CTF's: Be on the lookout for CTF's on http://ctftime.org and put a focus on the web challenges. These challenges will encourage lateral thinking like the securityinnovation challenge.
http://shell-storm.org/repo/CTF/ is an archive of older CTF's if you're having a hard time finding upcoming CTF's with good web exploitation sections. In my opinion, CSAW is especially good when it comes to web challenges, but check most of them out if you get time.

Another recommendation to you is to develop a decent understanding of how a web application is structured. It becomes easier to visualize how to attack a web application, when you can engineer one. So I will recommend that you learn:

HTML/CSS - don't spend way too much time on this, codecademy should suffice here

Javascript: The source of the client side exploits you will find in the future. Get your feet wet in javascript via codecademy, and progress further.

PHP: Source of the majority of server side exploits you will find (RFI/LFI, SQL Injection, etc). As with javascript, get your feet wet through codecademy, and try to progress further from there.

SQL: Important to know for SQL Injection. PHP is responsible for the implementation that leads to SQL Injection, but you should really know SQL to actually manipulate the DBMS to your needs.

With the web languages I listed, the end goal for you, should be to identify vulnerable source code, as well as being able to intentionally develop vulnerable source code, and fix it.

At this point, you should be relatively comfortable with the concepts covered in the GWAPT, however if not, take a look at the bulletin/syllabus of the actual exam, and individually research each topic.

http://www.giac.org/certification/web-application-penetration-tester-gwapt

Looking at the syllabus for the actual course that maps to GWAPT may provide some insight as well.

https://www.sans.org/course/web-app-penetration-testing-ethical-hacking

Hope I was able to help. Best of luck to you, and if you have any questions, feel free to let me know.

1. Don't start with Kali Linux.
   
   
2. Especially do NOT replace your main OS with with Kali Linux. I'm assuming you are not familiar with Linux, so you will most likely damage your computer if you make a mistake.
   
   -get a VM and install Ubuntu to mess around and get used to the environment. The VM will keep you from damaging anything and acts as a failsafe.
   
   -I also suggest reading about how to use BASH. This will help you familiarize yourself with Linux. This book is amazing.
   
   

I agree with what the others have said.

However, I'll give you some more direction and encouragement. I'm sort of in a similar position as you (except I'm a senior, and have a few years experience working with systems and networking) who is also looking at Security-focused internships.

The CompTIA certificates are okay, especially as a beginner, but they don't hold much weight. They're great for laying down foundational knowledge, and maybe helping you get an interview, but beyond that, they won't do much else.

If I were in your position, I would put my study time into getting the OSCP (Offensive Security Certified Professional). This thing is intimidating. It's one of the harder certificates to get in the industry, and the main reason for that is the exam is a rigorous 24 hour pentest. The payoff is worth it though; the OSCP has an overwhelmingly positive reputation in the industry (don't take my word for it, read up on other's opinions of it). This certificate doesn't expire, and it's something that can help you in your career further down the road (unlike the CompTIA certs). The biggest reason I'm mentioning it is because you can start as a total noob and still pass the exam (all you need is a basic understanding of networking and somewhat familiarity with linux) - be prepared to spend 300-400 hours in a lab environment until you get to that point, though. Start out with the Georgia Weidman book to see it it interests you, if so, go for it and don't look back. Even if you apply to non-offensive/blue team security positions, the OSCP will still put you and your resume near the top of the stack.

As your interest progresses in the Security industry, know that it's essential to have a thorough understanding of systems and networking - and how everything connects to each other.

Best of luck!

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

IMO Georgia's book covers everything you'll need for the exam (specifically exploit development and POC modification).

The Metasploit book is cool, but since you don't really get to use it in the exam lab (you only get one Metasploit "lifeline" to use) it may not be worth picking up right now.

It depends on what you already know.

​

Do you have any prior programming experience? If not, start there. My no. 1 recommendation here would be Allen B. Downey's free Think Python book. Others might come along and recommend something like SICP, which is a good book, but perhaps a bit hard for an absolute beginner. Downey also has a version of his book that uses Java, so if you know for a fact that this is the language your introductory programming class will be using, then that could be a better option (Python is a simpler language, which makes it easier for you to focus on the actual concepts rather than the language itself, but if you know that you'll be using Java, you might as well kill two birds with one stone).

​

If you do have prior programming experience, you have all sorts of options:

• You could learn a functional language, like a Lisp (Clojure, Racket, Scheme, LFE, ...) or something in the (extended) ML family (Standard ML, OCaml, F#, Haskell, Elm, ...).
  
• Or, you could go the other way and learn something low-level, like C. You could even learn about C and Lisp at the same time by building your own.
  
• Or learn a logic programming language, like Prolog.
  
• Or, if you really want to understand object-oriented programming (and how languages like Java managed to stuff it up), you could learn Smalltalk.
  
• If you don't know what a unit test is or how to write one, you should learn.
  
• Learn about data structures and algorithms. As a CS student, you'll be learning about them at some stage anyway, so there's no harm in starting early. Some people might recommended CLRS for this, but for someone just starting out, I'd recommend something a bit friendlier, such as this series of videos from Princeton (presented by Robert Sedgewick, author of one of the most popular books on the subject). If you'd prefer a book, this free one from Allen B. Downey (who also wrote the introductory programming text I recommended earleir) looks quite good.
  
• Work your way through NAND2Tetris. It will take way longer than a month, but it will definitely set you apart from the rest of the class. Even if you don't do this now, you should definitely plan to do it at some point.
  
• Learn about databases. Again, you'll have to study them eventually, so why not start early? You could start by trying to build something that uses a database, like a simple todo utility.
  
  ​
  
  Regardless of whether or not you have programmed before, I would also recommend doing the following:
  
  
• Learn some basic Unix skills. It doesn't have to be too much – just enough to be able to sit down at the command line and have a vague idea of what you're doing is fine for now. You'll learn more as you use it more. That said, if you really want to dive in and learn how everything works, then something like How Linux Works could be a good read.
  
• Learn some discrete mathematics. As a CS student, you'll be required to learn it at some stage – it's the mathematical backbone of CS, much like calculus is to physics – so you might as well start early. This free, book-length set of notes from MIT is very well-regarded (but don't expect to get through it all in a month!). There is also a set of video lectures if you prefer. If you're keen on learning functional programming, another option could be to integrate that with your discrete maths studies by reading Thomas VanDrunen's Discrete Mathematics and Functional Programming (if the physical book is a bit expensive for you, there's also a cheaper ebook version available).
  
• For bonus points: learn to use either Vim or Emacs. There probably isn't a massive practical advantage to using these this early in your career (although they could certainly come in handy later), but if other students see you writing code in one of them, you'll look like an absolute badass. Your teachers will probably be quietly impressed, too.
  
  ​
  
  if you have any questions about my above suggestions, let me know, and I'll see if I can point you in the right direction.
  
  ​
  
  Good luck!

How Linux Works was suggested on another thread. I picked it up, and while I am only on chapter 2, it seems like a good primer.

I taught a powershell class at work a few years ago. We went chapter by chapter through "Lean powershell in a month of lunches"
https://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

Anything by Don Jones.

Even look up "Don Jones Powershell" on YouTube will bring up a lot of his powershell stuff. He is entertaining and very informative.

Or pick up his book: http://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080/ref=sr_1_1?ie=UTF8&qid=1372257080&sr=8-1&keywords=don+jones

Start Here

https://developer.mozilla.org/en-US/docs/Learn/Getting_started_with_the_web/JavaScript_basics

https://www.codecademy.com/learn/introduction-to-javascript

https://www.learn-js.org/

https://www.udacity.com/course/intro-to-javascript--ud803

https://www.udemy.com/beginning-javascript/

https://www.coursera.org/courses?query=javascript

https://javascript.info/

https://www.w3schools.com/js/

https://www.amazon.com/Eloquent-JavaScript-3rd-Introduction-Programming/dp/1593279507

https://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742

https://www.amazon.com/s?k=you+don%27t+know+js&crid=3CTP426AMFRY2&sprefix=you+don%27t+know+%2Caps%2C208&ref=nb_sb_ss_i_1_15

One more to add: JavaScript: The Good Parts

(obligatory joke)

In all seriousness, it is a really good book.

​

First of all, don't worry too much about a single interview. A lot of interviewers don't really know what they're doing / why they are actually asking the questions they are asking. Usually, they're programmers--not experts at hiring people.

Having said that, you definitely want to be familiar with common "gotchas" and major issues in the languages/frameworks you will be using.

For JS, I recommend two books in particular: JavaScript: The Good Parts and JavaScript Patterns. I found these helpful because they cover all the major issues with the language and they are quite concise. These don't cover any frameworks like jQuery or Angular though--that's another matter altogether.

Also take a look here: https://github.com/h5bp/Front-end-Developer-Interview-Questions
There's a good chance the interviewers will straight up copy questions from this list and you researching the answers will be a great learning experience.

Now I'm imagining a book titled "PHP: The Good Parts". (Kind of like "Javascript: The Good Parts".) Only, it's less of a book and more of a pamphlet.

Advanced

Medium

Old, but probably still relevant

Yet to be released, but you can get the in progress pdf from the publisher

Docs

The one that everybody recommends

HTML5 spec

HTML5Rocks

Latest Webkit News

Other than that build build build. Make demos and play. Ask questions here or on stackoverflow and read other people's code. Also, lots of great old JSConf videos out there.

Check out JavaScript, the Good Parts. Imo the best beginner JS book. No one should be able to save a .js file without reading it :)

You can learn angular without learning JS first, but it sure will help you go a lot further if you understand the fundamentals of JS.

http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742

Code Complete

Big Java Late Objects

The Pragmatic Programmer: From Journeyman to Master

The Mythical Man-Month

Android Programming: The Big Nerd Ranch Guide

cracking the coding Interview

Introduction to Algorithms

Thinking in C++

Hmmm...

Like everyone said, it depends. Deep nesting can often be a code smell. This book will help answer your questions:

http://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670

But more importantly, please don't call yourself (or others!) a bad programmer! I'm sure you're just joking, but there's this weird vibe in the scene where people's worth is evaluated on their code. It kinda sucks. You're not your code.

A better question would be: does this pattern indicate poorly written code? The answer is GOTO: Hmmm...

Perhaps offtopic but... Some books you should read regardless of CompSci branch

• Code Complete
  
• The Pragmatic Programmer
  
• Refactoring
  
• The Mythical Man Month
  
• Why Programs Fail
  
• Design Patterns
  

I can't believe that no one mentioned Code Complete: http://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670/ref=sr_1_1?ie=UTF8&s=books&qid=1267359531&sr=8-1

It totally changed my perspective on writing applications, no matter what the language or scenario. HIGHLY recommended - every programmer should read it.

This list isn't about "coding" per-se but is more focused on concepts, sw.en., practices, etc.

Thinking in Java is one of my favorites, the definitive introduction to object oriented programming and design.

Code Complete, Don't know anyone who hasn't heard of this so far

The Pragmatic Programmer: From Journeyman to Master

Code Complete: A Practical Handbook of Software Construction is often recommended

The stuff you are learning in CS class is definitely important, but it's orthogonal to the things you will need to learn in the industry.

Read "Code Complete" to get a head start on this stuff. - https://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670

As far as some fun interviews with famous programmers, another great book is https://www.amazon.com/Practice-Programming-Addison-Wesley-Professional-Computing/dp/020161586X

There are several good books on designing good software:

Code Complete

Design Patterns

Refactoring

TL;DR Improve yourself, invest in your future, don't worry about the mistakes...read the books listed at bottom, and practice!

Few months ago I royally fucked up an interview at Microsoft. A really simple question. But I had no experience doing coding on paper instead of a computer.

I spent a lot of time studying various books and paper coding to make sure it wouldn't happen again.

I then had an interview for another (in my mind at the time) dream job. I did fine for all the phone interviews and they flew me over to the west coast for an in person interview for the day. I did well for the first bit until they started pulling out dynamic programming and integer programming questions on me and expecting me. Once again something I didn't prepare for, and f'd up. Didn't get this job either. For the longest time I was really hard on myself at fucking up on both these interviews one after another. Especially this second one since a lot more was riding on it than just the job (another story).

But then I decided I didn't want to have this sort of experience again and expected better of myself. I made myself further improve and brush up on all those concepts as well. Did a few mock interviews with friends, spent some time working on interview type questions on both the computer and on paper. A month or two later I started interviewing again. By this point I was an interviewing machine - and I'm now able to do just about anything thrown at me. I've had my choice of employers and until just recently, was in the situation where I had so many offers I didn't know which one I wanted most. I'll be heading to silicon valley soon at one of the top tech companies in the world with a fantastic offer considering I just graduated.

The point is - learn from the mistakes and improve yourself. I realize you don't want to be that guy spending heaps of time coding outside of work or whatever... but this is an investment in yourself and your career. Do it once, and then just brush up on your skills from time to time. Get into the interviewing mindset and just rock them so you can have your choice of job - and then you can go about your thing once you have the job locked. The up front investment will be worth it!

Things that helped me:

• www.hackerrank.com - practiced a lot of questions on here
  
• www.careercup.com - another great site for questions
  
• Cracking the Coding Interview More help on questions, but also some great insights into the interview process for the larger tech companies and many hints and tips on how to go about solving the more complex problems
  
• Code Complete A great book for helping you to refresh or learn about software design
  
• Eternally Confuzzled Great resource to learn how to think about common data structures and algorithms
  
  Having trouble with Algorithm design/analysis? These are some of the go-to books for that:
  
  
• The Algorithm Design Manual Probably the defacto for learning about algorithm design and analysis
  
• Introduction to Algorithms A great book with many different algorithms and data structures to learn about
  
• Algorithm Design A great book if you want to dive deeper into more complex subjects like graph theory, dynamic programming, search algorithms, etc.. etc..

Looks like most of your knowledge and experience so far is with imperative/object-oriented programming. You might want to have a look at functional programming, just to get some perspective. Scala, Erlang or Haskell could be some good choices here, or even Ruby (if you make use of blocks and don't use mutable data). Actually, Ruby is pretty cool and very versatile and practical, that could be a good language choice as well, and you would also be able to make use of your prior knowledge with OO programming.

One other thing that you could do with this time is to read some books! There are some wonderful "generic" titles that every programmer should read, in my opinion. Have a look at The Pragmatic Programmer, Clean Code and Code Complete, for starters. These might get you really inspired and pumped up for the undergrad college and computer science classes, as well as give you some good tips on new things to learn.

Code: The Hidden Language of Computer Hardware and Software

Clean Code: A Handbook of Agile Software Craftsmanship

Code Complete: A Practical Handbook of Software Construction

Algorithms

Types and Programming Languages

There are a lot of different strategies.

• UML/RUP (Rational Unified Process) Make lots of diagrams (UML) and lots of system requirements docs.
  
• TDD - Test driven development. Make Unit Tests first and then make code that passes the unit tests.
  
• CRC analysis - Napkin card type design that helps you figure out what classes you should have.
  
• Service based design - SOA type stuff. Define some high-level service APIs that different parts of your application communicate. Great when multiple team members are implementing different layers of your application.
  
  Basically you asking a methodology question and not a programming question. If you are asking questions like this you should probably start reading books like Code Complete: A Practical Handbook of Software Construction, Second Edition

Perfectly normal. After 15 years of amateur programming I still make stupid mistakes and have dumb days and weeks when I get or seem to get nothing done. But like the saying goes it's only a problem if you don't learn from your mistakes. I can write a class get it working and come back to it in a week and can't for the life of me figure out why I'd done something a certain way. So my approach now is to break the program into modules and then classes which are independent as possible. Test those classes and finalise them as much as possible so I never need to modify them again and make notes on how they work. In fact I seem to make notes on everything I do. From theory to how classes in an API works to my own code. I've read somewhere programming is one of the most mentally intensive activities a human can do, so don't be surprised if you find it difficult at times, every programmer does I'm sure. Good luck 👍 oh yeah I forgot I'd strongly recommend reading code complete it helped me out more than any other programming book and it's lessons apply to any language. Think it even has a chapter on human factors

This book should be good enough to last you through undergrad.

Get the Unix and Linux Administration Handbook, 4th Edition, by Evi Nemeth, Garth Snyder, Trent Hein and Ben Whaley.

This book covers both Ubuntu and other Linux flavors, along with traditional Unix. It is my defacto go-to when I need to look up a topic, and goes into incredible detail about not only how to do things, but also some of the theory behind them. A good example is that it explains how to set up a DNS server, but also details how DNS actually works.

For something cheaper - just google the Rute Manual. This also details a wide array of OS concepts and how they are embodied in Linux.

And while your learning - i'd like to throw this tidbit that I absolutely love from the Rute guide:

>Any system reference will require you to read it at least three times before you get a reasonable picture of what to do. If you need to read it more than three times, then there is probably some other information that you really should be reading first. If you are reading a document only once, then you are being too impatient with yourself.

>It is important to identify the exact terms that you fail to understand in a document. Always try to backtrack to the precise word before you continue.

>Its also probably not a good idea to learn new things according to deadlines. Your UNIX knowledge should evolve by grace and fascination, rather than pressure

A must read is UNIX and Linux System Administration Handbook (4th Edition):

www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0131480057/

See also: http://www.reddit.com/r/linux/comments/cm8y4/any_book_recommendations/?sort=new

Read this book: http://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0131480057
UNIX and Linux System Administration Handbook (4th Edition) [Paperback] Evi Nemeth (Author), Garth Snyder (Author), Trent R. Hein (Author), Ben Whaley (Author)

Honestly, you are never going to find a way to shortcut you out of this situation. No one answer is going to be perfect and get you from A to B if your already at C. I had a similar experience with programming and web development.

I studied computer networking all my adult life and never thought I would be developing as my career at the moment. It is the burden of knowing too much and not having a clear direction. What I needed was more confidence in my skills which can only really develop over the years through experience.

You say you already know a lot of Linux and Bash concepts. CD/CI pipelines try to abstract a lot of OS related involvement since your code doesn’t need to know how low level kernel operations are happening.

What it sounds like you need is knowledge of OS concepts, not just Linux concepts. I say this because every OS has its own way of doing the same thing one way or another.

For example virtual memory, if you understand the concept of virtual memory in any OS rather than a specific OS’s semantics regarding Virtual memory then I think you would be better off in the long run.

If I am wrong and you are the master of the Linux environment, I believe you just need to deep dive into development strategies and the core principles of CD/CI. Once you have a foundation it doesn’t really mater if you are a Jenkins expert or CircleCI expert, all that matters is if you have a foundation to fall back on.

Edit: if you wanted my two cents on material here are some books I recommend.

The Practice of System and Network Administration

Operating Systems Concepts

UNIX and Linux System Administration Handbook

There almost certainly no configuration management system or orchestration system guides that are going to be useful without at least a base understanding of the systems you will be managing.

If you want some base knowledge maybe start with something like this

• UNIX and Linux System Administration Handbook
  
  • https://www.amazon.com/dp/0134277554/

No question, W. Richard Stevens' books on the protocols and the implementation were the definitive works.

I haven't gone back to them recently to see how they've aged, but much of what I know about TCP/IP, I learned from those books. (I was tasked with switching over the internal communications on a large telecom system from a proprietary protocol to TCP/IP - again, I'm talking about the communications between boards in the system, not outside to switching centers and COs.)

Unfortunately, Vol. 3 pre-dated HTTPS (and SSL in general), too bad, I'm sure if he were still alive, Stevens would have done that topic justice.

https://www.amazon.com/Practice-System-Network-Administration-Enterprise/dp/0321919165/

I've recently been working on my JS skills and heres a few resources I've found super useful:

Books:

Javascript Patterns

Javascript: The Good Parts

Javascript: The Definitive Guide (While an exhausive resource on the topic, this one is a bit verbose)

Web:

Mozilla's Javascript Guide (One of the best free online javascript guides/references.

How to Node (Tutorials on server-side Node.js)

Daily JS (Interesting JS related news)

Echo JS (Similar to above but updates less frequently)

Hacker News (This is more general tech news but there is a ton of useful web stuff, especially as node.js is currently a hot topic. Reddit actually spawned from HN)

Online Videos (free)

Douglas Crockford's Javascript Lectures (I would recommend these to anyone getting into javascript)

http://amzn.com/1617291080

That's what I used, came highly recommended by folks in this subreddit, and I see why. Starts off slow and simple, assumes you have no prior experience in programming. By chapter 4 you're making scripts that show just how awesome PS is.

Great book to start with: http://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

This is probably the most recommended book: https://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

Books aren't really my learning style - to me, it's just solve a problem, then solve it gooder

Maybe I should read more....

I think it is always safe to look at all of the material in the 70-640 curriculum. Most of it easily applies to 2012+ and you may still see a lot of 2008 systems.

https://www.microsoft.com/learning/en-us/exam-70-640.aspx

Combine the reading with the lab work and you can learn a lot.

Also /r/powershell and Powershell in a Month of Lunches. New version addresses Powershell 3 http://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

If you're looking at Powershell, the Learn Windows Powershell in a Month of Lunches is pretty well reviewed.

Rule 1: You better start learning how to teach yourself cause classes are probably not gonna happen. I got this book and taught myself the fundamentals of powershell. You'll need to do something similar. For the application, I'm sure the developer provides an entire site full of documentation for you to use to help develop your skills. It may seem intimidating now, but you'll get used to it.

Note: The powershell book is very easy to find for free if you know where to look.

>However, at least at this office, you can have days like today where things slow way down and you can derp around on Reddit until you get more calls or a user gets back to you.

System/Network Administrators (especially at smaller companies) either work well or they work often. I'm getting towards the "well" side of things more and more as I get better, which leaves more time for other activities, like reddit or going through Powershell in a Month of Lunches.

Powershell in a Month of Lunches

Powershell is a very handy tool to have, but you don't need to 'dedicate' yourself. Go through this book and you'll be a step above a majority of IT professionals easily. https://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

I highly recommend checking out the You Don't Know JS book series by Kyle Simpson. It goes in depth into how the language works and all the quirks you might encounter: https://github.com/getify/You-Dont-Know-JS

If you'd like a shorter read and maybe have your opinions formed for you... checkout JavaScript the good parts: https://www.amazon.com/_/dp/0596517742

> Failing that, are there any good cheatsheets/references for JS "gotchas" and unusual features that devs from other languages might not be familiar with?


There are entire books dedicated to this! (Also some entertaining talks.)


Here are some good JS books not aimed at total beginners:

• JavaScript: The Good Parts
  
• Professional JavaScript for Web Developers
  
• Effective JavaScript
  
  
  Bonus (to give you a sense of the kinds of "gotchas" you'll find in JS):
  
  
  // Even though you pass in numbers, JS sorts them lexicographically
  > [5, 1, 10].sort();
  [ 1, 10, 5 ]
  
  // You "fix" this by passing in a custom comparator
  > [5, 1, 10].sort(function(a, b) { return a - b; });
  [ 1, 5, 10 ]
  
  // This probably makes sense to someone, somewhere
  > Math.min();
  Infinity
  
  > Math.max();
  -Infinity
  
  // Some things are best left unknown
  > {} + {};
  NaN
  
  > var wat = {} + {}; wat;
  '[object Object][object Object]'
  
  Here are a bunch more in quiz form.

1. https://www.manning.com/books/secrets-of-the-javascript-ninja
   
   
2. https://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742
   
   
3. https://github.com/getify/You-Dont-Know-JS
   
   
4. https://www.amazon.com/JavaScript-Definitive-Guide-Activate-Guides-ebook/dp/B004XQX4K0/ref=sr_1_1?ie=UTF8&keywords=javascript+the+definitive+guide&qid=1434243328&s=books&sr=1-1
   
   Not in any order though

In today's shiny web world, it can't hurt to learn JavaScript, but it's a dreadful mess, saved only by this fine book.

Python is a great language for learning, and I think Tasker supports it..

Now, I've spent years in software, and I suggest you stick with Tasker and its plugins, because it is very well thought out. You can learn a lot about real world stuff if you focus on being battery efficient and being responsive. Setting task and profile priorities, scheduling waits, running tasks in parallel, is an art.

Premature optimisation is the root of all evil in programming. JS doesn't necessarily make things faster, and believe me I've seen clueless JS programmers consider using C/C+ for speed, when they could have simply used JS properly. Use libraries, not DIY code, which is why AutoTools is so good.

JS is hard, especially for people new to programming. Basically, JS as we know it today is an evolution of a browser hack that only recently became a seriously useful language. The syntax is terrible, math and numbers don't make any sense, the regex system isn't super robust, oh and it's not really an OOP language. Technically, it is multi-paradigm and includes some oop-like things and classes are on the way to browsers, but it's for naught anyway, because you don't need classes in JS - It's a prototypical inheritance based language.

If you're new to programming in general, I'd say you should start with a more sane environment, like Python. It will teach you programming concepts while railroading you into making good coding decisions. It's really common for people to start with Learn Python the Hard Way - don't. Go to /r/learnpython and search "LPTHW 31" and just count up the people struggling with it. Zed Shaw is an idiot, there are better things to read, I'd recommend watching the google IO talks, get a buddy to learn with. Honestly, I've never read a python book cover to cover, but I feel pretty comfortable with the language from just googling "How do I do X in Python" millions of times, usually if a link comes back to docs.python.org, I click that one first. The docs are wonderful, you don't need a book.

But, since JS is one of the most important languages due to it's integration with the most common form of media distribution in our time, I'd recommend reading / watching talks by Douglas Crockford. Check out Javascript: The Definitive Guide and Javascript: The Good Parts. The second one is a little easier to digest, while the first is really the definitive guide.

In both cases, I'd recommend doing the challenges on hackerrank.com.

Crockford's JavaScript: The Good Parts.

Serious recommend.

I've been using node for about a year now (was a PHP/mySQL dev for 6 years before that) and have come to realise that it's all about methodology. The language is just JS (I mean, you should get good at JS too) but it's how you use it that defines whether your node code will be good or not.

Some things I've found useful:

• JavaScript: The Good Parts If you're a JS developer, you just need to read this.
  
  
• Node Beginner Book Hands-on node is a little more rough around the edges but still worth a go. I bought the bundle for kindle and didn't regret it.
  
  My experience:
  
  
• Write everything in modules. Your index.js should be tiny. Ours just links URLs to modules.
  
  
• Try to make your modules reusable. We're (I'm) guilty of having my modules assume a http request, which means I'm ferrying the request and response objects around all over the place. It's not heinous, but it is bad.
  
  
• Put your modules in git
  
  
• Caching: Our stack is slightly unusual in that we've built a REST API in node which PHP then consumes to produce the HTML for the site, so end users never connect directly to node. (We have reasons for doing it this way). So we cache the API results based on URL in memcache. For a traditional web server model you'd probably use caching proxies in front of your node layer. I also cache database results based on the SQL string (I think we tested it to be faster than querycache. If not, why the hell aren't we just using querycache? Hmm...), so even if the API-level cache misses, some of the data will still be cached hopefully. Your caching strategy will depend heavily on the frequency of data changes in your application. A lot of our data never changes. We certainly don't have sub-minute changes, and typically our data changes exactly once in its lifetime.
  
  
• A good proportion of the stuff I write is utility modules (like pluribus) rather than business-logic specific to our website. I've written a HTTP router, a caching object (which abstracts the cache mechanism away so if we wanted to move away from memcache none of our code would have to change, we'd just plug in a new storage module to cachejs), a twitter module, and a connection-pooling module. Some of these problems were already solved in existing modules (and we use a lot of 3rd party modules too) but often you'll find that it's not quite right for your use-case, doesn't scale well, or the github isn't up to date with the latest node etc etc.
  
  
• Node is getting better all the time. We've thrown away a few things we'd written because the functionality is in core now. That's good.
  
  
• github is your friend. We end up forking a lot of modules and issuing pull requests to them. If they don't accept it's a shame because we then will have to keep our version up to date with their fixes. We prefer to fork, fix, pull req and then switch back to their version when accepted.
  
  
• architecture is the most important problem to solve. We use rackspace cloud hosting and they provide cloud load balancers which helps a lot. Beyond that, we make use of a consistent hashing module to spread memcache data and load evenly. But for any large application you'll quickly find that you can't just keep it all on one fat box, and you'll need to think the architecture out avoiding single points of failure.

I can definitely relate, this sounds just like me last year! I've done things the hard way and it took me 5x longer. I also prefer screencasts to books. I always need to create a project to solidify those fresh skills, otherwise they'll be gone in a month. Also tutorials for things like Backbone assume you know how to use jQuery, Underscore, and things like REST, and JSON responses... this can quickly get confusing if your not familiar with all of these. My largest regret is not building enough practice apps in the last year. I really should have applied more by doing, instead of staying in the theoretical world.

Here are some insights that i've made and the courses/tuts/projects that helped me the most:

Learn the language first:

• https://tutsplus.com/course/javascript-fundamentals/
  
• https://tutsplus.com/course/object-oriented-javascript/
  
• https://tutsplus.com/course/advanced-javascript-fundamentals/
  
• http://eloquentjavascript.net/ If you feel you need more coverage of the same topics (interactive html like CodeCademy).
  
• Build something interesting, things like games seem to also challenge your programming skills at the same time. Something like Whack-a-Mole, Connect 4, etc... Don't worry too much about the looks, unless you want to practice that too. At this point you should be able to do basic dom manipulation, events, and basic logic.
  
• The tut-plus courses cost a little for a few months but they're really high quality... most of them also give you projects too.
  
  

  Set up a comfy environment
  

  
  Take some time to start optimizing your development environment, the Paul Irish explains it very well below, but some of the topics are a bit too advanced for now (modules, build tools, etc...).
  
  

• Javascript Development Workflow of 2013
  
• Setup a jshint plugin (~4min above), read the website/docs for all the options. http://www.jshint.com/
  
  
• A more entry level talk on setting up your environment Front-end Tools for the Young Developer
  
  
  

  Learn the native DOM and it's API
  

  
  

• http://domenlightenment.com/
  
• Create your own DOM manipulation library
  
• While this one is a book, it's small and has js-fiddle examples for every code block to try it out... i'm currently going through this and it's great! They have a free HTML version (not final edit) and a cheap softcover on amazon. This will make using jQuery much easier and less 'mysterious'.
  
  

  Learn jQuery
  

• https://tutsplus.com/course/30-days-to-learn-jquery/
  
• https://tutsplus.com/tutorial/jquery-anti-patterns-and-best-practices/
  
• http://fixingthesejquery.com/#slide1
  
• https://tutsplus.com/course/jquery-plugin-development-best-practices/
  
• Re-write one of your previous apps to use jQuery instead of vanilla.
  
• While I love vanilla, jQuery just saves time. Learn when you can easily not use jQuery to gain some easy performance.
  
  

  Read "The Good Parts"
  

  
  Though very cliche at this point, read through this classic. If you don't really understand it all 100%, make sure you hang on to it though as it gets better with age. Try and follow it as close as possible, then later feel free to break the rules. By then you'll know why you can break them.
  
  

• JavaScript the Good Parts
  
  

  Learn Underscore
  

  This is a great library that gives you a lot of cross browser ES5 features and features that should be in JS. Not a lot of tuts on this one, reading the docs and source helps a ton here.
  
  

• http://net.tutsplus.com/tutorials/javascript-ajax/getting-cozy-with-underscore-js/
  
• http://vimeo.com/60216668
  
• http://underscorejs.org/
  
• https://github.com/bestiejs/lodash
  
  

  Learn Backbone
  

  There are lots of these libraries but Backbone is the most popular and easiest to learn. Keep in mind this is a library, not an entire framework like ember. This means in a larger app you will essentially use Backbone to help build you own SPA framework for your app.
  
  

• https://tutsplus.com/course/connected-to-the-backbone/
  
• https://tutsplus.com/course/advanced-backbone-patterns-and-techniques/
  
• http://addyosmani.github.io/backbone-fundamentals/ Great book!
  
• Build a Todo app with backbone
  
• Build a backbone powered Reddit mobile web app, read the following posts for inspiration.
  http://cheeaun.com/blog/2012/03/how-i-built-hacker-news-mobile-web-app
  http://cheeaun.com/blog/2012/03/how-i-built-hacker-news-mobile-web-app_26
  
  

  Learn Node
  

  
  

• https://tutsplus.com/course/introduction-to-node-js/
  
• Build a command line app ( I built a scaffolding app to spit out my boilerplates, and a really janky language transpiler)
  
  

  General Front-End, Programming
  

• Baseline for front end developers
  
• So you want to be a front end engineer
  
• http://pineapple.io/wiki
  
• https://www.edx.org/courses/HarvardX/CS50x/2012/about
  
• I can't stress how helpful the CS50 course has been to me, even on the front end.
  
  

  Read a comprehensive JS book
  

  I really like Nicholas Zakas's book over the definitive guide. I find that he is able to tell more of a story and makes it easier for me to absorb.
  
  

• Professional JavaScript Development
  
• JS the Definitive Guide
  
• Re-read "The Good Parts", this should make much more sense than the first time you read it.
  
  

  Testing
  

  
  Make sure you're comfortable with everything before moving onto testing... this includes frameworks etc.. Learning testing will only slow down the learning process if you're not comfortable with the rest. Mocha is the newer test runner and is better with async. However, Jasmine is very popular and time tested. The "Lets code javascript" below is an awesome course. Don't let the first sections turn you off, they may seem tedious at first (integration server, etc...) so feel to skip to dom/browser testing and then loop back when testing is more normal.
  
  

• http://www.youtube.com/watch?v=eVpXkyN0zOE - Short intro to Jasmine and TDD
  
• https://tutsplus.com/course/javascript-testing-with-jasmine-2/ - Nice n Easy course to Jasmine & TDD
  
• http://www.letscodejavascript.com/ - epic comprehensive JS TDD course from server to browser
  
• 
  
• http://visionmedia.github.io/mocha/ - My favorite runner (with Chai)
  
• http://karma-runner.github.io/ - Test in mult. browsers from the command line (advanced)
  
• https://github.com/rmurphey/js-assessment - test your skills (no pun intended)
  
  

  --
  

  I just started sketching out a website to try and solve this problem. It has different paths to follow to fill in gaps of JS knowledge quickly (much like hackdesign.org)... unfortunately it's not finished yet! Watch LevelUpJS on Github in the future. I also have some more links on app architecture and things like modules but this list is getting a bit large!
  
  Cheers and good luck!
  

Code Complete is really good if you haven't read it yet.

Data structures and Algorithms Write code to impleement every (or even most) and you'll be well preparped.

Design and Testing here.

Programming Languages here.

Also look for an open source project that needs help and provides you with experience in one or more of these areas (or start your own). Code is always a good way of showing you know something.

Read lots of code and read books to get multiple viewpoints. This is a deep topic which will require more than superficial online reading.

Check this out.

Books I have found useful:

• Effective Java
  
• Code Complete
  
• The Pragmatic Programmer
  
• Clean Code
  
• Growing Object Oriented Software Guided by Tests
  
• Agile Patterns, Principles and Practices
  
• Domain Driven Design
  
• Design Patterns (a good read, but be careful how you use it)

If you are starting from an amateur background as a developer on C# centric stack, I'd argue that Code Complete has strong to potential to protect against your weaknesses/blind spots than just about any book about software development. It doesn't go deep, but it will introduce you to breadth of fundamentals. Feel free to skim past the ones you are already familiar with.

https://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670

​

The particular techniques described evolve over time, but the principles endure. e.g. One poster commented of making backups. Tools in the C#/MS ecosystem have evolved considerably, but git based source control is pretty popular tech at moment. Github is popular for hosting source of open source projects - Azure Repos and Azure Devops suite has more depth for larger teams and complex processess.

The actual link OWASP Top 10 2013. This list is in the process of being updated so the information isn't exactly accurate anymore.

For more in depth reading I'd suggest The Web Application Hacker's Handbook. Also check out /r/netsec for a good discussion platform.

I was personally recommended by my mentor Hacking: The Art of Exploitation, and The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Also some companions sent me some readings on index articles. I'm not so sure of the titles, but just browse around.

http://slav0nic.org.ua/static/books/

http://hackbbs.org/article/book/

Try "Hackers: Heroes of the Computer Revolution", by Steven Levy. https://www.amazon.com/Hackers-Heroes-Computer-Revolution-Anniversary/dp/1449388396 . It is not solely focused on Unix, but it tells a lot about the early evolution of computers, and the wizards who made them work. It's been years since I read it, but I recall it being a great read.

Hackers: Heroes of the Computer Revolution. I read this book in the early 90's and it was fascinating. It traces the origins of hacking in an interesting narrative style. It's the most interesting book on the topic I have yet read.

http://www.amazon.com/Hackers-Heroes-Computer-Revolution-Anniversary/dp/1449388396/ref=sr_1_1?ie=UTF8&s=books&qid=1279897212&sr=8-1

That's what The Internet of Money is for.

Everyone should read "The Internet of Money" by Andreas Antonopolous

"While many books explain the how of bitcoin, The Internet of Money delves into the why of bitcoin. Acclaimed information-security expert and author of Mastering Bitcoin, Andreas M. Antonopoulos examines and contextualizes the significance of bitcoin through a series of essays spanning the exhilarating maturation of this technology."

Website
https://theinternetofmoney.info/

Amazon (Paper, Ebook)
https://www.amazon.com/Internet-Money-Andreas-M-Antonopoulos/dp/1537000454/

Purse.io (Bitcoin)
https://purse.io/product/1537000454

iTunes (Audio)
https://itunes.apple.com/us/audiobook/the-internet-of-money-unabridged/id1232468351

Github (Free)
https://github.com/erangadbw/IoMv1/tree/master/chapters/en

Youtube (Video)
https://www.youtube.com/playlist?list=PLPQwGV1aLnTvCuQXCZ3RBvdlCnqstTirl

Tinkerers Anthem
https://soundcloud.com/proofofbeats/encroachment

Practical Malware Analysis talks about how to set up a relatively secure analysis environment.

As far as engineering practices are concerned: Clean Code, Clean Architecture. A secure app/arch is one that is well understood long after you've stopped working on it.

DefCon has a reading list:

https://www.defcon.org/html/links/book-list.html

If you're looking for a starting point, I'd suggest The Tangled Web. Web/browser security tends to be a good high-level starting point.

You asked for books, but I'd highly suggest participating in some CTFs.

I am a beginner too and just finished this book TLCL.Another one i would recommend is shell scripting bible.For most part use google to learn about commands and man page is your friend. I am more of a book kind of guy so never used video resources. Most important you should know where to look for help when stuck.

My advice? Enjoy your summer. It's one of the last times in your life that you'll genuinely have very little to no responsibilities. The field of CS is very much about learning on your own as an autodidact, so if for some reason you're getting bored doing teenage girl things there are plenty of resources out there to learn CS topics from.

I would focus on these rather than a formal, guided summer program because in your CS career you're likely not going to have the opportunity to have a guided internship every time you need to learn something new. Not to mention you're going to have a hard time finding an internship as a prefrosh since even freshmen/sophomores are looked over in favor of more experienced candidates. Some of these sites I've listed below offer certificates of completion, especially the MOOC-type courses, if for some reason you need vindication of your efforts. Lynda I believe offers their entire collection free through many local libraries. If your local library doesn't have a relationship, try other libraries in other counties or parts of your state.

Other than that, do your best to absorb as much programming knowledge as you can as it will be immensely helpful in your studies. As you learn, try to learn what really interests you in the field of CS (cybersecurity, machine learning, AI, robotics, data science/databases, or maybe you just turn out to really, really like coding) so you can make it a specialty. The field of CS pays enormous dividends when you specialize into things. It's these types of niche consultants that can demand $100-200/hr and get handsomely rewarded.

Oh, and think about subscribing to these subreddits, you might find them useful:

/r/cscareerquestions
/r/learnprogramming
/r/netsecstudents
/r/sysadmin
/r/ITCareerQuestions

If you enjoy programming:

• Codecademy
  
• Cybrary
  
• Lynda
  
• Udemy
  
• Pluralsight
  
• SoloLearn
  
• theodinproject.com
  
• Udacity
  
• https://www.edx.org/course/introduction-computer-science-harvardx-cs50x
  
• https://education.github.com/pack
  
  If you enjoy cybersecurity:
  
  
• CTFtime.org
  
• pentesterlab.com/bootcamp
  
• OverTheWire.org/wargames/
  
• io.netgarage.org
  
• pwnable.kr
  
• www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641
  
• https://code.google.com/archive/p/pentest-bookmarks/wikis/BookmarksList.wiki
  
• http://www.amanhardikar.com/mindmaps/Practice.html
  
• https://www.bonkersabouttech.com/security/40-intentionally-vulnerable-websites-to-practice-your-hacking-skills/392
  
  If you're interested in IT certifications:
  
  
• CompTIA A+, Network+, Security+, Linux+
  
• Cisco CCNA
  
• Microsoft MCSA

Part of me wants to say just do it. The course starts at a beginner level, but bear in mind that most people, myself included spend between 2-4 weeks of the precious lab time doing the course. Unfortunately there is no way to get the course material ahead of time, so factor that in when choosing how much lab time to prepare.

Having said that, I highly recommend reading Georgia Weidman’s book prior as this covers a lot of the same material as the PWK and is a great way to prep for the coursework so some of the ideas presented are not completely new to you

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

Depending on your ease with programming, you may want to bone up on some python fundamentals as well. I did about 1/4 of this Udemy course before starting

https://www.udemy.com/the-modern-python3-bootcamp/learn/lecture/7991038#overview

Here’s a great guide from Abatchy on OSCP Prep, although a lot of the stuff he discusses in the guide are covered in the OSCP course

https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob.html

There is also a YouTuber named IPPSEC that does video walkthroughs for retired Hackthebox machines. some of the machines are very CTF like, so Just watch the OSCP Like ones in this playlist.

https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf

Finally, if your willing to shell out some money, 30 days on Virtualhackinglabs.com is a great way to practice. Their course is very OSCP like and a good way to jump right in.

https://www.virtualhackinglabs.com

Of course Hackthebox is always a great resource to practice your pwnage skills.

https://www.hackthebox.eu

Don’t feel like you have to do ALL of this before the OSCP, the list I gave is pretty much every resource outside of the PWK course I used to pass the exam.

If you only did one thing before you start the course, Definitely read Georgia’s book. Everything else can be used in conjunction with the course if you need extra help.


There is also an active discord channel for PWK students, use it!

Came here to say the same thing; you don't NEED Kali to pentest, it's really mostly used because it has a lot of tools already included. You can test from a Windows box if you really wanted to.

Kali won't magically make you a pentester, nor will it teach you how to be one as it's just a bundle of tools - there's no tutorials included with those tools. Read Hackers Playbook 2 and Penetration Testing: A Hands-On Introduction to Hacking and do some vulnerable VM's from places like Vulnhub

An NEH is indespensible for 802.11-specific stuff, but to really get into hacking itself, take a look at Hacking: The Art of Exploitation and maybe pick up a practical pentesting book like http://www.amazon.com/Penetration-Testing-Hands--Introduction-Hacking/dp/1593275641/ref=sr_1_1?ie=UTF8&qid=1420380278&sr=8-1&keywords=penetration+testing or http://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1494932636/ref=sr_1_2?ie=UTF8&qid=1420380278&sr=8-2&keywords=penetration+testing

Your search is finished. It's the best book out there.

Not to mention that a lot of VMware functions use PowerCLI.

I also vote Powershell.
Edit: Might I also suggest Powershell in a Month of Lunches?

Fuck that. You want to learn the newest shit, not some old antiquated OSs that your company just happens to use atm. Yes I'm being very blunt, you will have a better career if you do so.

1. Yes. Powershell in a month of lunches and /r/Powershell . If you're gonna do Windows you need this.
   
   
2. No. If you're gonna learn Windows, learn 2012R2. I'm running the 2016 version at home already in test. MCSA atm is for 2012R2, so stick with that. No reason to focus on 2008. The menus are very similar, functions are identical only 2012R2 has some added capabilities and some different ways of implementation. Learn the new way and you'll have better career opportunities. Including where you work now - what happens when they want to update to 2012R2 and you already know that OS?! Don't think of the present, think of the future.
   
   
3. Not familiar with it.
   
   
4. I run it at home for personal use. It's ok, wish I could join it to the domain and it'd stick/be stable at it. For storage is alright. I would not feel comfortable implementing it for a large business though. Small sized, maybe. Great to learn iSCSI and shares and BSD I suppose.
   
   
5. Sure. Edgerouter Lite or even PFSense are great home routers. A coleague runs PFSense as a VM btw. /r/Ubiquiti /r/PFSENSE
   
   
6. Not familiar with it.
   
   
7. Get VMWare 6.0 (Look to the future)
   
   Also note that Hyper-V is free if you'd like to play with that. You can get that and other Windows Evaluation OSs here.
   
   I run a Hyper-V cluster with two Lenovo M93 systems, a VMWare 5.5 hypervisor on a TS140, and FreeNAS on a custom machine. My network is all Ubiquiti, ERL, ES Lite, 2x UAP-AC.
   
   
   

I'm a big fan of:
https://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0134277554

Disclaimer: I know 2 of the authors, but the book is still solid.

I can't quite envision a devops engineer without a good foundation of linux, especially if 98% of the servers are linux based. I also ask some basic scripting questions(if they tell me they do script). If the interviewee has never scripted, that's unfortunate. If you struggle moving around the infrastructure, it's going to be a difficult and stressful job, and more importantly, more work for us if we underestimated his/her skills and we have to babysit to help someone on what we perceive is essential and crucial to function. We do have numerous tools, processes, etc in aws, especially now where more and more companies are migrating to the cloud and doing serverless, but I have found that some of the bigger(little older) companies have tons of linux hosts to manage. And many of those aws resources are prob ec2's - you can ssh in, you can't escape linux!

I personally don't care which linux you know, i care more that you know how it works. However I am particular to CentOS, and Ansible.

I've had to interview a few people recently and i ask them sub-groups of questions: AWS, linux, networking, tools (jenkins, docker, config management). My hardest questions are linux. The tools, with the exception of docker, are the least significant because they can be learned; Generally the good linux candidates, for example, probably have already written scripts that do some of the functionality a config management tool was designed for. I think networking is very important but my questions are very basic. Generally the people with the aws cert/xp have already seen a lot of aws networking; Fortunately for the candidates, Ops manages the vpc's, acls, sg, routes etc so the devs don't break anything and therefore we don't rely on too much networking knowledge. But you gotta know how systems are communicating with each other.

My linux, aws, and networking(most) questions are scenario/exercise/conceptual based on real world problems/scenarios i've seen throughout the career. I simply ask what they've done with config management and jenkins or other CI and other tools they have listed on their resume.

On a maybe unrelated note - in my personal opinion, i think devops eng should learn how to use docker and know it a little in depth. It is an invaluable tool especially for development/testing work. Docker Up & Running and Docker In Practice are very good books

I'm in nyc, if it matters.

I recommend Unix and Linux System Administration Handbook The first 6 chapters (skip2) are a good start.

BS in computer science. My track / focus was network systems. I was always good at tshoot and I'm very curious. I worked for a vendor that makes 3gpp radios and did a lot of protocol and transport work (tshoot, configuration, band planning, scheduler analysis). My biggest skills that help me here are knowing Linux really well, understanding low level hardware, and traffic algorithms. This book and the next two volumes got me interested in this stuff. I'm an architect at a tier 1 ISP and my job description is best described as network systems integration. I know Sandvine from architecting solutions numerous times across several ISPs. I'm 20 years into my career and started out as an IT help desk tech, moved into systems admin, and just kept learning and searching for bigger better jobs. I got my first ISP job from a cold approach at a job fair at a college.

Also, the second edition of this classic book is coming out on November http://www.amazon.com/TCP-Illustrated-Protocols-Addison-Wesley-Professional/dp/0321336313

I would recommend this book. It was just recently updated and is an excellent source for many of the fundamentals for networking.

http://www.amazon.com/gp/product/0321336313/ref=oh_o00_s00_i00_details

As far as recommended reading goes I would have a look at the practice of system and network administration (https://www.amazon.com/Practice-System-Network-Administration-Enterprise/dp/0321919165/ref=sr_1_1?ie=UTF8&qid=1539629401&sr=8-1&keywords=practice+of+network+and+system) and The phoenix project. As far as technical courses, I'm assuming your role will be mostly strategic and managerial (unlike some of us in smaller companies where the IT Manager is also expected to be a technical lead) I would focus on the managerial side and surround yourself with technical experts.

'Best practice' is such a vague term that you're going to run into issues defining it in a meaningful way for your client's environment.

I'd look at generic guides (u/jhend28 mentions a good one) but also read up on specifics that apply to your environment. For example: best practice for a level 4 data center hosting financial data for banks etc. will not apply at all you a SME with two servers on premise that don't sell direct and hold no Top Secret data.

Have a read of The Practice of System and Network Administration: Volume 1 for a good starting place.

1. use boost::filesystem instead of direct winapi calls
   
   
   
2. make good names. It is completly unclear what game function do. And the comment will not replace some nice name. The same for aair.
   
   
3. a lot of constants in code. move them somewhere and make a nice names for them
   
   
4. global variables - pathcontainer. and indexes for operations on pathes?
   
   Copy(6, 12);
   Copy(11, 13);
   Copy(10, 16);
   Copy(2, 3);
   Copy(4, 5);
   
   This looks like a complete mess.
   
   Try to read this book and then rewrite this code if necessary
   http://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670 this one.

So this is what I would consider the "Core" reading list for anyone interested in programming games. None of this is really game specific though. These are just the fundamentals you need in order to be an effective Software Engineer.

Learn about...

C++ syntax: Programming: Principles and Practice Using C++ by Bjarne Stroustrup

Software Engineering: Code Complete by Steve McConnell

C++ gems: Effective C++ by Scott Meyer

Software Teams: The Mythical Man-Month by Frederick P. Brooks Jr.

Why we love Joel: Joel on Software by Joel Spolsky

Problem Solving: The Pragmatic Programmer by Andrew Hunt

Common Code Solutions: Head First Design Patterns by Eric Freeman

Pearls!: Programming Pearls by Jon Bentley

I'll do a supplemental on this in a few days that dives into specific topics related to engine development. All of this is generic enough that it will help you regardless of what you do. You'll notice that very little here is actually language specific. Almost all of this is about the art of making software and process of working with a team. These 8 books alone will make you think about making software in a whole new way.

>> I'll give you an example that I paraphrased from Code Complete, which, if you haven't heard of it, is one of the absolute classic works on the topic of how to construct good code. What do you think this code fragment is doing:

>> a = a - b;
>> c = d + sales_tax(d);
>> a = a + late_fee(e, a) + c;
>> a = a + interest(e, a);

>>Despite the good function names, it's still extremely difficult to figure out what this code is trying to accomplish; if I have to make a change in something that relates to this module, I don't know where to start. But, after we name the variables:

>> balance = balance - last_payment;
monthly_total = new_purchases + sales_tax(new_purchases);
balance = balance + late_fee(customer_number, balance) + monthly_total;
balance = balance + interest(customer_number, balance);

>>See how much easier it is now to see that this code is computing a customer's bill based on their outstanding balance and a set of new purchases from the current month?

>>Using good variable names allows anyone to just read your code and understand immediately what it is doing. Without good variable names, anyone reading your code has to already know what it is doing.

>To me the two samples of code are identical except the second is more frustrating because I have to tear through unnecessary characters to see what is really happening with the operators. Maybe if the variable names were extremely short I could better understand your position, but in your example they are not.

>It takes all of 10 seconds to get a handle on the first set of code. I would have to sit down and really study the second set, because its syntax is so completely less apparent. To me tldr sums up my thoughts completely on your second set of code. I guess I can see why that code would make more sense to you, but typically I don't have that kind of time and with big names like that I can imagine my frustration would increase in proportion to the increasing underlying code base. This frustration is just in reading the code. I believe the second code sample likely took you far longer to write than the first.

>I never got into programming to read novels or dissertations.

\>I never got into programming to read novels or dissertations.
master troll

I spent a lot of time learning specific architectures and patterns that were in common usage when I first started, but the specific patterns in vogue are constantly changing. I'd recommend reading all 3 of these books at some point earlier in your career, I think a lot of the popular software design practices are based on the foundation of ideas in here and if you read them you will start to naturally make the right choices when it comes to organizing your code.

https://www.amazon.com/Pragmatic-Programmer-journey-mastery-Anniversary/dp/0135957052/ref=pd_sbs_14_t_0/142-3028760-3243861?_encoding=UTF8&pd_rd_i=0135957052&pd_rd_r=8877e123-b48f-4ce7-9e92-fec38cbeb54f&pd_rd_w=CdI3a&pd_rd_wg=arKVG&pf_rd_p=5cfcfe89-300f-47d2-b1ad-a4e27203a02a&pf_rd_r=9JQWC8NFNAY0GN7FAN9D&psc=1&refRID=9JQWC8NFNAY0GN7FAN9D

https://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670/ref=pd_sbs_14_t_2/142-3028760-3243861?_encoding=UTF8&pd_rd_i=0735619670&pd_rd_r=8877e123-b48f-4ce7-9e92-fec38cbeb54f&pd_rd_w=CdI3a&pd_rd_wg=arKVG&pf_rd_p=5cfcfe89-300f-47d2-b1ad-a4e27203a02a&pf_rd_r=9JQWC8NFNAY0GN7FAN9D&psc=1&refRID=9JQWC8NFNAY0GN7FAN9D

https://www.amazon.com/Clean-Code-Handbook-Software-Craftsmanship/dp/0132350882/ref=pd_sbs_14_t_1/142-3028760-3243861?_encoding=UTF8&pd_rd_i=0132350882&pd_rd_r=8877e123-b48f-4ce7-9e92-fec38cbeb54f&pd_rd_w=CdI3a&pd_rd_wg=arKVG&pf_rd_p=5cfcfe89-300f-47d2-b1ad-a4e27203a02a&pf_rd_r=9JQWC8NFNAY0GN7FAN9D&psc=1&refRID=9JQWC8NFNAY0GN7FAN9D

You can read Code Complete by McConnell which is a must have for software engineering and has several sections on writing and documentation etc.

The number 1 rule of thumb is to think as if you are not the one writing, but the one reading it later. Take commit messages - there are far too many "fixed a minor bug" on one end, and wall-of-text-about-how-you-found-and-fixed-the-bug-but-little-useful-info on the other. Write what the bug was and what the fix is, and its side-effects if any.

If you want to improve your writing, identify people who have done it well, and seek to follow them, and practise. Just reading good writers, commenting on forums etc. will also improve your writing skills.

I've got some tips for ya!

• If you find learning about things like local and global scope fascinating and devour info about coding, then I can confidently say congratulations on finding your calling! There are many, many programmers who never do any reading, find it boring, and, consequently, have limited perspective and suck ass.
  
  
• In programming, no matter whether you're a novice or a veteran, the 'big picture' is like that hot girl in high school that you somehow talked into dating you off and on until you both graduated, and then she never spoke to you again. On large projects like games, it's highly unlikely that anybody truly knows the entire scope and can tell you how every piece works together. Even on smaller, personal projects that only you yourself worked on, you will probably have to read your whole codebase to remember what the hell you were thinking if you revisit it in 6 months. So, don't sweat it too much if you don't get the big picture, or if it takes you a long time to grasp, just relax and remember that all programmers spend the vast majority of their time simply understanding code.
  
  
• My personal opinion on using C++ as opposed to Java or .NET - imagine an application is a physical building. If you use C++, you have to take the time to fabricate every single brick you're gonna use, forge your own plumbing pipes, and construct everything from scratch. Java or .NET will deliver all of your bricks, steel, drywall, shingles, cabinets, and appliances in regular shipments, so you can focus on the blueprints and management. In the time it takes you to build a house in C++, you could have built a whole apartment complex in Java/.NET and rented out most of the units already. Having said that, if you want to build a fortress in the heart of a mountain where the only access is a tunnel hidden behind a waterfall with a door that's unlocked by DNA signature, you should probably use C++.
  
  
• When will it fall into place? It's impossible to tell. It's different for everybody and depends highly on what you are doing and what your goals are. For me, it took about 6 months to get a handle on the basics, and 2-3 years to become confident discussing higher level design principles intelligently, and to start nodding my head in agreement reading programming blogs. I knew that things had finally clicked when I realized I was no longer shackled to the language I learned first, and that using new platforms was merely an example/API skim away.
  
  
• I highly recommend reading through pretty much all of the Coding Horror posts, as well as Code Complete 2. Find something to build that interests you and that you don't know off-hand how to accomplish, and then learn the pieces you're missing to get it done. Google every topic, acronym, or piece of terminology that you're not familiar with, rinse and repeat. If you are truly a good programmer you will never think of yourself as a good programmer, but you will wake up one day and realize that you have the ability to complete most any task thrown your way; and if you don't, you'll know how to learn what you need to get it done.

That depends how adept you are at programming in general and what you want out of the book. If you have experience with other languages you could get by with a cheaper 'handbook' or just visit cplusplus.com. If you want a more comprehensive 'how to program' book I would suggest reading the definitive C++ book guide and getting yourself a copy of Code Complete.

http://www.amazon.com/gp/aw/d/0735619670 code complete. One of the best books about coding in general that I've ever read.

Hi Pandas_sniff! (love the name) I’m a firm advocate of the Web Application Hacker’s Handbook. I think if you look at the reviews for version 2 i’m probably one of the featured ones. It really is all encompassing for most of what application security testing should start out as. It does suffer from being a textual reference though (a snapshot in time), so I also commonly recommend learning from the OWASP Testing Guide v4 as it has frequent wiki-like updates. I could spend all day talking about resources for learners! There are some excellent (free) videos by Jeremy Druin on using Burp Suite and application testing, I absolutely love Pentesterlab.com and all of their exercises, and Sam has written a very good guide on getting started in bounty work

As for how effective these resources are “out of the gate” i think they are tremendously helpful. For example, using the above resources i’m sure any apt student of them could identify IDOR’s or basic injections. Over time these skills become second nature and free up the tester to focus on newer, cutting-edge hacks/technology. Hope that answers the question =)

I'd like to humbly suggest the UNIX and Linux System Administration Handbook for your new admin. It's starting to show its age a bit (published 2010), but still communicates many of the core responsibilities of administrators in a clear manner with historical context.

Also, take a look at the Linux System Administration and Linux Web Operations LiveLessons, which are more current and may be helpful if the new guy learns from video tutorials.

Disclaimer: I am the author.

Read this, found it amazingly useful and packed full of knowledge, I recommend this book even to Linux noobs that are trying to get a better feel of the system for desktop use... once they have the basics down that is.

http://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0131480057

ATLien325's comment explains that terminology in a pinch, but it's not really going to get you very far on your way to learning how to hack. Your best bet would be to pick up books like this, this, and this. Then you'll have an idea of how programs, file systems, and networking work behind the scenes and you are much better situated to begin to learn how to hack them.

You're also going to need to learn how to effectively use a search engine.

That's a lot to ask...

http://www.amazon.com/Linux-System-Administration-Handbook-Edition/dp/0131480057

There is a good explaination about the history of Unix and Linux at the beginning of this book. http://www.amazon.com/Linux-System-Administration-Handbook-Edition/dp/0131480057

You could also watch revolution OS. Or just use youtube.

I found the first version of the sys admin book by Evi Nemeth et al helpful years ago. I know a couple people who have found newer versions helpful too. Here is a link to the latest.. http://www.amazon.com/Linux-System-Administration-Handbook-Edition/dp/0131480057

I found this book in a thread and I've gone through the first four chapters so far. I only got it a little while ago but I really do like how it reads, and the amount it covers is nice. Check out the table of contents on amazon and you'll see what I mean about the coverage.

Other than that we're looking at the same kind of stuff. Let me know if you get any good leads :P

Books don't get more wind baggy than this.

If you ask me, Andrew Tanenbaum books are AWESOME. Not cheap but this guy takes a good bottom to top approach, if you really want to understand networking down to the TCP/IP stack get this.

Computer Networks If I can offer you a shred of advice, understanding what is happening under the hood and the 'big picture' of network design becomes an easy concept.

On the flipside - here is a good Top Down approach to networking Computer Networking Top-Down

Best of luck with your studies!

A good start would be to study for any standard certifications in the field, since they cover the basic topics and hey, why not get certified while you are at it? Comptia's N+, Cisco's CCENT or CWNP's CWTS cover the fundamentals of networking.
On the other hand, you could just go through free online lectures like this one on youtube or this one offered by MIT. Of course, there's always the good old-fashioned way to learn- borrow any standard textbook like Tanenbaum.

I would highly recommend you check out the UNIX and Linux System Administration Handbook.

It not only goes over a baseline of technical sysadmin (especially linux) concepts, but really shows you how to be a good admin. There is more to it than technical know-how. I'd recommend picking this one up.

First get yourself a copy of the Unix and Linux System Administration Handbook by Evi Nemeth (who is still missing at sea).

This book has saved my ass countless times. It has a bunch of great knowledge and gives you a chance to catch up on things you might have forgotten. I highly recommend you purchase this and keep beside your desk/cube, at least until you become familiar with the job duties.

http://www.amazon.com/Linux-System-Administration-Handbook-Edition/dp/0131480057

First off, what are you doing now?

Here is some advice from a 20-year sysadmin who does devops and hobbyist development stuff:

Buy this book. You won't get better advice from anyone anywhere. It's expensive, but BUY THE FREAKIN BOOK: https://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0131480057

Install some VM system like VitualBox and start playing with either Debian OR Ubuntu, AND CentOS. Install both numerous times and give yourself some extra partitions to format and play with. Read about some feature or thing and then go mess with it.

Eventually go after RHCSA/RHCE.

Learn the bash shell. Learn how to write real scripts with while/until loops and if/thens, arrays, and other stuff. That'll take time, but put some focus on it.

Don't get overwhelmed. Just start learning one thing, then the next, and go from there. The rabbit hole goes deep.

I'm surprised no one has mentioned the System Administrator's Handbook. I've got editions 1, 2 and 3 on my bookshelf.

Fundamentals is what you need to know to get through some first round interviews. Explain the boot process in detail from pressing the power button to getting a login prompt -- how does init work, how do run levels work, how does systemd differ? What is getty? pam?

DNS is so much more than just what that rap covers, so if you put it on your resume you better damn well know it. Tell me about the concept of glue records, what is a root hints file, know how to use dig at the very least, how do you switch the order in which the resolver library checks it sources? What is the truncated bit in a DNS packet for?

Know debugging and tracing beyond the usual "top" or "sar" to get real detailed data on what a process is doing. Strace, ltrace, tcpdump, gdb (how to take a stack trace and dump a core), sysdig, perf events, dtrace4linux, vmstat, slabtop, pmap, etc

DHCP is another one like DNS that people like to say they know, but you should know about DHCP relay/ip helper, pxeboot, the actual protocol order of events. Check it out in wireshark.

How do processes and threads differ, really? Lots to talk about here even down to shared memory space, system calls, etc

What is swap, really? What are page faults? How does kswapd behavior change when you don't run with swap?

Know Netstat/ss. Know that tcp is a state machine. What does a bunch of SYN_SENT in netstat imply? Difference between tcp's RST and FIN?

Stateful vs stateless is more than just a tcp/udp difference, it's a fundamental concept to so many aspects of technology.

Basically know what's in this book: http://www.amazon.com/Linux-System-Administration-Handbook-Edition/dp/0131480057

https://www.amazon.com/Computer-Networking-Top-Down-Approach-6th/dp/0132856204

When I was in school we used this in our networks class (but it looks like there's a 7th edition out now), and I thought it was a good book. Very detailed and explained things in a way that actually made sense (to me).

These might be goods books:

1. How Linux Works, 2nd Edition (What Every Superuser Should Know) by Brian Ward
   
2. UNIX and Linux System Administration Handbook (5th Edition) by Evi Nemeth, Garth Snyder, Trent R. Hein & Ben Whaley
   
   Book 1 I have hard copy is a quite elobarate but not too big and quite cheap. (got it for 18 dollars)
   Book 2 Is an extensive UNIX bible I really would like to have. It costs more but it's very big. A PDF might come handy.

If you like reading about computer history, I really enjoyed Stephen Levy's Hackers: Heroes of the Computer Revolution. (There's a pdf floating around if you google search it, but I don't think it would be good form to directly link it since the book is still in print.) It's a really fascinating look at the early hacker cultures in MIT and Silicon Valley from the late 1950s through the early 1980s.

Non-Fiction: Hacker: The Heroes of the Computer Revolution

Covers the folks who laid the foundation for the personal computer.

I'm a big fan of Pirates of Silicon Valley. I can't find a source, but either Jobs, Gates, or Woz said something like "Yeah, that's pretty much just how it went."

When the movie came out, I was really into the history of computers. I had just read "Hackers" (no relation to the movie "Hackers"), so it was exciting to see things I had read about in a movie. Unlike a lot of movie adaptations, there was practically nothing about it that I found disappointing.

Woz Talks about the accuracy

Hackers is GREAT

I can't recommend this book enough.

If a book will do, "Hackers - Heroes of The Computer Revolution" by Stephen Levy was excellent. It covers the problems from the early stages to modern times, and the innovative open-thinking people that pioneered some crazy solutions, and gives a reasonable view into the early years of computer use.

It's actually very good at demonstrating the real difficulty computer users and enthusiasts had back then, because not only were you vying for time... but you were fighting for correct results.

I like to buy this book for people who have become tech "later" in their lives (i.e. newbies who did not participate in that industry as children and have only taken it on strictly as a profession) who hold that strong misconception of the idea that a hacker is an evil terror nerd.

Are you talking about this book ?

Reversing: Secrets of Reverse Engineering - Is probably the most common book recommendation. Its an older book (2005) but its about as gentle as it gets in terms of the core concepts but its missing a bit due to its age (32bit RE only). I'd liken it to something like Hacking: The Art of Exploitation for exploit developers. Its a solid book, it covers the fundamentals but it'll take a bit more work to get up to speed.

Practical Reverse Engineering - This one is a newer book (2014) while it doesn't cover as many topics as the above book, its less dated in what it does cover, and it does cast a wider net covering things you'll see today like ARM and x64 instead of just x86. I tend to recommend starting with this book, using Reversing and the next book as a reference if there is a chapter of interest.

Practical Malware Analysis - While this one has more traditional RE introduction, where it excels is in dynamic analysis and dealing with software that doesn't want to be analyzed. Now, its from 2012 and malware has changed since then, so its age certainly shows, but again fundamentals remain even if technical details change or are expanded upon.

Practical Binary Analysis - This is the newest book of the list (December 2018). It wouldn't use it alone, but after you've gone through any of the above books, consider this an add-on. Its focus is on dynamic analysis and its modern. I'll admit I haven't read the entire thing yet, but I've been pleased with what I have read.

Edit: s/.ca/.com/g

Learn PowerShell in a month of lunches https://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

Some tips.

r/homelab is a great place if you want to look and ask quiestions

r/SysAdminBlogs is a great place to find other information from other sysadmins

r/PowerShell is great for powershell stuff

If you want to get started on powershell the book "Powershell in a month of lunches" is a great read if you have time!

https://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

Powershell in 30 days of Lunches is what I buy for all my team members expressing an interest. It is hands down one of the best books to start with that I have found and my team recommends.

Also check out /r/PowerShell

I would take a look at Don Jones, PowerShell in a month of Lunches
https://www.youtube.com/playlist?list=PL6D474E721138865A
http://www.amazon.com/Learn-Windows-PowerShell-Month-Lunches/dp/1617291080

Not sure if the book is the latest, so have google first.

If you see yourself repeating a task 2 /3 times or more, then look into scripting it, start small and simple and go from there. Once you start seeing the time put into scripting paying off, it'll get easier.

get a new publisher.

http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742/ref=sr_1_1?ie=UTF8&qid=1333948818&sr=8-1

Preface - you have missed years of development in an area (web client front end coding). It's advancing so fast the rest of us can barely keep up. I'm serious - seems like every day there's something new that would take me multiple days to learn well.

See the "Web Development Timeline"





Moving beyond the standard HTML5/CSS3 stuff, I spent part of my evening compiling this list. It's incomplete and some stuff is opinion. WMMV. If you were helped, well, buy me a beer someday :-)

• JS got real popular. Catch up on the current terminology used.
  
• ECMAScript/ES5 language extensions
  
• ES6 ("Harmony") extensions - coming soon; some already here. The current working draft of ES6 as PDF
  
• Exhaustive list of Micro-libraries
  
• HTML5 shims, ES6 shims, Lazy loaders (require.js), Modernizr... It's overwhelming, please see Daily JS for an exhaustive roundup of libraries/frameworks as they are released.
  
• Underscore.js for functional programming niceties
  
• The myriad client-side MVC frameworks - (Backbone.js, Ember.js, Spine.js, etc.)
  
• Stratospheric rise in the goodness of webkit. See Peter Beverloo's blog for weekly reports of WebKit new features added.
  
• Douglas Crockford's JavaScript: The Good Parts was a huge hit - this always comes up in interviews.
  
• IE9 and IE10. IE9 did border-radius, SVG, and added a faster JS engine. IE10 (only for Windows 8) adds CSS gradients, 2D/3D(?) transforms, CSS transitions (and animations now I'm told?)
  
• Opera is now on versions 11 and 12 - and it still rocks. Here's what's new in the development snapshots from their blog. I'm a fan since long ago, it's nice to see them continue to remain competitive with the 'larger' browsers.
  
• Firefox is now on versions 12 through 14.
  
• Chrome is now on versions 18 through 20.
  
• JSLint is now integrated in some editors (I love it in notepad++) and JSLint begat JSHint, which is sold as "kinder, gentler"
  
• Web Workers (aka JS threads)
  
• Web Sockets API
  
• WebGL See the 3-D dynamic terrain/bird demo - awesome!
  
• Death of Ajaxian.com rule, takeover by Daily JS and BadAssJS (IMHO)
  
• Inline images expressed in data/uris which are base64 coded) eg: IMG SRC="data:image/gif;base64,EEEEEEBASE64JUMBLE" online image encoder
  
• LESS and Sass - better CSS with variables, macro expansion, etc.
  
• calc() in CSS3 Really new - chrome nightlies and firefox supports. If you remember way back when, IE 5.5/6.0 had a similar but poor performing feature called CSS expressions
  
• INPUT TYPE="COLOR" and "DATE" should now work well, and have in-browser helpers for selection.
  
• CSS3 display:flex-box
  
• CSS Gradients/Animations/Transitions see this slidedeck/demo
  
• CSS3 Shaders/Filters. Shaders are really really new (as in: last week) as far as implentation in a browser. I'm psyched about creating some vertex shaders (.vs files) for effects.
  
• Local Data Stores (4k cookie - bah!)
  
• Mobile browser coding: events for swiping screen, etc. see jQuery Mobile, Sencha touch.
  
• Node.js based on Chrome's V8 JS interpreter (I know; you know...)
  
• Coffeescript (I know you know, I included for completeness) The JS to Coffeescript is also interesting.
  
• DART. Google's JS-like language for those who like classical Java/C++ oop style - they even have a version of Chromium for Mac which has DART native. Else it transpiles to JS, like Coffeescript does.
  
  
  
  If you didn't click on any links above, well, for shame. There's some good important stuff up there. Below are a couple websites that I think are must-sees, as far as demos of the recent html5/css3/bleeding edge, and news/informational blogs I read daily or weekly... Most were listed above!
  
  
• CSS3 Click Chart
  
• HTML5 Rocks!
  
• Learning threejs/tQuery (WebGL)
  
• Bad Ass JS
  
  
• W3C's blog on CSS
  
• Daily JS - - news on libraries and node, mainly
  
• Steve Souder's blog on high performance web sites. He wrote a couple books too that are very good.
  
• Peter Beverloo's blog discussed what's new in this week's WebKit/Chromium builds.
  
  
  
  
  
  
  Stuff I didn't include, and am going to leave as an exercise to the reader:
  
  
• Vibration API (for tablets, phones)
  
• Battery status API
  
• CSS3 image-set (download different quality/resolutions depending on capabilities)
  
• Video element stuff - Hollywood's next blockbusters may be edited over the web.
  
• Speech API - see Peter Beverloo's blog and W3C...
  
• Audio - there's some full on audio mixers and synthesizers out there now
  
• Web Inspector in Chrome
  

The usual advice is "get out and program!" and that works, but it can be very tricky coming up with something to write that's also satisfying. The idea is that you learn best by doing, and that many topics in programming can't really be learned without doing. All that stuff is true and I'm not denying that at all, but some of us need more. We need something juicier than spending hours configuring a UI for a project we couldn't care less about. It shouldn't be an exercise in masochism.

I guess what I'm saying is that there are a lot of ways to learn to write code and books are great if you can really sink your teeth into them (a lot of people can't). Code Complete is a great book on the practice of programming. You also say that you "get" OO pretty well, but it might open your eyes to read up on design patterns (e.g., Head First Design Patterns). You have a long way to go before you really get it

In addition to those, you could delve deeper into your languages of choice. There's no way around JavaScript if you're a web programmer, and a book like JavaScript: The Good Parts is pretty enlightening if you've got some experience in JavaScript already. It's a pretty interesting and unusual language.

But sometimes programming is about building gumption, so instead of just being practical, try to figure out what you like about computers and keep going deeper into it. If you have an interest in computer science and not in just building apps, then something like Structure and Interpretation of Computer Programs could instill in you an enthusiasm for computers that trickles down to everything else you do. If you're more interested in web design, there are probably similarly interesting books on artistic design principles.

I think what I'm ultimately saying is that you should find what you enjoy doing and just go deeper down the rabbit hole, getting your hands dirty when it's appropriate and interesting.

Here are my top three:

1. Javascript The Good Parts:
   http://www.amazon.com/JavaScript-Good-Parts-Douglas-Crockford/dp/0596517742
   
   
2. Secrets of a Javascript Ninja:
   http://www.amazon.com/Secrets-JavaScript-Ninja-John-Resig/dp/193398869X
   
   
3. Eloquent Javascript:
   http://www.amazon.com/Eloquent-JavaScript-Modern-Introduction-Programming/dp/1593272820

This is kind of a side-answer, but it looks like you are just compiling a list of things that are super popular at the moment.

> React.js with Flux seems more hot than all other frameworks

What concerns me is that you seem to not be concerned with what is the best framework for your project(s), but rather what is "hot".

For a long-term career I would recommend focusing on improving your understanding of concepts and theory that these ever-changing tools are built on rather than trying to chase what people think is cool.

The people who spent time learning JavaScript rather than simply "mastering" jQuery were in a significantly better position when client-side frameworks came out because they knew the underlying concepts.

If you haven't mastered these things yet, I think they have more value than most of the list of specific tools I see listed:

• Eloquent JavaScript & JavaScript: The Good Parts - Master the ins & outs of the language
  
• Understand common design patterns - New frameworks are going to be building with these components, what better way to have a jump on the "next big thing" than by understanding the blocks that it's built with?
  
• Functional Programming - React (and to a lesser extent Angular) are increasingly utilizing this paradigm and it is a jumping off point for more advanced techniques like Reactive Programming that lets you leverage an incredible amount of power especially in the big data space.

Perhaps you should learn something about the language first? It has its good parts and its bad parts and its really bad parts. This book is a great place to start.

http://www.kalzumeus.com/2011/10/28/dont-call-yourself-a-programmer/

https://www.amazon.com/Code-Complete-Practical-Handbook-Construction/dp/0735619670

I enjoyed Code Complete.

Read "Code Complete, 2nd version". Its everything you'd learn in 10 years of experience, summarized into 1 book.

Per testare le acque velocemente puoi usare https://rubymonk.com/ (introduce Ruby in modo basico). Anche Coursera, Khan, Udacity e simili hanno corsi introduttivi sulla programmazione.

Mentre se vuoi imparare a programmare, il percorso deve toccare almeno tutte queste tappe, in ordine:

1. [Computer Organization and Design](http://www.amazon.com/Computer-
   Organization-Design-Fourth-Edition/dp/0123744938)
   
   
2. The Structure and Interpretation of Computer Programs
   
   
3. Un buon libro di Assembly
   
   
4. The C programming language
   
   
5. Compillers
   
   
6. Code complete, The practice of programming
   
   
7. Fai finta di aver letto tutto The art of computer programming
   
   
8. Un linguaggio a oggetti, magari Programming Ruby
   
   
9. O/E Python, Dive into Python
   
   
10. Design patterns
    
    
11. Impara un linguaggio funzionale.
    
    
    Da qui puoi partire e specializzarti in quello che ti interessa
    
    

I've posted this before but I'll repost it here:

Now in terms of the question that you ask in the title - this is what I recommend:

Job Interview Prep

1. Cracking the Coding Interview: 189 Programming Questions and Solutions
   
2. Programming Interviews Exposed: Coding Your Way Through the Interview
   
3. Introduction to Algorithms
   
4. The Algorithm Design Manual
   
5. Effective Java
   
6. Concurrent Programming in Java™: Design Principles and Pattern
   
7. Modern Operating Systems
   
8. Programming Pearls
   
9. Discrete Mathematics for Computer Scientists
   
   

   Junior Software Engineer Reading List
   

   
   

   Read This First
   

   
   

10. Pragmatic Thinking and Learning: Refactor Your Wetware
    
    

    Fundementals
    

    
    

11. Code Complete: A Practical Handbook of Software Construction
    
12. Software Estimation: Demystifying the Black Art
    
13. Software Engineering: A Practitioner's Approach
    
14. Refactoring: Improving the Design of Existing Code
    
15. Coder to Developer: Tools and Strategies for Delivering Your Software
    
16. Perfect Software: And Other Illusions about Testing
    
17. Getting Real: The Smarter, Faster, Easier Way to Build a Successful Web Application
    
    

    Understanding Professional Software Environments
    

    
    

18. Agile Software Development: The Cooperative Game
    
19. Software Project Survival Guide
    
20. The Best Software Writing I: Selected and Introduced by Joel Spolsky
    
21. Debugging the Development Process: Practical Strategies for Staying Focused, Hitting Ship Dates, and Building Solid Teams
    
22. Rapid Development: Taming Wild Software Schedules
    
23. Peopleware: Productive Projects and Teams
    
    

    Mentality
    

    
    

24. Slack: Getting Past Burnout, Busywork, and the Myth of Total Efficiency
    
25. Against Method
    
26. The Passionate Programmer: Creating a Remarkable Career in Software Development
    
    

    History
    

    
    

27. The Mythical Man-Month: Essays on Software Engineering
    
28. Computing Calamities: Lessons Learned from Products, Projects, and Companies That Failed
    
29. The Deadline: A Novel About Project Management
    
    

    Mid Level Software Engineer Reading List
    

    
    

    Read This First
    

    
    

30. Personal Development for Smart People: The Conscious Pursuit of Personal Growth
    
    

    Fundementals
    

    
    

31. The Clean Coder: A Code of Conduct for Professional Programmers
    
32. Clean Code: A Handbook of Agile Software Craftsmanship
    
33. Solid Code
    
34. Code Craft: The Practice of Writing Excellent Code
    
35. Software Craftsmanship: The New Imperative
    
36. Writing Solid Code
    
    

    Software Design
    

    
    

37. Head First Design Patterns: A Brain-Friendly Guide
    
38. Design Patterns: Elements of Reusable Object-Oriented Software
    
39. Domain-Driven Design: Tackling Complexity in the Heart of Software
    
40. Domain-Driven Design Distilled
    
41. Design Patterns Explained: A New Perspective on Object-Oriented Design
    
42. Design Patterns in C# - Even though this is specific to C# the pattern can be used in any OO language.
    
43. Refactoring to Patterns
    
    

    Software Engineering Skill Sets
    

    
    

44. Building Microservices: Designing Fine-Grained Systems
    
45. Software Factories: Assembling Applications with Patterns, Models, Frameworks, and Tools
    
46. NoEstimates: How To Measure Project Progress Without Estimating
    
47. Object-Oriented Software Construction
    
48. The Art of Software Testing
    
49. Release It!: Design and Deploy Production-Ready Software
    
50. Working Effectively with Legacy Code
    
51. Test Driven Development: By Example
    
    

    Databases
    

    
    

52. Database System Concepts
    
53. Database Management Systems
    
54. Foundation for Object / Relational Databases: The Third Manifesto
    
55. Refactoring Databases: Evolutionary Database Design
    
56. Data Access Patterns: Database Interactions in Object-Oriented Applications
    
    

    User Experience
    

    
    

57. Don't Make Me Think: A Common Sense Approach to Web Usability
    
58. The Design of Everyday Things
    
59. Programming Collective Intelligence: Building Smart Web 2.0 Applications
    
60. User Interface Design for Programmers
    
61. GUI Bloopers 2.0: Common User Interface Design Don'ts and Dos
    
    

    Mentality
    

    
    

62. The Productive Programmer
    
63. Extreme Programming Explained: Embrace Change
    
64. Coders at Work: Reflections on the Craft of Programming
    
65. Facts and Fallacies of Software Engineering
    
    

    History
    

    
    

66. Dreaming in Code: Two Dozen Programmers, Three Years, 4,732 Bugs, and One Quest for Transcendent Software
    
67. New Turning Omnibus: 66 Excursions in Computer Science
    
68. Hacker's Delight
    
69. The Alchemist
    
70. Masterminds of Programming: Conversations with the Creators of Major Programming Languages
    
71. The Information: A History, A Theory, A Flood
    
    

    Specialist Skills
    

    
    In spite of the fact that many of these won't apply to your specific job I still recommend reading them for the insight, they'll give you into programming language and technology design.
    
    

72. Peter Norton's Assembly Language Book for the IBM PC
    
73. Expert C Programming: Deep C Secrets
    
74. Enough Rope to Shoot Yourself in the Foot: Rules for C and C++ Programming
    
75. The C++ Programming Language
    
76. Effective C++: 55 Specific Ways to Improve Your Programs and Designs
    
77. More Effective C++: 35 New Ways to Improve Your Programs and Designs
    
78. More Effective C#: 50 Specific Ways to Improve Your C#
    
79. CLR via C#
    
80. Mr. Bunny's Big Cup o' Java
    
81. Thinking in Java
    
82. JUnit in Action
    
83. Functional Programming in Scala
    
84. The Art of Prolog: Advanced Programming Techniques
    
85. The Craft of Prolog
    
86. Programming Perl: Unmatched Power for Text Processing and Scripting
    
87. Dive into Python 3
    
88. why's (poignant) guide to Ruby