What is Reddit's opinion of
Hacking: The Art of Exploitation, 2nd Edition?
From 3.5 billion Reddit comments
By popularity on Reddit, this product is:
2 reviews of this product found across Reddit:
I recommend "Hacking: the art of exploitation" (it also teaches a lot of c). Why? Because I have written c for years but reading it felt like starting from scratch, the right way! The best thing is it explains all the security pitfalls really clearly and how to spot them. Given all the bad code out there I think security is really a better place to start than networking.
It's also fun, learning through puzzles spotting bugs - instead of copy-pasting yet another "hello world, TCP/IP edition! (now with added monotony)"
Last but not least, it explains the architecture underlying c code, which imo is vital - direct access to the machine & OS is the main advantage of coding in c, so why not learn that?
https://www.amazon.co.uk/gp/product/B004OEJN3I/ref=dbs_a_def_rwt_hsch_vapi_tkin_p1_i2
This might be more up your alley for exploits, it is also on amazon in kindle format (2 volumes). https://www.alchemistowl.org/pocorgtfo/
You could look at the Metasploit modules and reverse them since your coding experience is higher. Look up blogs regarding CVE 'proof of concepts' (a.k.a. 'exploit code') would probably be more fruitful. Maybe check out HackerOne for the type of things companies are paying bug bounties for... they also have videos regarding key concepts at https://www.hacker101.com/videos.
As mentioned by /u/n0p_sled, Black Hat Python or Violent Python.
Check out https://www.reddit.com/r/lowlevel/ if you're wanting more technical commentary which is more hardware focused.
Start self-studying the syllabus from Offensive Security and set up a home lab. https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf.
You can also look at the SANS website for GPEN and make a self-study plan based on the syllabus instead of paying 6000 dollars for it; https://www.sans.org/course/network-penetration-testing-ethical-hacking.
Possibly some articles in the 2600 magazine (quarterly) most likely have something from time to time which are more narrative driven.
I hate to say it, but Medium might have some good blogs on the type of individual examples you'd be interested in. You might want to use the keyword 'bug bounty' to increase technical writeup results.
If you want to get into assembly, some of this might interest you: https://azeria-labs.com/writing-arm-shellcode/
Older book, but honestly it has a lot of entry level attacks that are protocol instead of application. https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson-ebook/dp/B004OEJN3I. I'm pretty sure it is harder to run these exploits now that security has gotten better, but it is generally about unsafe memory allocation and unsafe inputs. Even older texts would be good foundations.
And lastly a staple of the internet, https://www.hackthissite.org/pages/index/index.php. Also check out any CTF's to get some practice in.
u/recviking has a great write up in his link, definitely recommend it.
Popular alternatives to Hacking: The Art of Exploit...
UNIX and Linux System Administration Handbook
Hacking: The Art of Exploitation, 2nd Edition
