Penetration Testing: A Hands-On Introduction to Hacking

Excellent book for someone who’s interested in learning penetration testing! This book is written so well that it doesn’t matter if you’re a beginner or even have some experience already it will greatly benefit you!

After reading, Hacking: The Art of Exploitation, I felt very disappointed because that book doesn't teach you about hacking in the way I was expecting. It only shows you how to test for vulnerabilities in source code and how to attempt exploitation against it, alongside networking programming and cryptology. I also read other hacking books by No Starch Press, and I felt very disappointed, because I wanted a book that can give me the skills to find a job as a professional pen tester, but the books I've read were very theoretical, but almost very impractical. Then, comes this book. A hands-on approach to testing and utilization of penetration software. It touches upon literally almost every tool and technique a pen tester could ever want to practice. It goes through the explanations and illustrations and diagrams that all show you step by step exactly how to perform a penetration test. My favorite chapter was the one that began the Exploit Development part of the book, about Linux exploitation. This is because I wanted a guide that can teach me how buffer overflows function and how to use gdb to develop exploits from scratch. It goes into extreme detail on each and every step that needs to be incorporated to reverse engineer a binary while in memory. I also much enjoyed the chapter about antivirus evasion. Furthermore, the chapter on password attacks was enlightening, as was almost every other chapter. The only chapter I found boring was the one about pen testing mobile devices. This was boring to me because the framework is not included in Linux by default, so I didn't wanna go bananas over it. Using a Livecd and installing new software is annoying. But, when I feel like it, I'll probably take another look at it. After all, the very author of this book developed that framework her very self!

I am only on chapter 4 but it is a remarkable book so far. I go to Barnes and Noble weekly with my kid and since I'm stuck there for few hours with caffeine (cost me $30 - $50 just on food and caffeine in there), I generally browse magazines and tech books. Most tech books seem not well written for the general public, not sure why. I think they just want to intimidate us by making it complicated so we feel stupid :) For now, the first 3 chapters were a bit intimidating. But you have to trust the author and be hands on. Don't just read it, actually download, write, and run the tools and scripts/terminal commands. As far as I know, my computer was not infected with any virus. But I think Chapter 3 and beyond gets more interesting and less boring bc you have braved through the boring set up of virtual machines and mustard the courage to bypass anti-virus protection alerts for some scary downloads etc. In short, I like the way the author writes. The book articulates well and seems to want to invite readers that are new or intermediate pentesters to their world. Other books seem to want to confuse us and tell us how smart they are bc the subject is so complicated that only they are ordained to accomplish the knowledge, I hate that. I will return once I finish later chapters. I like to spend extra time checking out google, bing, or duck for latest updates on each chapter's subject. Things change quickly in this industry. For now, the book is well worth the price, even just up to chapter 3. A lot of programmers, friends and foes alike, from work outside of the states can't use basic stuff to bs me anymore as I'm not going to be intimidated by pings, bash, shell, config, sed, nano, su, dir, grep, cat, echo, or bravo. Thanks for the book. Wow I sound so smart and techy like now lol. Watch out silicon valley :)

I wanted to wait until I was actually through some of the hands on examples on this book before I reviewed. I'm approximately halfway through at this point. Cons: Setting up the lab is time consuming, difficult and not exactly free. In my case I had a legitimate copy of Windows XP to use, but it wasn't pro;and I purchased Windows 7 Pro. Unless you're not working and have the time to run through the book quickly do yourself a favor and get a copy of Windows to do this. Unfortunately... it's getting harder to find copies of Windows XP. The issue of using a "free" version of Windows is after X days you won't be able to use it anymore. I paid for the convenience of having all the time I wanted to run through the book. Pros: This is a great way to get yourself familiar with Kali Linux and penetration testing principals. I'm attempting to switch careers into security and I picked up this book as a starting point. It has helped me learn more about Kali and the tools included in the distro. Its exactly what the book markets itself as, a hands on introduction; and it does this well. Summary: You need to do a lot of leg work yourself; so don't expect to just open the book and go. I took about 2 or 3 weeks just to get my lab setup as closely as possible to the book; I've decided I'm comfortable missing some aspects (the mobile applications will probably be a miss here). Overall this should be expected; if you're a programmer like me you should be familiar with trouble shooting, also if you're opening the Linux door you should be comfortable doing some extra work. Once you have the lab setup the pace picks up. While it took me 2-3 weeks to get through setting up my lab I was almost half way through the book in less than 4 days. I would have liked if the Kali VM came completely configured; it's missing the mobile tools I believe, but again it's enough. The only recommendation I can make is to publish an updated version. I'm using this book as a launching platform for the Penetration Testing With Kali Linux course and eventually the OSCP exam.

Where to begin with this book. I had been looking for a book on Kali Linux for over a year now. Many were too deeply set in theory or history and the other half was highly advanced. While I have made a career in cybersecurity, pentesting was something I knew nothing about from a practical standpoint. When I saw this book was by No Starch Press and was full of essential topics (based on table of contents) I did not hesitate to make the purchase. I just finished the book and here is my feedback. Yes some of the .iso files for the target environments are harder to find but can still be found online without the use of torrents. If this stops you from doing the labs then this is purely an academic endeavor and you will not have the skills (resourcefulness) to become a pentester. To me it added to the challenge. I also read in some reviews that the hosted files from the author are no longer available and while this is true, you can still get all the information you need to set up you lab from exploit-db and other sites. Overall this book has done a phenomenal job on introducing users to setting up a lab environments and using tools like Metasploit, Nessus, Maltego, aircrack, and many more. It removed the mystery of how systems are hacked and how anyone with the right mind and technical knowledge could test their own personal network. Always abide by local and federal laws regarding computers. Sources: Master of Science - Cybersecurity (2017), Bachelor of Science - Computer and Information Science (2010), CompTIA Network+ CE and Security+ CE certified, EC Council Certified Ethical Hacker (CEH).

Well, I think it is and I'm going to write an essay explaining why... just kidding. What I am going to say is what I liked about this book ( enough to write a review) so I've been prepping for OSCP exam and heard a lot about this book. Once I got my moms credit card and "permission" 😉 I hurried to buy it. (After the yelling she said it was one of my Christmas gift 🎁 ) Anyways this is actually an excellent book. The book is very well organized and goes over everything you'd need. If your a noob/ intermediate you need this book. This goes over stuff you'd actually need in the future. Unlike Peter Kim tool tutorial 101 (save the money and YouTube) . This book has all the material that even the OSCP PDF/videos don't have. Or is that by design ( lazy British b@$tards) "try harder" they say...You'll learn through trial and error. I sure learned alright, to read books like these. P.s this book may go over how to root 4 OSCP boxes P.s.s does anyone know what p.s stands for? Oh and if you're thinking of studying to CEH this book won't really help you.

There are a couple of things in the book that are semi dated. Don't let that stop you from reading it. I have found several good web sites plus some tools I can use during my self training sessions. I also was able to locate a machine at work that required some love based on some of the information provided in this book. Having already completed the online training for CEH I looking to improve my skills beyond what I had learned. This book was helpful in increasing that knowledge. Who is the book good for? Somebody who is just starting out. I am currently on chapter nine and I have a note book of good information from notes, to tools, topics to research. This book is also useful if you have a fundamental understanding of the tools being talked about. It is even more useful if you are willing to practice the topics being discussed.

Penetration testing and hacking is a sexy subject. With all of the big public breaches every year, security has come to the forefront of many peoples minds and the demand for young skilled hackers is greater than ever. The problem is that many of these would be hackers have no idea where to begin. They don't have money for higher education of fancy certifications, so where do we as a security community tell them to begin. I always point people at books. They are generally inexpensive and easy to get. I have been doing penetration testing for a number of years professionally so I am familiar with all of the topics in this book already, however, I am constantly reading material like this so that I can find the best resources to point out to new hackers. I found this book to be well laid out with lots of explanations and an easy to follow methodology. I believe some of the people who have previously reviewed the book forgot what it is like to start with zero knowledge. I know when I was starting in hacking, I was thankful for as many screenshots as possible so I knew I was entering the correct commands. I especially like the way the book follows the Penetration Testing Execution Standard (PTES). If you are new to hacking or penetration testing, this is the perfect resource to get you started and help you determine if this is the correct career path for you!

Very worth the purchase.

Se separó la pasta de las hojas el primer día. Sin embargo, el contenido es bueno.

Good product

Great intro to hacking (pentesting). I have struggled with other hacking books before, some of them are "too technical " and dive into specific vulnerabilities without explaining why they happen or is not concise. I'm looking at you Hacking Exposed series. But this one is a practical smooth read. After you are done you can start practicing everything you learn pwning boxes on Hack the Box. P.s: I did have difficulty finding the right XP SP3(I think it was) to setup the lab. The one I used didn't have the ms08-067 vulnerability. But that shouldn't stop you from practicing what's being taught. Just do a vulnerability scan of your system with nikto or whatever, as taught in the book, and try to get a meterpreter session attacking another vulnerability.

Certes le livre à déjà quelques années, les références de logiciels ont évoluées mais reste très simples à trouver. Des ressources supplémentaires sont dispo sur le page du livre de l'auteur, sur le site de l'éditeur. Les techniques et outils sont non seulement expliquées mais également la méthodologie à utiliser pour effectuer une bonne et juste prestation. Cet ouvrage est non seulement bien écrit mais il se veut pragmatique et essentiel. Le pentesting comme le forensique sont des disciplines exigeantes. Cet ouvrage est excellent.