Penetration Testing: A Hands-On Introduction to Hacking

After reading, Hacking: The Art of Exploitation, I felt very disappointed because that book doesn't teach you about hacking in the way I was expecting. It only shows you how to test for vulnerabilities in source code and how to attempt exploitation against it, alongside networking programming and cryptology. I also read other hacking books by No Starch Press, and I felt very disappointed, because I wanted a book that can give me the skills to find a job as a professional pen tester, but the books I've read were very theoretical, but almost very impractical.Then, comes this book. A hands-on approach to testing and utilization of penetration software. It touches upon literally almost every tool and technique a pen tester could ever want to practice. It goes through the explanations and illustrations and diagrams that all show you step by step exactly how to perform a penetration test.My favorite chapter was the one that began the Exploit Development part of the book, about Linux exploitation. This is because I wanted a guide that can teach me how buffer overflows function and how to use gdb to develop exploits from scratch. It goes into extreme detail on each and every step that needs to be incorporated to reverse engineer a binary while in memory.I also much enjoyed the chapter about antivirus evasion. Furthermore, the chapter on password attacks was enlightening, as was almost every other chapter. The only chapter I found boring was the one about pen testing mobile devices. This was boring to me because the framework is not included in Linux by default, so I didn't wanna go bananas over it. Using a Livecd and installing new software is annoying. But, when I feel like it, I'll probably take another look at it. After all, the very author of this book developed that framework her very self!

Penetration testing and hacking is a sexy subject. With all of the big public breaches every year, security has come to the forefront of many peoples minds and the demand for young skilled hackers is greater than ever. The problem is that many of these would be hackers have no idea where to begin. They don't have money for higher education of fancy certifications, so where do we as a security community tell them to begin. I always point people at books. They are generally inexpensive and easy to get. I have been doing penetration testing for a number of years professionally so I am familiar with all of the topics in this book already, however, I am constantly reading material like this so that I can find the best resources to point out to new hackers.I found this book to be well laid out with lots of explanations and an easy to follow methodology. I believe some of the people who have previously reviewed the book forgot what it is like to start with zero knowledge. I know when I was starting in hacking, I was thankful for as many screenshots as possible so I knew I was entering the correct commands. I especially like the way the book follows the Penetration Testing Execution Standard (PTES).If you are new to hacking or penetration testing, this is the perfect resource to get you started and help you determine if this is the correct career path for you!

I wanted to wait until I was actually through some of the hands on examples on this book before I reviewed. I'm approximately halfway through at this point.Cons: Setting up the lab is time consuming, difficult and not exactly free. In my case I had a legitimate copy of Windows XP to use, but it wasn't pro;and I purchased Windows 7 Pro. Unless you're not working and have the time to run through the book quickly do yourself a favor and get a copy of Windows to do this. Unfortunately... it's getting harder to find copies of Windows XP. The issue of using a "free" version of Windows is after X days you won't be able to use it anymore. I paid for the convenience of having all the time I wanted to run through the book.Pros: This is a great way to get yourself familiar with Kali Linux and penetration testing principals. I'm attempting to switch careers into security and I picked up this book as a starting point. It has helped me learn more about Kali and the tools included in the distro. Its exactly what the book markets itself as, a hands on introduction; and it does this well.Summary: You need to do a lot of leg work yourself; so don't expect to just open the book and go. I took about 2 or 3 weeks just to get my lab setup as closely as possible to the book; I've decided I'm comfortable missing some aspects (the mobile applications will probably be a miss here). Overall this should be expected; if you're a programmer like me you should be familiar with trouble shooting, also if you're opening the Linux door you should be comfortable doing some extra work. Once you have the lab setup the pace picks up. While it took me 2-3 weeks to get through setting up my lab I was almost half way through the book in less than 4 days.I would have liked if the Kali VM came completely configured; it's missing the mobile tools I believe, but again it's enough. The only recommendation I can make is to publish an updated version.I'm using this book as a launching platform for the Penetration Testing With Kali Linux course and eventually the OSCP exam.