Penetration Testing: A Hands-On Introduction to Hacking 1st Edition

After reading, Hacking: The Art of Exploitation, I felt very disappointed because that book doesn't teach you about hacking in the way I was expecting. It only shows you how to test for vulnerabilities in source code and how to attempt exploitation against it, alongside networking programming and cryptology. I also read other hacking books by No Starch Press, and I felt very disappointed, because I wanted a book that can give me the skills to find a job as a professional pen tester, but the books I've read were very theoretical, but almost very impractical.Then, comes this book. A hands-on approach to testing and utilization of penetration software. It touches upon literally almost every tool and technique a pen tester could ever want to practice. It goes through the explanations and illustrations and diagrams that all show you step by step exactly how to perform a penetration test.My favorite chapter was the one that began the Exploit Development part of the book, about Linux exploitation. This is because I wanted a guide that can teach me how buffer overflows function and how to use gdb to develop exploits from scratch. It goes into extreme detail on each and every step that needs to be incorporated to reverse engineer a binary while in memory.I also much enjoyed the chapter about antivirus evasion. Furthermore, the chapter on password attacks was enlightening, as was almost every other chapter. The only chapter I found boring was the one about pen testing mobile devices. This was boring to me because the framework is not included in Linux by default, so I didn't wanna go bananas over it. Using a Livecd and installing new software is annoying. But, when I feel like it, I'll probably take another look at it. After all, the very author of this book developed that framework her very self!

Where to begin with this book. I had been looking for a book on Kali Linux for over a year now. Many were too deeply set in theory or history and the other half was highly advanced. While I have made a career in cybersecurity, pentesting was something I knew nothing about from a practical standpoint. When I saw this book was by No Starch Press and was full of essential topics (based on table of contents) I did not hesitate to make the purchase.I just finished the book and here is my feedback. Yes some of the .iso files for the target environments are harder to find but can still be found online without the use of torrents. If this stops you from doing the labs then this is purely an academic endeavor and you will not have the skills (resourcefulness) to become a pentester. To me it added to the challenge. I also read in some reviews that the hosted files from the author are no longer available and while this is true, you can still get all the information you need to set up you lab from exploit-db and other sites.Overall this book has done a phenomenal job on introducing users to setting up a lab environments and using tools like Metasploit, Nessus, Maltego, aircrack, and many more. It removed the mystery of how systems are hacked and how anyone with the right mind and technical knowledge could test their own personal network. Always abide by local and federal laws regarding computers.Sources: Master of Science - Cybersecurity (2017), Bachelor of Science - Computer and Information Science (2010), CompTIA Network+ CE and Security+ CE certified, EC Council Certified Ethical Hacker (CEH).

I wanted to wait until I was actually through some of the hands on examples on this book before I reviewed. I'm approximately halfway through at this point.Cons: Setting up the lab is time consuming, difficult and not exactly free. In my case I had a legitimate copy of Windows XP to use, but it wasn't pro;and I purchased Windows 7 Pro. Unless you're not working and have the time to run through the book quickly do yourself a favor and get a copy of Windows to do this. Unfortunately... it's getting harder to find copies of Windows XP. The issue of using a "free" version of Windows is after X days you won't be able to use it anymore. I paid for the convenience of having all the time I wanted to run through the book.Pros: This is a great way to get yourself familiar with Kali Linux and penetration testing principals. I'm attempting to switch careers into security and I picked up this book as a starting point. It has helped me learn more about Kali and the tools included in the distro. Its exactly what the book markets itself as, a hands on introduction; and it does this well.Summary: You need to do a lot of leg work yourself; so don't expect to just open the book and go. I took about 2 or 3 weeks just to get my lab setup as closely as possible to the book; I've decided I'm comfortable missing some aspects (the mobile applications will probably be a miss here). Overall this should be expected; if you're a programmer like me you should be familiar with trouble shooting, also if you're opening the Linux door you should be comfortable doing some extra work. Once you have the lab setup the pace picks up. While it took me 2-3 weeks to get through setting up my lab I was almost half way through the book in less than 4 days.I would have liked if the Kali VM came completely configured; it's missing the mobile tools I believe, but again it's enough. The only recommendation I can make is to publish an updated version.I'm using this book as a launching platform for the Penetration Testing With Kali Linux course and eventually the OSCP exam.