I am by no means an experienced hacker or pen tester; but having worked in IT for the last decade or so I'd class myself as an enthusiastic learner (with more enthusiasm than knowledge at times), not quite a n00b but no where near pro level.
So with that in mind I was a little unsure if this book would be for me - Advanced Penetration Testing, I still feel I'm on the first level in the pen test game.
I've read some of the other pen test books out there; Syngress' "The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series)
", Packts' awesome "BackTrack 5 Wireless Penetration Testing Beginner's Guide
" and No Starch Press' "Metasploit: The Penetration Tester's Guide
" to mention the better ones, I've played with Backtrack3 onwards and other bits of security kit but I'd never felt too confident about my abilities - recently demonstrated during @CyberChallenge 's 2012 #CyberCamp in September when I had my ass handed to me by others who were!
Opening the book and reading through the contents though I began to feel more comfortable. It follows the 'pen test book standards' of, an introduction to pentesting, setting up your machine, scoping, reconnaissance, enumeration, exploitation etc. that I'd found in other books and was easy enough to understand and follow for a total beginner as well as someone like me with more technical experience.
As mentioned in other reviews on Amazon it covers the basics really well; but here comes the good part, it does it in a way that makes it seem fresh and new. Other pen test tomes can sometimes come across as dry, emulating a souped up MAN page for the various tools and bits of kit you end up using, but I found the book felt like a friendly voice re-explaining some of the stuff I already knew but had forgotten.
It earns its Advanced tag by going further than other pen test books, covering the more advanced options for the basic stuff and also bringing the more advanced tools into sharper focus. It starts with the whys and wherefores for a pentest, looks at the various methodologies for doing one (without getting caught) and then looks at post exploitation in depth.
Some of the tools it covers include the Dradia Framework (useful for both data collection and the reporting stage), Metagoofil, Nmap (basic scans and more advance stuff), Metasploit (msfupdate every time you start it up), Mantra (which was a new one for me, doh!) and of course Backtrack itself. It then covers off the reporting side of a pentest to give you enough of an idea to get it done in a way that the customer can understand - don't underestimate the use of pretty graphs or screenshots for this..
All in all its an excellent read and one I'm sure I'll come back to in the future, mainly as its final two chapters cover the setting up your virtual lab to run a pentest using the knowledge gained from the book.