Most Helpful First | Newest First
5 of 5 people found the following review helpful
5.0 out of 5 stars Worth every Penny.,
This review is from: Metasploit: The Penetration Tester's Guide: A Penetration Tester's Guide (Paperback)I've always been interested in penetration testing but oddly enough, I had never used metasploit. So a few weeks ago I bought this book and another one about Metasploit by Syngress. I started with the Syngress one, and it was OK but it was terribly outdated so I literally had to throw it away. This one from NoStarch is a completely different story. For starters, I did a background check on the authors. I was glad to find that some of them are key members of the BackTrack Linux distro, which I'm particularly fond of. The others are well respected professionals of the information security community and have spoken at cons like Blackhat or Defcon.
So considering the experience of the authors I had high expectations and I have to say that they were surpassed.
The book starts off with a nice introduction to Penetration Testing where it explains the different phases of the process and the types of pentests. Then goes on to introduce the actual metasploit framework, covering the basic terminology, the available interfaces and the most important companion tools (msfpayload, msfencode, and so on). However, the fun begins after the introduction, where the authors show how to use metasploit to conduct a penetration test. They divide the process into three phases: intelligence gathering, vulnerability scanning and exploitation. They guide the reader through several step-by-step examples, each one demonstrating different techniques and components. The chapter on the meterpreter is specially detailed and interesting.
Apart from the basic find-a-vuln-and-exploit-it, the book also covers advanced topics such as detection avoidance, client-side attacks or social engineering. It even shows how to hack the framework and build your own modules and exploits.
Summing up... I really liked the book, I think it's worth every penny. I wanted to learn how to use metasploit and I did it. Of course, the book does not cover every single exploit and module available but it does a great job at at teaching you how to use metasploit to conduct a penetration test and compromise the security of your systems.
4 of 4 people found the following review helpful
4.0 out of 5 stars An excellent introduction.,
This review is from: Metasploit: The Penetration Tester's Guide (Kindle Edition)This book is exactly what you expect from start to finish if you are judging by the title. The authors go through the full process of conducting a penetration test and discuss the process fully in relation to the Metasploit framework. Saying that, this book will not make you an expert penetration tester and definitely doesn't substitute for broad reading. What this book definitely does do is give you the skills to get you there using Metasploit.
My only criticism is that this book covers broadly what is available in the online help. However, the authors do cover the framework in an excellent manner in an obvious order allowing even the most novice of security professionals to use the tool well.
Bottom line: this book is excellent light reading if you wish to use the Metasploit framework in a professional manner.
5.0 out of 5 stars Amazing book,
Amazon Verified Purchase(What is this?)
This review is from: Metasploit: The Penetration Tester's Guide: A Penetration Tester's Guide (Paperback)This book is simply amazing and if you have an interest in using the MS framework look no further than this release. It does a great job of explaining how and why it works and also a very good guide on the most popular tools within it.
Don`t let the price put you off, you will see in the first 5 minutes of reading that you have invested wisely.
5.0 out of 5 stars Well done Kindle version,
Amazon Verified Purchase(What is this?)
This review is from: Metasploit: The Penetration Tester's Guide (Kindle Edition)I already knew Metasploit very well (or so I thought) but I've learnt a lot more through this book. No need to repeat what all the other reviewers have said, this is a well written and easy to understand book.
I bought the Kindle version, in too many cases with technical books the conversion from print to Kindle seems to have been an afterthought, but in this case it's very well done. Recommended.
5.0 out of 5 stars Great book,
This review is from: Metasploit: The Penetration Tester's Guide: A Penetration Tester's Guide (Paperback)A book for all levels of security specialists.
Covers all topics that are needed for a pen tester.
5.0 out of 5 stars Excellent introduction,
As for the product, Metasploit is an awesome penetration testing tool by Rapid7, and together with its plugins, auxiliary modules and complementary products, it will be the only thing you need in your hacking adventures. Never again do you have to manually search for exploits or deploy them yourself, so that you can finally concentrate on the job at hand by freeing your hands, instead of wasting time on boring repetitive tasks.
4.0 out of 5 stars Excellent if slightly scary!,
In terms of technical coverage the book is excellent. It starts off with a primer on penetration testing before introducing the Metaspoit framework. The write up of the Metasploit framework itself follows a nicely graded learning curve, describing the framework and data import procedures, tool use and external modules in a logical and progressive way. I picked this book up largely from a security interest point of view and found it for the most part relatively easy to understand. Elements of chapters on module building and exploit porting went a little over my head but I'm not really the target audience for them anyway. As a final icing to a very good book, there are some excellent touches such as a final wrap up chapter which runs through the entire penetration testing process so you get more than just a series of technical chapters and a command cheat sheet. If only all technical books were as well written, readable and informative. Even if you are approaching Metasploit from a similar interest rather than professional background I would highly recommend this book for its easy reading layout, excellent chapters on intelligence gathering, vulnerability scanning and social engineering and overall high quality.
5.0 out of 5 stars A great guide for the framework,
1 of 2 people found the following review helpful
4.0 out of 5 stars Strong on explanation and demonstration with well-annotated examples.,
David Kennedy is Chief Information Security Officer at Diebold Inc, an open-source tools developer & is a member of the Back|Track and Exploit Database development team.
Jim O'Gorman is a pen tester at CSC's StrikeForce, co-founder of Social-Engineer.org, & an instructor at Offensive-Security security training.
Devon Kearns is an instructor at Offensive-Security, a Back|Track Linux developer, administrator of The Exploit Database & maintainer of the Metasploit Unleashed wiki.
Mati Aharoni is the creator of the Back|Track Linux distribution & founder of Offensive-Security.
According to HD Moore, Metasploit Chief Architect, "In this book, you will see penetration testing through the eyes of four security professionals with widely divergent backgrounds." The book "covers the fundamental tools and techniques" of penetration testing "while also explaining how they play into the overall structure of a successful penetration testing process...Readers who are new to the field will be presented with a wealth of information not only about how to get started but also why those steps matter and what they mean in the bigger picture."
The authors themselves write in the Preface that "This book is designed to teach you the ins and outs of Metasploit and how to use the Framework to its fullest."
The goal of the book is t goal is to provide a useful tutorial for the beginner and a reference for practitioners.
Mindful of the fact that the Metaspoilt Framework is frequently updated with new features & exploits, the emphasis in the book is on Metaspoilt fundamentals, which when understood & practised, allow the user to be comfortable with frequent updates.
Although not formally done so, the book can be considered to be structured in sections, with Chapters 1 to 6 forming the core, & the remaining 11 Chapters building on and around this.
The core section takes the pen tester, through use of example, from the very basics of the craft to carrying out exploits.
The examples used employ a combination of Back|Track, Ubuntu 9.04,
Metasploitable, and Windows XP, where Back|Track serves as the vehicle for exploitation, and the Ubuntu and Windows systems act as the target systems.
The most-used interfaces to the framework, msfconsole & msfcli, are introduced, & the GUI (armitage) is mentioned briefly.
Utilities such as msfpayload (the scripting environment) & msffencode (cleartext encoder), which allow direct access to features supported by the framework, are also introduced early on.
Chapters 3 to 5 cover intelligence gathering, vulnerability scanning & exploit execution respectively, while Chapter 6 introduces meterpreter.
Utilities such as whois, netcraft, nslookup, Nmap, TCP idle scan, are introduced with good examples showing how their output can be interpreted usefully.
Vulnerability scanning is explained by using examples of netcat, NeXpose, & Nessus as well as speciality scanning tools such as vnc_auth & open_x11.
A whole chapter consists of a walk-through of a specific exploit of Windows XP SP2 (vulnerability MS08- 067) & an Ubuntu 9.02 (virtual) machines.
Here, the detailed step-by-step explanation & interpretation of output is impressive.
Finally Chapter 6 walks through another exploit & subsequently takes the pen tester through an overview of the Meterpreter features which can be employed, from capturing screenshots, keystrokes, dumping usernames/passwords, through to pivoting onto connected hosts.
For beginners, the above is enough to get up & running productively with Metaspoilt.
Thereafter, more focussed topics such as anti-virus detection & client-side exploitation are covered in detail. The book's end-section consists of a deep-dive on customising & developing within the Metaspoilt framework.
The final Chapter is a simulated planning-to-cleanup pen test.
The craft of penetration testing is covered deeply & broadly.
The book's greatest source of value is how the concepts being applied are explained and demonstrated with well-annotated examples. The authors' experience in formal instruction & practice is evident.
This book achieves a good balance between concept & practicality. I expect it to become a valuable resource in most pen tester's libraries, whether they be novices or experienced practitioners.
0 of 2 people found the following review helpful
5.0 out of 5 stars Great guide into the Metasploit Framework,
Most Helpful First | Newest First
Metasploit: The Penetration Tester's Guide: A Penetration Tester's Guide by Mati Aharoni (Paperback - 26 July 2011)