Customer Reviews

4 Reviews
5 star:
4 star:
3 star:    (0)
2 star:    (0)
1 star:    (0)
Average Customer Review
Share your thoughts with other customers
Create your own review
Most Helpful First | Newest First

5 of 5 people found the following review helpful
4.0 out of 5 stars Advanced Penetration Testing for Highly-Secured Environments, 24 Sep 2012
I must say, I was quite pleased with this book. For one, it introduced some great new resources to add to my lab environment, and most of all, provided me with some additional tips and techniques for a thorough pentest. While not technically a beginners book, the book does go over some pretty basic (core) functions to a pentest. I would venture to say that nmap, dig, nslookup, and so forth are more in the basics area. Regardless, the book doesn't say on them too long and the content and pace is overall decent. The examples provided were clear and easily reproducible. To break it down by chapters:

As with most books, Chapter One is usually pretty boring. What you need, why you need it, and how to do basic setup and configuration. Nothing to see here.

Chapter Two goes into the information gathering phase of the pentest. The author covers tools like nslookup, dig, whois, and touches briefly on DNS bruteforcing with fierce. Following up with SHODAN, metagoofil, and some basic Google hacking.

Chapter Three goes into back to revisit material covered in Chapter One and you get into some basics like nmapping and some SNMP discovery methodologies .

Chapter Four gets into exploitation. You setup and configure a Kioptrix VM and begin your information gathering and then proceeding to exploitation. You'll find a vulnerability, search exploit DB, and finally get to building the exploit and firing it against the target. Once you get access, it's all about moving files back to your machine and performing further exploitation techniques--like moving the /etc/passwd and /etc/shadow files and cracking the hashes, as well as a brief introduction to Hydra.

Chapter Five goes into web exploitation. You'll configure another Kioptrix VM along with pfSense an go into exploitation using w3af. A basic understanding of SQLi is recommended here and the author assumes you have a good foundation (this is an advanced book, after all)

Chapter 6 goes into client side exploitation, particularly fuzzing and buffer overflows. You'll create and identify applications vulnerable to buffer overflows as well as using some baked-in fuzzing tools in BT5 to assist, as well as detecting/enabling/disabling ASLR This chapter also touches on SET and FastTrack, although not in great depth.

Chapter Seven goes into post-exploitation and doesn't really contain any earth-shattering material. What it does provide is some great cheat-sheets on where to go and what to look for on the compromised system according to the OS.

Chapter Eight goes into bypassing firewalls and avoiding detection by an IDS. I was disappointed that the author didn't chose to use a open-source IDS/IPS in this chapter--there are a lot of good options out there--Snort, AlienVault, SecurityOnion, BroIDS, etc that would've been handy in the lab setup. Snort and AlienVault detected my activity in this chapter.

Chapter Nine goes into tools for reporting and analysis. The basic premise is that if your customer can't read and understand your report, you've wasted their time. Pretty charts and graphs. The boring part of the engagement.
Chapters Ten and Eleven are more in-depth about configuring your virtual lab and setting up scenarios where you attempt to attack and pass through multiple configurations of firewalls and servers.

All in all, this was a good book that had some great content. There were a few grammatical errors, but for the most part the examples provided were spot on and easily to replicate in a lab environment. Recommend for anyone looking to move into an intermediate pentesting arena.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No

3 of 3 people found the following review helpful
5.0 out of 5 stars Advanced Penetration Testing for n00bs?, 28 Sep 2012
I am by no means an experienced hacker or pen tester; but having worked in IT for the last decade or so I'd class myself as an enthusiastic learner (with more enthusiasm than knowledge at times), not quite a n00b but no where near pro level.

So with that in mind I was a little unsure if this book would be for me - Advanced Penetration Testing, I still feel I'm on the first level in the pen test game.

I've read some of the other pen test books out there; Syngress' "The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series)", Packts' awesome "BackTrack 5 Wireless Penetration Testing Beginner's Guide" and No Starch Press' "Metasploit: The Penetration Tester's Guide" to mention the better ones, I've played with Backtrack3 onwards and other bits of security kit but I'd never felt too confident about my abilities - recently demonstrated during @CyberChallenge 's 2012 #CyberCamp in September when I had my ass handed to me by others who were!

Opening the book and reading through the contents though I began to feel more comfortable. It follows the 'pen test book standards' of, an introduction to pentesting, setting up your machine, scoping, reconnaissance, enumeration, exploitation etc. that I'd found in other books and was easy enough to understand and follow for a total beginner as well as someone like me with more technical experience.

As mentioned in other reviews on Amazon it covers the basics really well; but here comes the good part, it does it in a way that makes it seem fresh and new. Other pen test tomes can sometimes come across as dry, emulating a souped up MAN page for the various tools and bits of kit you end up using, but I found the book felt like a friendly voice re-explaining some of the stuff I already knew but had forgotten.

It earns its Advanced tag by going further than other pen test books, covering the more advanced options for the basic stuff and also bringing the more advanced tools into sharper focus. It starts with the whys and wherefores for a pentest, looks at the various methodologies for doing one (without getting caught) and then looks at post exploitation in depth.

Some of the tools it covers include the Dradia Framework (useful for both data collection and the reporting stage), Metagoofil, Nmap (basic scans and more advance stuff), Metasploit (msfupdate every time you start it up), Mantra (which was a new one for me, doh!) and of course Backtrack itself. It then covers off the reporting side of a pentest to give you enough of an idea to get it done in a way that the customer can understand - don't underestimate the use of pretty graphs or screenshots for this..

All in all its an excellent read and one I'm sure I'll come back to in the future, mainly as its final two chapters cover the setting up your virtual lab to run a pentest using the knowledge gained from the book.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No

1 of 1 people found the following review helpful
4.0 out of 5 stars Nice book, 2 Feb 2014
Verified Purchase(What is this?)
The advanced is wrong and misleading.. this is an introductory book
As 101 is a nice book, with nice ideas and a good starting point
For people on the business will be useless as it doesn't explain any new method
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No

4.0 out of 5 stars Good book, 4 Mar 2013
Verified Purchase(What is this?)
This review is from: Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide (Open Source: Community Experience Distilled) (Kindle Edition)
This book is simple and straight forward. Very clear instructions on virtualisation. I would recommend it to anyone interested in network security
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No

Most Helpful First | Newest First

This product

Only search this product's reviews