This book will not teach you how to hack, I don't think that was the intention of the author either. What this book does is teach you the lifecycle of Professional Penetration Tests and I feel it does that quite well.
The first part of the book covers ethics, careers, setting up a lab, pen test methodologies, metrics and management. This is a large part of the book and will be useful to anyone looking to get in to penetration testing as a career, there is a lot more to it than rooting boxes...
The second part covers the different phases of a penetration test: information gathering, vulnerability identification and verification, penetration and privilege escalation, maintaining access and covering your tracks.
The third part which is only 70 pages covers: reporting, archiving, cleaning up and planning for the next pen test.
The book is 500 pages which is not a lot of space to cover such a huge subject so what you get here is more of an introduction to professional penetration testing than anything else, the tools on the included DVD are good fun to practice your skills with too.
In short, if you are just getting started or are interested in becoming a penetration tester, this book should provide a lot of insight in to how a penetration test is carried out. It covers a whole lot and will give you a good understanding of the lifecycle from the Penetration Testers perspective.
6 people found this helpful.
Was this review helpful to you?
It's been a while since I purchased a copy of this book, and I admit that at first glance it did not make me that happy. This book is actually like 2 totally different books bundled into one, comprised by the two parts of the book's title:
Part One: Creating and Operating a Formal Hacking Lab Part Two: Professional Penetration Testing
Half of the book presents information already known to any Pentest engineer out there and information that suffers from being too specific that risks into becoming obsolete within a very short timeframe (certifications, hackable distros, virtual machine deployment etc).
On the other hand, the second half presents extremely valuable information for individuals already working (or willing to work) professionally on the field; information that will remain applicable for many years to come. Team Formation, Project Management, Methodology, Reporting, Archiving and other challenges daily encountered by pentesting professionals are some of the aspects addressed by this book targeting specifically pentesting as a profession itself. It manages to define the specific profession's details and, if you are already employed as a Penetration Tester, you will see that all of the every-day problems and issues you face are mentioned in this book.
For its second part (which I wish was longer), this is a must-have book for individuals willing to or already work as Professional Penetration Testers as well as for professionals managing PenTesting Teams and PenTesting projects.
This is not a hacking book. This is a book on Penetration Testing as a career/profession.
One person found this helpful.
Was this review helpful to you?