Recommended Reading are quick posts highlighting those books, courses and software that are true force-multipliers when it comes to getting started, getting better or getting ahead.
We're opening up with Penetration Testing - A Hands-On Introduction To Hacking by Georgia Weidman - a real Bible for people wanting to get into penetration testing as a career. Get it here.
What's In The Book?
Penetration Testing is a fantastic introduction to someone who hasn't just chosen cyber, but penetration testing specifically. It's a pretty big textbook, weighing in at 531 pages - but it's well worth carrying around.
Part 1 deals with the real basics - installing and setting up a virtual environment, installing and setting up your installation of Kali Linux, an introduction to Bash Scripting, Python Scripting, C Prrogramming and introduces the Metasploit Framework.
Don't be intimidated by the mention of programming, there are legible code segments you can copy out.
There are easy-to-follow instructions to get you up to the point where you're ready to start real focused practice to become a professional penetration tester.
This is a skillset where it pays to learn the basics well, lest you spend 90% of your time Googling how to fix basic package installation issues and configuration problems - start small, build up and once you're comfortable - move onto focused practice in Part 2.
Part 2 deals with Assessment - the enumeration, the methodical analysis and intelligence gathering that comprises 90% of the job. You need to find out what you're dealing with, how the services that your target is using fit together and are built. This is where your information gathering efforts pay off in spades, during the exploitation phases.
This book is expansive in its scope in this regard, going from tools for gathering information, spotting common vulnerabilities in what you find, using Wireshark for protocol analysis and attacking ARP, DNS and SSL to extract further information.
Part 3 deals with Attacks - how to put that information to good use, and exploit those common weaknesses to gain an initial foothold on your target network. This book goes from Password Attacks all the way through to Wireless Attacks, touching on Social Engineering and bypassing Antivirus solutions on the way.
Part 4 deals with something you may not be familiar with and sounds intimidating even hearing - Exploit Development. Buffer Overflows, Exception Handling and Fuzzing are all covered - and you'll get a great intro into a wildly under-supplied and wildly lucrative skillset.
Lastly, Part 5 deals with Mobile Hacking - offering a fascinating introduction and practical tips for pentesting smartphones using the Smartphone Pentest Framework.
How Easy Is It to Read?
The writing style is occasionally a little jargon-heavy, but not excessive. At times, it's the only way to explain something successfully, so you can't be too harsh on that.
I would say honestly, the writing is clear, the font clean and the diagrams simple to understand - which in a highly technical book such as this is a godsend.
Does It Ever Get Past The Basics?
Define "basic". If you've never seen any of this stuff before, this book already goes well beyond basic. If you're an ex-network engineer, you'll have a headstart. If you're an ex-developer, you'll already know a lot of this stuff. But for someone just starting out, having all of this in one place, in the rough sequence that knowledge is needed - it's more than enough.
For specific skillsets, better specific books exist, and we'll review them too - but this is more than enough for someone starting out.
How much does it cost?
As can be seen here, the book is currently just under £28 on Amazon, and considering the wealth of information in it, it's a bargain. I used this book plenty learning my trade and it has fabulous ROI when it comes to information learnt.
Overall Impression: Fantastic Bible for new starters into penetration testing specifically, goes from nothing all the way through to exploit development in a clear, understandable style. Well worth a purchase.
Comments