Penetration Testing – A Hands-On Introduction to Hacking by Georgia Weidman is 528 pages long and was published by No Starch Press in June 2014.
This book is a beginner’s guide to performing penetration tests. Penetration testing is a service provided by security researchers to organizations wishing to evaluate their defenses. Georgia Weidman documents the process from start to finish of how you can evaluate an enterprise and provide useful information in a report to the organization. A pentest would find one or more ways to access valuable information from a company. This could be completed by using an unpatched vulnerability, exploiting a gap in their defenses, or social engineering a means to access the data.
Penetration Testing – A Hands-On Introduction to Hacking starts at the beginning and prepares individuals for penetration testing by setting up their own virtual lab to learn and practice the art. It then goes on to teach Kali Linux, the successor to BackTrack Linux, a Linux distribution loaded with pentesting tools, and Metasploit, a framework for penetration testing. Beyond that, the book also covers the process to follow in completing a pentest. That process can be seen in the chapter outlines of the book:
- Setting up your virtual lab
- Using Kali Linux
- Programming
- Using the Metasploit Framework
- Information Gathering
- Finding vulnerabilities
- Capturing traffic
- Exploitation
- Password attacks
- Client-side exploitations
- Social engineering
- Bypassing antivirus applications
- Post exploitation
- Web application testing
- Wireless attacks
- A stack-based buffer overflow in Linux
- A stack-based buffer overflow in Windows
- Structured exception handler overwrites
- Fuzzing, porting exploits, and metasploit modules
- Using the smartphone pentest framework
No Starch Press provided a review copy of Penetration Testing to me. I enjoyed reading through the book as it provided quite a detailed amount of information to successfully performing a penetration test using various tools and techniques but still managed to start at the beginner level. The tools used included Nessus, Wireshark, nmap, and many others. Setting up a virtual lab and using Kali Linux and the Metasploit Framework sets individuals up to learn on their own and continue their own education as technology rapidly changes and security continues to evolve and grow in importance.
As an IT professional, this book helped teach the perspective of attackers which then helps one understand the importance of defense-in-depth and investments in various security infrastructure. It could also provide a good start to evaluating your own organization for ways that it might be vulnerable. You might better be able to see weaknesses you can address before somebody else finds them.
Penetration Testing – A Hands-On Introduction to Hacking by Georgia Weidman is available from Amazon in paperback or Kindle format.