404 Tech Support

Book Review: Penetration Testing – A Hands-On Introduction to Hacking by Georgia Weidman

Penetration Testing – A Hands-On Introduction to Hacking by Georgia Weidman is 528 pages long and was published by No Starch Press in June 2014.

This book is a beginner’s guide to performing penetration tests. Penetration testing is a service provided by security researchers to organizations wishing to evaluate their defenses. Georgia Weidman documents the process from start to finish of how you can evaluate an enterprise and provide useful information in a report to the organization. A pentest would find one or more ways to access valuable information from a company. This could be completed by using an unpatched vulnerability, exploiting a gap in their defenses, or social engineering a means to access the data.

Penetration Testing – A Hands-On Introduction to Hacking starts at the beginning and prepares individuals for penetration testing by setting up their own virtual lab to learn and practice the art. It then goes on to teach Kali Linux, the successor to BackTrack Linux, a Linux distribution loaded with pentesting tools, and Metasploit, a framework for penetration testing. Beyond that, the book also covers the process to follow in completing a pentest. That process can be seen in the chapter outlines of the book:

  1.  Setting up your virtual lab
  2. Using Kali Linux
  3. Programming
  4. Using the Metasploit Framework
  5. Information Gathering
  6. Finding vulnerabilities
  7. Capturing traffic
  8. Exploitation
  9. Password attacks
  10. Client-side exploitations
  11. Social engineering
  12. Bypassing antivirus applications
  13. Post exploitation
  14. Web application testing
  15. Wireless attacks
  16. A stack-based buffer overflow in Linux
  17. A stack-based buffer overflow in Windows
  18. Structured exception handler overwrites
  19. Fuzzing, porting exploits, and metasploit modules
  20. Using the smartphone pentest framework

No Starch Press provided a review copy of Penetration Testing to me. I enjoyed reading through the book as it provided quite a detailed amount of information to successfully performing a penetration test using various tools and techniques but still managed to start at the beginner level. The tools used included Nessus, Wireshark, nmap, and many others. Setting up a virtual lab and using Kali Linux and the Metasploit Framework sets individuals up to learn on their own and continue their own education as technology rapidly changes and security continues to evolve and grow in importance.

As an IT professional, this book helped teach the perspective of attackers which then helps one understand the importance of defense-in-depth and investments in various security infrastructure. It could also provide a good start to evaluating your own organization for ways that it might be vulnerable. You might better be able to see weaknesses you can address before somebody else finds them.

Penetration Testing – A Hands-On Introduction to Hacking by Georgia Weidman is available from Amazon in paperback or Kindle format.