Penetration Testing: A Hands-On Introduction to Hacking 1st Edition

After reading, Hacking: The Art of Exploitation, I felt very disappointed because that book doesn't teach you about hacking in the way I was expecting. It only shows you how to test for vulnerabilities in source code and how to attempt exploitation against it, alongside networking programming and cryptology. I also read other hacking books by No Starch Press, and I felt very disappointed, because I wanted a book that can give me the skills to find a job as a professional pen tester, but the books I've read were very theoretical, but almost very impractical.Then, comes this book. A hands-on approach to testing and utilization of penetration software. It touches upon literally almost every tool and technique a pen tester could ever want to practice. It goes through the explanations and illustrations and diagrams that all show you step by step exactly how to perform a penetration test.My favorite chapter was the one that began the Exploit Development part of the book, about Linux exploitation. This is because I wanted a guide that can teach me how buffer overflows function and how to use gdb to develop exploits from scratch. It goes into extreme detail on each and every step that needs to be incorporated to reverse engineer a binary while in memory.I also much enjoyed the chapter about antivirus evasion. Furthermore, the chapter on password attacks was enlightening, as was almost every other chapter. The only chapter I found boring was the one about pen testing mobile devices. This was boring to me because the framework is not included in Linux by default, so I didn't wanna go bananas over it. Using a Livecd and installing new software is annoying. But, when I feel like it, I'll probably take another look at it. After all, the very author of this book developed that framework her very self!

Where to begin with this book. I had been looking for a book on Kali Linux for over a year now. Many were too deeply set in theory or history and the other half was highly advanced. While I have made a career in cybersecurity, pentesting was something I knew nothing about from a practical standpoint. When I saw this book was by No Starch Press and was full of essential topics (based on table of contents) I did not hesitate to make the purchase.I just finished the book and here is my feedback. Yes some of the .iso files for the target environments are harder to find but can still be found online without the use of torrents. If this stops you from doing the labs then this is purely an academic endeavor and you will not have the skills (resourcefulness) to become a pentester. To me it added to the challenge. I also read in some reviews that the hosted files from the author are no longer available and while this is true, you can still get all the information you need to set up you lab from exploit-db and other sites.Overall this book has done a phenomenal job on introducing users to setting up a lab environments and using tools like Metasploit, Nessus, Maltego, aircrack, and many more. It removed the mystery of how systems are hacked and how anyone with the right mind and technical knowledge could test their own personal network. Always abide by local and federal laws regarding computers.Sources: Master of Science - Cybersecurity (2017), Bachelor of Science - Computer and Information Science (2010), CompTIA Network+ CE and Security+ CE certified, EC Council Certified Ethical Hacker (CEH).

I am only on chapter 4 but it is a remarkable book so far. I go to Barnes and Noble weekly with my kid and since I'm stuck there for few hours with caffeine (cost me $30 - $50 just on food and caffeine in there), I generally browse magazines and tech books. Most tech books seem not well written for the general public, not sure why. I think they just want to intimidate us by making it complicated so we feel stupid :) For now, the first 3 chapters were a bit intimidating. But you have to trust the author and be hands on. Don't just read it, actually download, write, and run the tools and scripts/terminal commands. As far as I know, my computer was not infected with any virus. But I think Chapter 3 and beyond gets more interesting and less boring bc you have braved through the boring set up of virtual machines and mustard the courage to bypass anti-virus protection alerts for some scary downloads etc.In short, I like the way the author writes. The book articulates well and seems to want to invite readers that are new or intermediate pentesters to their world. Other books seem to want to confuse us and tell us how smart they are bc the subject is so complicated that only they are ordained to accomplish the knowledge, I hate that. I will return once I finish later chapters. I like to spend extra time checking out google, bing, or duck for latest updates on each chapter's subject. Things change quickly in this industry.For now, the book is well worth the price, even just up to chapter 3. A lot of programmers, friends and foes alike, from work outside of the states can't use basic stuff to bs me anymore as I'm not going to be intimidated by pings, bash, shell, config, sed, nano, su, dir, grep, cat, echo, or bravo. Thanks for the book. Wow I sound so smart and techy like now lol. Watch out silicon valley :)