The Basics of Hacking and Penetration Testing 2nd Edition

I purchased this book for a course I was taking for a Master's program. Before reading this, I have never "hacked" a thing in my life. I didn't even know where to start. After completing the reading of this book I was able to successfully attack another machine and get access to it (all legally of course because it was all done in a VM environment that I own).It's a very enjoyable read. The writing is entertaining and educational. I believe from beginning to end I spent about 6 to 8 hours reading it. If you follow along with the examples in the book and try things yourself, you can spend a considerable amount of time in this book. After I read it cover to cover I went back through to try the examples.There are many suggestions at the end of each chapter on how you can continue learning or practicing more of the concepts presented. These suggestions often go far beyond the basics (so they seemed) and help sharpen certain skills. I have not researched or attempted any of these additional suggestions but many of them sounded very interesting and worth taking a look at.As mentioned in the title, this is a basics course. You learn the very basics of many tools that can set you on a solid path to a penetration testing career. If you are new to this field and looking to get a solid foundation on hacking and penetration testing then I would highly recommend this book. If you already have a solid foundation of hacking because you were self taught or are in the industry then most of this book will be irrelevant and elementary, but could be a good review. He does a great job at taking a beginning to end approach pointing out areas that some often overlook that could help you be more successful.I don't know if Patrick Engebretson has written other books but based solely on my experience with this one I will certainly be looking for more from him.

This book was excellent.The author clearly states in the beginning that this isn't the Alpha-Omega hacking text, and is just meant to prepare you for more. I find this to be a *bit* of an understatement.I also have THP2 (Hacker playbook) and the CEHv9 study guide. I just want to compare these three:THP2 seems great, but is sometimes hard to read - it seems to assume that you already know what you're doing, so the learning curve is rough.The CEHv9 SG - This was the first book that I really picked up on the topic, outside of the CompTIA Sec+ Text. At first, It was good, then I got a little bored, and picked up this book by Mr. Engebretson.I loved EVERY second of reading this book. It's challenging, but Pat really goes to lengths to make sure the reader is keeping up. The text is almost entirely based in Kali (though with a bit of tinkering I was able to also follow along with my Ubuntu 16 machine also), and it was never boring or dull. It almost felt like pleasure-reading instead of studying/learning. Oh, and by the way.. I don't remember that any of his examples/labs just didn't work -- kind of a big deal.After completion of this book I went back to the CEHv9 study guide, and found it hard to read, because it was a bit too *basic*. However, I was able to start getting more into THP2; Gives you the warm fuzzies when you realize that you might be up to par..A coworker mentioned an interest in the field (We currently do PC/Network Support & Administration) when he saw me reading the CEHv9 Study Guide, and I pointed him to this book instead.

I've been IT for a long time and read more books than I can count on different topics. This was one of the most well written books I've read in 20 years. It covered the topics really well without going so deep that you lose the context of what you're reading. Each chapter was well written and flowed well to the next. I read the whole book and then went back and practiced the examples so things would soak in. I would definitely recommend it to anyone who wants to start learning penetration testing or see things from an offensive viewpoint. Once you see things from an offensive viewpoint the defensive strategy becomes much clearer.

This is a very good introduction to a method of penetration testing. It's called "basics" for a reason. It's short compared to most introductory books on this topic, but it makes the information a bit more digestible. It gently walks you through, in broad strokes, the process of a "typical" pen test. It's written in a non-technical style, so it's easier to understand for the newcomer.The book does not go in-depth with many of the topics. It wouldn't be feasible, and then it wouldn't be an intro book anymore. There are books dedicated to just protocols alone. So if you are hoping for more explanations or tutorials on understanding things like TCP/IP - this is not it.What I like best about this is that it assumes you have virtually no knowledge of the security field, can operate a computer with some skill, and understand how to follow directions. The high-level view is really best for the true novice, and helps to take away some of the intimidation of the field.The downside, as is any technical book based on technology/internet, is that the information can get outdated or become inaccurate in a hurry. With a page limit for this kind of book, the author has to selectively choose what sources and references will appear in relation to the topic. The core principles stay the same, regardless, so don't get too upset if a site that's listed as an example is no longer functioning or the commands in bash have changed.And one tangential bit/words of encouragement: if you are interested in infosec/cyber security but have no "formal" training/education, don't be afraid. Try it out. Something like this takes time and practice to get good at. (But also don't become a tool jockey - a good pen tester is well-rounded and is constantly adapting.)