Thursday, January 1, 2015

Book Review--Penetration Testing

Welcome to the long overdue review. I was contacted by the good people at No Starch Press early in 2014 and asked if I would like to review Penetration Testing by Georgia Weidman when it came out. I jumped at the chance, as I had no background in pen testing, but I've always found the subject interesting. I thought learning about attack techniques might help me be a better forensic investigator as well. I received the book soon after the initial contact but due to a number of things failed to get this review done till now. My apologies to No Starch and Georgia Weidman for taking so long to get this posted.

This is a big book, with 20 chapters comprising a total of 476 pages, not including the index. There are supplemental materials and a Linux virtual machine available for download that allow the reader to  work the examples in the book. Additionally, guidance is given on setting up your entire virtual lab. The guidance includes setting up Windows XP, Windows 7, along with Android emulators. I loved how detailed the instructions were for setting everything up. There were quite a few files to download for the labs, but it was well worth my time and bandwidth to get them.

Along with the above, a torrent is available to download the same version of Kali Linux used in the book. I was unable to use it with VMWare Workstation and it turned out it would run in VMWare Player, but not necessarily in Workstation. I wound up building my own Kali virtual machine and used it through all the labs.

The book covers a little programming in some spots, so a programming primer was included. I am definitely NOT a programmer, so I found this primer to be very helpful.

Throughout the rest of the book, topics such as Metasploit, information gathering, finding vulnerabilities and even post-exploitation are covered. Instruction is given on web application testing, wireless attacks, exploit development and mobile device hacking are also covered in great detail.

After reading this book, I understand so much more about penetration testing than I did before. I learned a lot about how pen tester's gather the information and use it to their advantage through social engineering and other means. I also now have a much greater understanding of how attacks are done and I believe that understanding will help me do my work as a forensic investigator even better.

Weidman does an outstanding job of covering a pretty big range of topics in this book. With the wide range of topics, I can see how it would be difficult to put it all in one book and wind up with something that works, but she managed to pull it off. I enjoy her writing style and loved the labs, too. I don't know how long it took her to put this book together, but it's obvious she spent a lot of time writing and creating the labs and supplementary materials.

If you want to learn about many aspects of penetration testing, I highly recommend this book to you. This book is everything, including the kitchen sink and after reading this book you'll come out with a much better understanding of what pen tester's do and how they do it.

No comments:

Post a Comment