Author: Georgia Weidman
Publisher: No Starch Press
There are many people out there fascinated by the idea of penetration testing, but they believe they could never learn to do it, or haven’t got a clue on where to start. This book aims to be the first book that aspiring pentesters will pick up and, according to the author, the only thing they need to know before working though it is to install software on their computer.
About the author
Georgia Weidman is a penetration tester and researcher, as well as the founder of Bulb Security, a security consulting firm. She presents at conferences around the world and teaches classes on topics such as penetration testing, mobile hacking, and exploit development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security.
Inside the book
You’ll start with creating your own practice laboratory, learn the basics of using Kali Linux (and Linux in general) and a variety of pentesting tools, how to set up a target machine, some programming, and the basics of using the Metasploit Framework. Then you will discover how to gather data about the target, so that you can prepare for an attack.
The book also covers a wide range of attacks one can leverage against the target: exploiting network vulnerabilities; password management schemes; attacking web browsers, PDF readers, Java, and other client software; social engineering; bypassing AV software.
Some additional skills are also addressed, and there are four chapters that will teach you the basics of writing your own exploits and Metasploit modules (instead of leveraging those written by others). The book ends with a chapter on mobile hacking, and the author presents her own Smartphone Pentest Framework and shows you how to use it.
The explanatory subtitle of this book is “A Hands-On Introduction to Hacking,” and it’s exactly what you’ll get. Sit down, go through it one page at a time, and do the things the author tells you to do – it can’t get more easier than that.
If you are a complete beginner in the pentesting arena, you’ll find no need – or desire – to skip a page.
The writing altogether is clear and concise. The chapters are interspersed with short notes that answer questions that come naturally to beginners at that particular juncture, or go a little bit (but not too much) in depth regarding a particular matter or issue. The explanations are extremely graspable and the overall organization of the book is fantastic.
This is the best book for pentesting beginners that I ever had the pleasure of reading.