Advanced Penetration Testing: Hacking the World's Most Secure Networks 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Frequently bought together
Customers who bought this item also bought
From the Publisher
|Penetration Testing Essentials||Advanced Penetration Testing: Hacking the World's Most Secure Networks|
|Audience Level||Beginner||Intermediate to Advanced|
|Content Length||360 pages||288 pages|
|Author||Sean-Philip Oriyano||Wil Allsop|
|Pub Date||December 2016||March 2017|
From the Back Cover
HOW TO ESTABLISH AN IMPENETRABLE LINE OF DEFENSE USING EVERYTHING IN THE PROFESSIONAL HACKER'S BAG OF TRICKS
Typical penetration testing is highly formulaic and involves little more than time-limited network and application security audits. If they are to have any hope of defending their assets against attacks by today's highly motivated professional hackers, high-value targets will have to do a better job of hardening their IT infrastructures. And that can only be achieved by security analysts and engineers fully versed in the professional hacker's manual of dirty tricks and penetration techniques.
Written by a top security expert who has performed hacking and penetration testing for Fortune 100 companies worldwide, Advanced Penetration Testing: Hacking the World's Most Secure Networks schools you in advanced techniques for targeting and compromising high-security environments that aren't taught in any certification prep or covered by common defense scanners. Author Wil Allsopp goes well beyond Kali linux and Metasploit to provide a complex, highly realistic attack simulation. Taking a multidisciplinary approach combining social engineering, programming, and vulnerability exploits, he teaches you how to:
- Discover and create attack vectors
- Move unseen through a target enterprise and reconnoiter networks, operating systems, and test structures
- Employ social engineering strategies to create an initial compromise
- Establish a beachhead and leave a robust command-and-control structure in place
- Use advanced data exfiltration techniques―even against targets without direct Internet connections
- Utilize advanced methods for escalating privilege
- Infiltrate deep into networks and operating systems using harvested credentials
About the Author
Wil Allsopp is an IT security expert with 20 years experience, specializing in red team engagements, penetration testing, vulnerability assessment, security audits, secure source code review, social engineering, and advanced persistent threats. He has performed ethical hacking and penetration testing for numerous Fortune 100 companies.
There was a problem filtering reviews right now. Please try again later.
We all hear about the social engineering component to an effective attack, but to see it so effectively used over and over again with Wil's case studies really drives home the point.
If you're involved in either the management of an Information Security program, or involved in the more tactical parts of penetration testing, I'd put this on your short list of books to read this year. I hope he does a follow-up.
This book seemed light at first (200 pages), so I was skeptical at it's ability to really tackle advanced topics, but I will say I was very pleasantly surprised. Those two hundred pages are action packed and filled with jaw-dropping 'this is cool' moments.
My only gripe with it is that it's a little formulaic, with the social engineering being shoehorned into every attack, and maybe pushing the whole APT thing too much, like when you really want something to become 'a thing'. Do we really need to socially engineer payloads using the same formula for all of the attacks? Not even one 'ha Ked the router with boring Cisco exploits' example? I guess it wouldn't make for an entertaining book.
Top international reviews
What this book does really well is explain a real world scenario of an "advanced persistent threat". It initially starts off with a Macro based exploit and then covers topics such as C2 servers, connecting to them through TOR and some other cool stuff.
I would say that the book is not written to follow every technique like a tutorial, as certain topics, e.g. how criminals setup fake accounts and register dodgy domains etc. are not practical, but obviously possible. Setting up the infrastructure to follow it step by step would take quite a bit of work.
Overall it's an eye opener.
The author details several highly interesting penetration tests he went on as well as introducing many technologies that might aid in the hack. He doesn't waste ink on basic topics such as port scanning like the rest of the generic pentest books (thank you!) making it an extremely educational book.
Ich würde es dennoch empfehlen schon alleine um seine Gedankengänge nachvollziehen zu können.
Hace tiempo empecé a adquirir manuales en inglés, y no tienen nada que ver. Este libro por ejemplo, es bastante bueno y actual. Explica diferentes formas de realizar un apt, porque sucede normalmente, etc... La verdad que es muy bueno. Al principio tuve dudas, pero analizando el contenido del índice, me decanté por su compra y no me ha defraudado en absoluto. Recomendado su compra al 100%.
La lettura richiede una certa disinvoltura con la programmazione in generale (capacità di usare/interpretare praticamente qualsiasi linguaggio di programmazione) ed una bella infarinatura sugli strumenti di auditing.
Niente codice da copiare/incollare (è una guida da "mondo reale 2017"), ma chiarezza espositiva ed una quantità di spunti di riflessione per mettere in pratica una vera Advanced Persistent Threat, ovvero, di contro, un test di penetrazione "ad hoc".
"Esiste un'antica ma sbagliata credenza secondo cui la fortuna aiuta gli audaci. La fortuna ha aiutato e sempre aiuterà quelli preparati..."
Los fragmentos de código y los pantallazos ayudan a la comprensión, pero se dejan deliveradamente algunas cosas para que el lector pueda cacharrear y aprender practicando. Puedes leerte el libro en una tarde y aún así, sacar lecciones valiosas. Pero la mejor forma de consumirlo sin duda es teniendo un VMWare y un Kali delante para ir jugando con las técnicas que se van describiendo.
Si solo pudiera extraer una lección de este libro, sería la siguiente: el pentesting real es 0% 0Day exploits y herramientas mágicas, y 100% usar el cerebro. La mayoría de los casos descritos en el libro comienzan con algún tipo de phishing y, en situaciones donde uno pensaría en ir corriendo a buscar algo a ExploitDB, el autor te muestra posibles atajos y trucos que muchas veces se pasan por alto debido a la complejidad de los sistemas con los que trabajamos.