Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, no starch press, 2014

Most everything you need to know to get started as a penetration tester in less than 500 pages? This book provides a very practical hands-on introduction to the art of hacking. But you will need to sit yourself down and let your fingers get a lot of exercise before you put yourself on the market as a pro.

Just recently published by no starch press, Penetration Testing: A Hands-On Introduction to Hacking can give you a solid -- practical, useful and insightful -- understanding of how hackers work and how you can use the same methods and tools to guard your systems against attack. But you have to take the "hands-on" part of this title very seriously. If you want to become a skilled security professional with penetration testing and hacking expertise, you will need to spend some time following the suggestions recommended on the 500 or so pages of this book. This involves setting up a lab, installing a particular Linux OS plus some additional tools and getting some significant experience working with the key tools of the trade. The good news is that this book will show you how to do this step by step. If you're new to this area, penetration testing involves looking for known (known by the security community) weaknesses in systems and detecting them. Taken a step further, it can also mean exploiting those weaknesses to learn exactly what secrets your systems might divulge if compromised and how difficult or easy it might be to topple their defenses. When you are able to determine that one or more or your systems are vulnerable to a certain type of attack, you can then take steps to patch the holes or turn off services that might be making you vulnerable to attack. A quick glance at the table of contents below should demonstrate how much material is covered. This book starts with the basics -- an introduction to some of the key tools -- and walks you through many stages of learning the tools and how to use them. It covers a lot of territory -- all the way to the possibility of developing your own exploits and learning how to conduct mobile hacking. One of the first things that hit me while reviewing this book is how easy it is to follow. While the intricate art of penetration testing and hacking in general might seem mysterious and complicated, the author provides very clear explicit instructions on how to set up your own hacking lab, using mostly virtual systems, and installing a series of tools both to use in penetration testing and to introduce vulnerabilities so that you can practice finding them. Early on, she introduces Kali Linux which, following in the footsteps of BackTrack, installs with a hefty set of hacking tools. The book then walks you through the process of installing other tools that you will need to ready yourself for a series of insightful exercises. You can read each chapter and get a lot of understanding of how the tools work, but you really need to DO what is described to get the full benefit of what the author intends to teach you. The books is, after all, the kind of training that you will need to become so adept at penetration testing that you could offer your services as a consultant in this field and she offers advice on how to prepare yourself to do a very good job in this critical field. The Table of Contents illustrates the progression from basic to advanced skills with material divided into 20 chapters.

Foreward by Peter Van Eeckhoutte



Penetration Testing Primer

Part 1: The Basics

Chapter 1: Setting Up Your Virtual Lab
Chapter 2: Using Kali Linux
Chapter 3: Programming
Chapter 4: Using the Metasploit Framework

Part 2: Assessments

Chapter 5: Information Gathering
Chapter 6: Finding Vulnerabilities
Chapter 7: Capturing Traffic

Part 3: Attacks

Chapter 8: Exploitation
Chapter 9: Password Attacks
Chapter 10: Client-Side Exploitation
Chapter 11: Social Engineering
Chapter 12: Bypassing Antivirus Applications
Chapter 13: Post Exploitation
Chapter 14: Web Application Testing
Chapter 15: Wireless Attacks

Part 4: Exploit Development

Chapter 16: A Stack-Based Buffer Overflow in Linux
Chapter 17: A Stack-Based Buffer Overflow in Windows
Chapter 18: Structured Exception Handler Overwrites
Chapter 19: Fuzzing, Porting Exploits, and Metasploit Modules

Part 5: Mobile Hacking

Chapter 20: Using the Smartphone Pentest Framework



In one of the early chapters, the book introduces the power of the Unix command line -- enough to get anyone who has never experienced the wonders of commands like grep and sudo. It covers such skills as adding users, viewing man pages, creating and moving files, file permissions, grep, vi and network setup commands. It also introduces the netcat command and cron. Simple scripting in bash, including loops and if/then commands, plus a quick introduction to Python and C are also provided. It doesn't take long before it gets into Metasploit -- the de facto standard for penetration testing -- along with an explanation of Metasploit modules and how to find more. By the time we've reached Chapter 5, the book has moved into the craft of information gathering -- how anyone can learn about a potential target using public information and then how they can discover public-facing systems and what services are running on those systems. The book also explains how DNS zone transfers might be used and what they can tell you. It also addresses how you might collect email addresses for a target site. Nessus is introduced for vulnerability scanning and nmap for port scanning and more, including how to use NSE -- the nmap scanning engine -- to prepare your own scripts and how to find scripts that others have written to use in your work. Other topics include such things as capturing traffic with Wireshark on local and remote subnets, tricking a switch into sending you packets that you wouldn't ordinarily see by using cache poisoning and how to make use of ARP and DNS cache poisoning. If this is sounding a little sinister, just keep in mind that, unless you understand the process, you won't fully understand how to defend yourself against or be able to explain to potential clients that they have a risk and why and, of course, what to do about it. The basics and the introduction of all the various tools lead quite naturally into the exploitation/attacks section of the book. As you can see, Part 3 gets into a series of attack methods. From password attacks such a brute force and using Jack the Ripper to client-side (once you're on a system) attacks such as escalating privilege and keylogging to making your access to compromised systems more or less permanent. It also covers such techniques as SQL injection and cross-site scripting, maybe not to the depth you would expect to see on OWASP (, but enough to get you understanding the process and ready to look for the vulnerabilities that make these exploits possible. It's been nearly a couple short decades since I was first introduced to the idea that, to protect your network, you should think like a hacker. Many tools have appeared since then -- tools like Metasploit, Nessus, Nexpose, nmap, etc. -- and a lot of excellent conferences are now held every year. You will also find some excellent classes that can help you get up to speed on what you can do to protect your systems and how. But, unless you have to time to get up and stay up to speed on the tools and techniques available to you, it's hard to keep up with the hacker community. It takes a lot of time and attention to be proactive about network security. Setting up your own lab, working with the key tools on continuous basis, and identifying and resolving the vulnerabilities that you find on your network will help you stay ahead of the threats and will keep your skills both fresh and salable. This book is geared toward people who want to go into the field as penetration testers, offering their skills to organizations that need an independent's ability to collect information, conduct penetration testing, attempt exploits, and properly document the flaws and weaknesses that they discover so that the systems can be made more secure. This is an excellent field to be working in these days and this book is great way to get started. The author, Georgia Weidman, is herself a penetration tester and is founder of a security consulting firm called Bulb Security. She also teaches and presents at security conferences such as Black Hat, ShmooCon, and DerbyCon.

Read more of Sandra Henry-Stocker's Unix as a Second Language blog and follow the latest IT news at ITworld, Twitter and Facebook.

Copyright © 2014 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022