A Book Review of “Penetration Testing: A Hands-On Introduction to Hacking”
In June of 2014 No Starch Press published “Penetration Testing: A Hands-On Introduction to Hacking” by security trainer and researcher Georgia Weidman (@georgiaweidman). Although the book has been categorized as an introductory guide to penetration testing, the information should also benefit more seasoned individuals as well. Wikipedia defines penetration testing as “an attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data.”
The book provides a blue print that can be used by information security practitioners who are tasked in ensuring an organization’s security posture as well as checking to confirm if employees are abiding to the security policies that are in place. Moreover, as an educator, I quickly realized the practical usefulness of “Penetration Testing: A Hands-On Introduction to Hacking” would serve in a classroom and lab environment.
The table of contents represents an orderly and organized method to learning the material in the book. The book begins with an introduction, a very informative section titled “Penetration Testing Primer” that laid out the purpose of the book and builds to more advance concepts and practices in later chapters. The body of the book consists of five parts, twenty well-written chapters as well as a resource and index section. Each chapter in the book ends with a chapter summary recapping the main topics.
Part I titled “The Basics” consist of four chapters that provided outstanding information that would be advantageous in later chapters as well as in the readers’ personal computing activity. The chapters consist of “Setting Up Your Virtual Lab” (Chapter 1), “Using Kali Linux” (Chapter 2), “Programming” (Chapter 3) and “Using the Metasploit Framework” (Chapter 4). The author provided a meticulous step-by-step process, which aided in the successful implementation of the reader’s pen-testing environment, the installation/explanation of the Kali tool, networking and additional testing tools. The author also provided instructions about various computer programming/scripting languages that penetration testers can use to enhance when conducting testing on information resources. Lastly, Metasploit is examined for its use in exploitation and risk factors capability.
In part II titled “Assessments” it consisted of three chapters that provided detectable and undetected techniques to collect information about an organization or computer. The chapters are as follows “Information Gathering (Chapter 5), Finding Vulnerabilities (Chapter 6) and Capturing Traffic (Chapter 7). In chapter 5, “Information gathering”, the author stressed that before starting an active penetration test, the tester must collect as much information as possible. This can be accomplished through the use of “Open Source Intelligence Gathering” tools such as “Net craft” and “Whois Lookups” to name a few. While in chapter 7, “Finding Vulnerabilities” and chapter 8, “Capturing Traffic”, the author guides us through the process of vulnerability analysis for the propose of obtain better target success and traffic capturing to collect and manipulate packets to gain information from other computer systems.
Part III titled “Attacks” consisted of eight of the following chapters “Exploitation” (Chapter 8),
“Password Attacks” (Chapter 9), “Client-Side Exploitation” (Chapter 10), “Social Engineering”
(Chapter 11), “Bypassing Antivirus Applications” (Chapter 12), “Post Exploitation” (Chapter 13), “Web Application Testing” (Chapter 14) and “Wireless Attacks” (Chapter 15) provided scores of exciting information about attacking a target. In this section the author builds from the preparatory work of the assessment (Part II) section of the book to conduct precision attacks. Many concepts are discussed such as default password attacks, exploiting open NFS share, browser, and PDF and Java exploitation. I found the use of the social-engineering toolkit (SET) in “Social Engineering (Chapter 11) to be one of my favorite parts of the book. In this chapter, the authors used SET to conduct spear phishing, web-based and email attacks on a target. This is an excellent way a security practitioner can test to determine if employees are adhering to the organization’s security policies. Post exploitation and wireless attacks were also well covered.
In part IV titled “Exploit Development” the author took a turn from using ready available tools such as Metasploit to attack a target, to using writing our own exploit code. I found this section to be a bit of a challenge, but if you stick with it and do additional research, it will become clearer as time and repeated learning occurs.
As for the last component of the book part V “Mobile Hacking” consist of using the Smartphone Pentest Framework (Chapter 20). This section explains and allows the reader to understand the issues organizations face when employees bring their own device and connects to the network. The chapter discusses the mobile attack vectors that exist such as text messaging, near field communications and QR codes. The introduction and installation process of the Smartphone Pentest Framework is provided. The author provides detail steps on testing and attacking mobile devices and apps. If is obvious, this is one of the author’s strong technical areas.
The appendix and index also provided some additional information the reader should be able to build on and obtain extra reading information to assist in understanding the background thoughts in the book.
The author’s approach of the book was comprehensive for both the beginner and seasoned security individual. The information would serve valuable in the educational environment as well as in the professional training environment. I found the book to be well written and to follow a logical pattern in its concepts.
This book is a contribution to the information security community and will likely aid in producing knowledgeable information security practitioners in the future. I personally enjoyed topics in the assessment portion of the book as well as the use of the Social-Engineering Tool-kit. I do recommend that if you are interested in penetration testing, would like to know more about topic or curious, this book would be a great source.
Weidman, Georgia (2014). Penetration Testing: A Hands-On Introduction to Hacking. No Starch Press
Table of Contents
Foreword by Peter Van Eeckhoutte
Penetration Testing Primer
Part 1: The Basics
Chapter 1: Setting Up Your Virtual Lab
Chapter 2: Using Kali Linux
Chapter 3: Programming
Chapter 4: Using the Metasploit Framework
Part 2: Assessments
Chapter 5: Information Gathering
Chapter 6: Finding Vulnerabilities
Chapter 7: Capturing Traffic
Part 3: Attacks
Chapter 8: Exploitation
Chapter 9: Password Attacks
Chapter 10: Client-Side Exploitation
Chapter 11: Social Engineering
Chapter 12: Bypassing Antivirus Applications
Chapter 13: Post Exploitation
Chapter 14: Web Application Testing
Chapter 15: Wireless Attacks
Part 4: Exploit Development
Chapter 16: A Stack-Based Buffer Overflow in Linux
Chapter 17: A Stack-Based Buffer Overflow in Windows
Chapter 18: Structured Exception Handler Overwrites
Chapter 19: Fuzzing, Porting Exploits, and Metasploit Modules
Part 5: Mobile Hacking
Chapter 20: Using the Smartphone Pentest Framework