Average Reviews:
(More customer reviews)It's nice when a book not only delivers on its stated objective, but it also opens my eyes to a better understanding of a related subject. Metasploit: The Penetration Tester's Guide by David Kennedy, Jim O'Gorman, Devon Kerns, and Mati Aharoni falls solidly into that class. In addition to learning how I can use Metasploit for network penetration testing, I also saw just how easy it is for someone to compromise a system with very little effort or knowledge. You can never rest when it comes to network and system security.
Contents:
Introduction; The Absolute Basics of Penetration Testing; Metasploit Basics; Intelligence Gathering; Vulnerability Scanning; The Joy of Exploitation; Meterpreter; Avoiding Detection; Exploitation Using Client-Side Attacks; Metasploit Auxiliary Modules; The Social-Engineer Toolkit; Fast-Track; Karmetasploit; Building Your Own Module; Creating Your Own Exploits; Porting Exploits to the Metasploit Framework; Meterpreter Scripting; Simulated Penetration Testing; Configuring Your Target Machines; Cheat Sheet; Index
The authors set an ambitious goal in trying to write a book that is useful for both beginners and experienced users of Metasploit. Usually that means that neither side ends up being happy. I can say as a member of the beginner group, I can say they were successful on that end of the scale. There's a fine balance between step-by-step hand holding and the assumption that the reader already knows everything. After an introduction to a structured approach to penetration testing, they start to cover the basics of how someone might use Metasploit to probe a network, gather information on potential attack vectors, and then exploit those potential weaknesses. The major features are covered as opposed to trying to write about every last setting, so the material doesn't bog down in minutia. It's also nice that they set up a fictional penetration test scenario, and follow it through the different chapters. It makes for good continuity. As the book progresses, the emphasis moves towards creating your own modules to run within the Metasploit framework. Not every tester will need or want to go that route, but it's a reminder of how flexible this tool can be.
The bonus of this book was realizing how easy it is to launch various attacks without much effort. I guess I really hadn't thought through what would be necessary to set up phishing attacks, either by sending infected documents or setting up a fake site to collect personal information. With Metasploit, it's nothing more than selecting some options and running the tool. You can argue whether Metasploit is a good or bad thing depending on who is using it, but it's a certainty that this type of behavior will exist and happen regardless. By writing this book, the authors have helped even the playing field between the black hats and the white hats.
Metasploit: The Penetration Tester's Guide is a book that should be on the shelf of any serious computer security professional. And if you're just starting to dabble in the world of network security, this is a great resource to start your journey.
Disclosure:
Obtained From: Publisher
Payment: Free
Click Here to see more reviews about: Metasploit: The Penetration Tester's Guide
"The best guide to the Metasploit Framework." -HD Moore, Founder of the Metasploit Project
The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.
Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.
Learn how to:
Find and exploit unmaintained, misconfigured, and unpatched systems
Perform reconnaissance and find valuable information about your target
Bypass anti-virus technologies and circumvent security controls
Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
Use the Meterpreter shell to launch further attacks from inside the network
Harness standalone Metasploit utilities, third-party tools, and plug-ins
Learn how to write your own Meterpreter post exploitation modules and scripts
You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.
Click here for more information about Metasploit: The Penetration Tester's Guide
0 comments:
Post a Comment