Next up on the book review list is Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman (@georgiaweidman on Twitter).
Before I jump into a review, I wanted say up front I am a huge fan of this book as an awesome first look at penetration testing. This is something I am now implementing as part of the training for new penetration testers on our team. I think this shines through even just seeing the topics covered in the book (below).
If you can’t commit to reading the whole book, take a look at Parts 1-3. These fifteen chapters provide a really solid introduction to a wide range of focus areas under the “penetration testing” umbrella.
Part 1: The Basics
Chapter 1: Setting Up Your Virtual Lab
Chapter 2: Using Kali Linux
Chapter 3: Programming
Chapter 4: Using the Metasploit Framework
This book starts off with the real basis 101 instructions, which is part of what makes this such a good starting point. Georgia walks the reader though setting up their lab (more to come on this) as well as their testing machine. Since this book is really geared to novices, you also get a great introduction to the Metasploit Framework. MSF is an incredible tool for everyone from novice to expert for taking care of the “easy” steps and keeping track of your information during an assessment.
Part 2: Assessments
Chapter 5: Information Gathering
Chapter 6: Finding Vulnerabilities
Chapter 7: Capturing Traffic
Although the book is not “brand new” the Information Gathering chapter covers a number of tools we still use on engagements. Being able to successfully perform Open Source Intelligence (OSINT) is a critical skill in this line of work. There are plenty of resources to dive down the rabbit hole, but we get a good start here.
Vulnerability scanning with the Nmap Scripting Engine (NSE) and Nessus are also great chapters for a newcomer to the penetration testing world. These two tools are key tools to building your skill set. Nessus is pretty similar to the other major players for vulnerability scanning, so the walk-throughs should translate pretty cleanly to whatever commercial scanning tool you have access to.
Traffic capturing is also an important skill. Many times you can go back to traffic captures and find nuggets of information you may have missed in the moment. The book focuses on active attacks such as ARP cache poisoning and DNS spoofing which are useful skills for internal network testing.
Part 3: Attacks
Chapter 8: Exploitation
Chapter 9: Password Attacks
Chapter 10: Client-Side Exploitation
Chapter 11: Social Engineering
Chapter 12: Bypassing Antivirus Applications
Chapter 13: Post Exploitation
Chapter 14: Web Application Testing
Chapter 15: Wireless Attacks
Exploitation brings us back to the MSF with more detail, which again is great for someone just starting out. You also work through payload generation with MSFvenom, which is useful as you get more advanced in penetration testing. The password attacks chapter focuses largely on John the Ripper, which has fallen out of favor with Hashcat taking over. This is especially true when looking at a Windows environment with NTLM hashes.
Coverage of the Social Engineer Toolkit (SET) is useful as well. Even with the introduction to client-side exploits, social engineering will almost always be the fastest way into a network. Spending a few hours on a detailed phishing campaign will almost always pay off in the form of credentials of endpoint footholds.
Part 4: Exploit Development
Chapter 16: A Stack-Based Buffer Overflow in Linux
Chapter 17: A Stack-Based Buffer Overflow in Windows
Chapter 18: Structured Exception Handler Overwrites
Chapter 19: Fuzzing, Porting Exploits, and Metasploit Modules
Buffer overflows were the toughest part of PWK for me, and Georgia does a good job at introducing the concept to the reader. I have not spent the requisite time to achieve a level of comfort to attempt the OSCP yet. I plan to revisit these chapters as a warm up for retaking the PWK class.
This section wraps up with another layer of MSF exposure – always appreciated. I was able to take advantage of the recent Holiday Humble Bundle and picked up the Metasploit textbook to continue learning the intricacies of MSF.
Part 5: Mobile Hacking
Chapter 20: Using the Smartphone Pentest Framework
This was certainly an interesting chapter to work through, but not something I am placing much focus on. I am looking at this book as a training tool, and I think providing the exposure to mobile hacking is great, but the complexities are certainly beyond the scope of the book.