Book Review: Advanced Penetration Testing

Posted on
Advanced Penetration Testing: Hacking the World's Most Secure Networks | Wiley

Book Name: Advanced Penetration Testing
Author: WIL ALLSOPP, HANS VAN DE LOOY (Foreword)
Publisher: Wiley
Topic: Penetration Testing, Red Teaming
Level: Advanced

Hi everyone. I’m here with a new book review. I read this book a few months ago but ı couldn’t write due to my job and other projects. Let’s dive into the book and why you should read this ?

Firstly, I hate the general penetration testing head. Not all of the vulnerabilities exploitable, we know that. But ı want to tell you, you should know everything is hackable. Why these topics advanced? 🙂 You learned general pentest tools already, you can use these. You can perform basic penetration tests with these tools, but ı want to ask you. Are you a basic pentester or a hacker? We tell “White hat *hackers* “, that’s real? Is that? If your choice of becoming a hacker or advanced penetration tester, you should find your path, your tools, your techniques. No one can be the same technically or personally. There are some ways for that. Reading lots of books, trying-chaining techniques, etc. Now we want to use the first one. This time, book choice is important. Some books repeat others. But on this site, ı try to review unique, qualified books that ı read and like. And one of these types of books is Advanced Penetration Testing from WIL ALLSOPP.

Contents:

Do you like reading stories? I think yes. In this book every chapter will be a story for you. You will learn lots of profiling, client-side attacks, techniques, some physical tactics, etc,

Some topics breafly:

  • Medical Records -> Profiling, VBA Macros, Malicious File Creation, Obfuscation, C2 Basics, etc.
  • Stealing Research -> Java Applets, Persistence, Advanced C2 Management, AD Enumeration-Attacks
  • Twenty-First Century Heist -> APT vs Traditional Pentest, C2 Part III, Evasion Techniques, Payload Delivery
  • Pharma Karma -> Client-Side Exploits, C2 – MSF Integration, Password Harvesting
  • Guns and Ammo -> Ransomware, Tor-C2, Stealth tactics
  • Criminal Intelligence -> HTA Deployment, Several PrivEsc Methods, C2 with phone 🙂 , Spoofing calls
  • War Games -> Baiting, Data Exfiltiration
  • Hack Journalists -> Advanced Social Engineering, Scenario Examples
  • Northern Exposure -> Different OSes, Eavesdropping

You should know coding and least intermediate penetration testing knowledge before reading this book because almost every section contains some codes for understanding process and technique. You don’t need a critical remote code injection/execution vulnerability for hacking a company, you will learn how to hack the most secure networks.

And at the end of the blog, I recommend reading books which you find. You can learn something from every book. (For more information, read this book 🙂 )

Thanks for your time and your interest.

Berk KIRAS – Cyber Security Consultant