Book Name: Advanced Penetration Testing
Author: WIL ALLSOPP, HANS VAN DE LOOY (Foreword)
Publisher: Wiley
Topic: Penetration Testing, Red Teaming
Level: Advanced
Hi everyone. I’m here with a new book review. I read this book a few months ago but ı couldn’t write due to my job and other projects. Let’s dive into the book and why you should read this ?
Firstly, I hate the general penetration testing head. Not all of the vulnerabilities exploitable, we know that. But ı want to tell you, you should know everything is hackable. Why these topics advanced? 🙂 You learned general pentest tools already, you can use these. You can perform basic penetration tests with these tools, but ı want to ask you. Are you a basic pentester or a hacker? We tell “White hat *hackers* “, that’s real? Is that? If your choice of becoming a hacker or advanced penetration tester, you should find your path, your tools, your techniques. No one can be the same technically or personally. There are some ways for that. Reading lots of books, trying-chaining techniques, etc. Now we want to use the first one. This time, book choice is important. Some books repeat others. But on this site, ı try to review unique, qualified books that ı read and like. And one of these types of books is Advanced Penetration Testing from WIL ALLSOPP.
Contents:
Do you like reading stories? I think yes. In this book every chapter will be a story for you. You will learn lots of profiling, client-side attacks, techniques, some physical tactics, etc,
Some topics breafly:
- Medical Records -> Profiling, VBA Macros, Malicious File Creation, Obfuscation, C2 Basics, etc.
- Stealing Research -> Java Applets, Persistence, Advanced C2 Management, AD Enumeration-Attacks
- Twenty-First Century Heist -> APT vs Traditional Pentest, C2 Part III, Evasion Techniques, Payload Delivery
- Pharma Karma -> Client-Side Exploits, C2 – MSF Integration, Password Harvesting
- Guns and Ammo -> Ransomware, Tor-C2, Stealth tactics
- Criminal Intelligence -> HTA Deployment, Several PrivEsc Methods, C2 with phone 🙂 , Spoofing calls
- War Games -> Baiting, Data Exfiltiration
- Hack Journalists -> Advanced Social Engineering, Scenario Examples
- Northern Exposure -> Different OSes, Eavesdropping
You should know coding and least intermediate penetration testing knowledge before reading this book because almost every section contains some codes for understanding process and technique. You don’t need a critical remote code injection/execution vulnerability for hacking a company, you will learn how to hack the most secure networks.
And at the end of the blog, I recommend reading books which you find. You can learn something from every book. (For more information, read this book 🙂 )
Thanks for your time and your interest.
Berk KIRAS – Cyber Security Consultant
Great web siјte yyou have gօt here.. It’s difficult to fiond high-quality writing
like yours nowadays. I honestly appreciate people like
you! Τake care!!
grasp your rss as I can not in finding your email subscription link or e-newsletter service. Do you?ve any?
I was wondering if you ever considered changing the layout of your website?
Its very well written; I love what youve got to say. But maybe you
could a little more in the way of content so people could connect with it better.
Youve got an awful lot of text for only having one or two images.
Maybe you could space it out better?
I have read so many posts about the blogger lovers however
this post is genuinely a good post, keep it up.
I am genuinely grateful to the owner of this site who has shared this wonderful
post at at this time.
This design is incredible! You most certainly know how to keep a reader amused. Between your wit and your videos, I was almost moved to start my own blog (well, almost…HaHa!) Excellent job. I really loved what you had to say, and more than that, how you presented it. Too cool!
Remarkable! Its actually awesome post, I have got much clear idea on the topic of from this post.
Thank you for some other great post. The place else could anyone get that kind of info
in such an ideal method of writing? I have a presentation next
week, and I am at the look for such info.