EH-Net

Guys,

I've just come across 'Professional Penetration Testing: Creating and operating a formal hacking lab' (http://www.amazon.com/Professional-Penetration-Testing-Creating-Operating/dp/1597494259?SubscriptionId=1YTFWZZRMQTAQBQRSE02&tag=newrelease04-20&linkCode=xm2&camp=2025&creative=165953&creativeASIN=1597494259) (via @coresecurity and @Computer_book).

Contents list looks good:

Seems to have flown beneath my radar, does anyone have any additional info or reviews for this?

Initially it looks like a good addition to my library, but is costly if it turns out to be poor and it seems to be similar to Build Your Own Security Lab (http://www.ethicalhacker.net/forum/index.php?topic=3105.0), which I already own.

Thanks in advance.

Hehe, just thought that I missed this one too until I read the release date:
August 28, 2009.
So it should be available soon and hopefully the first reviews too. So far I couldn't find any previews about it.

As the author is Thomas Wilhelm, I assume that his book will focus on the De-ICE discs.

Andrew how have you found "Build Your Own Security Lab", I have this but have not read it yet.
I had also heard about the other book, didnt think it was available over here yet.

Found this description somewhere out there...

Amazon is shipping the books now (in the US at least), so hopefully the book will appear in your local neighborhood bookstore soon, so you can take a peek before purchasing it. I hope it meets everyone's expectations, and would really like to hear any feedback people might have (send it to my email at twilhelm [at] heorot [dot] net if you don't mind).

As for competitive book titles, I think you'll find this book distinctly different and worth owning. I'm trying to temper my enthusiasm for the book, but I have to admit I am quite excited about it.

- Tom Wilhelm

Jeeze Grendel anyone would think you wrote the book or something  ;D

Sounds like a good one to review for EH-Net. We could also use some new blood for our writing crew, seeing as how many of you desire to eventually wrire a book of your own.

Who wants it?

Don

I would be interested in it. :D
It's nice to see you here at EH-Net, Tom, didn't know that you were here too.

Is this your first written book? How was the experience to go through all this? Can other books be expected from you?

edit: Just thought that Andrew might be also interested in this and as he was the one initially asking about the book, maybe he would prefer to work through it (same as others I guess), especially as "only" one unit is available ;)

Must admit I was a bit dissappointed, could be that I was expecting too much. Would be a good starting point but my personal opinion is that if you've got some experience with virtualisation and testing/experimenting with attack vectors you might be better off purchasing additional equipment for your toolkit. But it does come with a limited demo copy of Core Impact, if you've never seen this suite in action, the cost could be worth it for this alone :)

I'm sure Grendel could sell this further, the Professional Pentesting book looks like it goes beyond just building and attacking a lab environment to include utilising the lab as a foundation for a career and business. Thinking it might be worth a look.

I'd be interested in reading a review for this book. There's a lot of books out there but quality varies wildly. I tend to buy books based on recommendations and reviews rather than the title.

Jimbob

I've written chapters for other books through syngress (my favorite was "the dark side of netcat" for Netcat Power Tools), but this is the first book I wrote cover to cover. Others have said that writing a book is a lot of work, and they understate that fact - not only is it an enormous amount of work simply writing it, there is a ton of editing work that needs to be done, including feedback from the technical editor, publishing editor, the typesetting editor... I probably spent as much time editing the book as I did writing the first draft.

Despite the effort required to write a book, and the loss of time with my family, the experience was worth it. Not only did I learn a lot about the whole publishing effort, I learned a lot about myself, and improved both in writing skills, time management, and organization (hint: write up the references as you go - and use a well-known format, such as APA... going back and doing it later is a serious pain in the ass... no lies).

I definitely plan on writing more - I think the publisher was happy with my work, especially since they sold so many advance copies of the Professional Penetration Testing book already (I basically earned my advance and more in royalties before a single book went out the door... which is awesome, I guess).

Hope that answers your original post... I have more answers if you have more questions.

- Tom W.

Thanks for your insights, Tom. I am certain that others are interested in this too and would appreciate same as me, if you could do some kind of write-up of such a process from beginning concept to a fully published book. :)

As a quick list, here's what I had to do, or suggestions:

1) Create proposal for book, which required marketing research of competitive titles, market size, and educational institutional interest. I also needed to provide background information about myself, create my own quick marketing pitches (used at places like Amazon, which were expanded on by the publisher), and identify each chapter and sub-topics. The actual proposal submission is undoubtedly different for each publisher, and probably can be found online somewhere. The more information you can provide, the better. Turns out, they take your proposal as-is, and submit it through a review process (involving multiple approval steps)... so the more professional the submission and research, the better.

2) Wait for the rejection email. If it's close to being accepted, the email will tell me what the problem area is, so I can fix it. Otherwise... tough luck; maybe next time.
 
3) If accepted, finish contract negotiation... which really means take what they offer if this is the first book.  ;-) (we'll see if there's any flexibility on book #2).

4) Once everything is signed, my first deliverable was the chapter outline, down to three layers (instead of just two, like in the proposal). Hint: Make sure you do your research on this before submitting it... they will hold your feet to the fire if you decide to alter your chapters once submitted).

5) Write your ass off. Cloister yourself in a room for months, with no weekends, and no leisure time after work. I am not kidding about this. Writing the book took multiple revisions, and the sooner you can knock out the material, the better. I barely made the deadline with no additional days to spare, plus I had to take a quarter off from my PhD schooling. Writing a book consumes a lot of time.

6) Get good feedback from people you trust to be brutally honest (preferably others who have already written something). People who massage your ego are doing you a disservice. Take the good advice and do what they tell you. I was lucky to have a friend that provided me with excellent advice, who has also written before. His advice saved me a lot of hardship.

7) Re-write your ass off.

8 ) Re-write your ass off again. Seriously. It sucks re-writing the entire book, over and over again, but it'll be worth it.

9) MAKE YOUR DEADLINES!

10) One my book was submitted, I was passed off to a production editor, who oversaw the editing and production of the final book. I received feedback from the technical editor, and had to incorporate his suggestions, or find really valid reasons to reject them. If you reject the suggestions and the technical editor doesn't agree, you end up in mediation  :o  Yep, you will end up in a phone call until a compromise is decided on.  In other words, you can't BS your way through the book - know your shit. (FYI, I didn't have to go through mediation, but was made clearly aware of the process).

11) Re-write your ass off, taking into account what the technical editor suggests. This can be substantial. Also, the technical editor is not going to correct grammar or spelling errors. It's important to be a good writer (technical writing does not count)... after all, that's pretty much what you're getting paid to do - write, and write well. Knowledge isn't everything, or everyone would be an author.

12) Illustrations and screenshots are critical to get correct. You may think you're doing them right... but you're wrong. The publisher has some very strict guidelines that have to be followed in order to get the images to print correctly.

13) Eventually, I was done with revisions (sort of), and received copies of the chapters in PDF form, which I had to check for accuracy (stuff will always slip through...). Also, I had to check for syntax (for codes). I have no idea how many times I had to read my own book. :-\

14) In my case, I wanted to include a DVD with video tutorials and ISO images, so the reader could replicate everything discussed in the book. Originally, the DVD was going to be dual layer. What a mistake and headache. In the end, we trimmed the disk down to a single layer. I will never attempt to do a dual layer DVD with a book release again. Never.

15) Eventually, I was done. Next, it was waiting, until I received an email telling me they were sending me an advance copy of my book. Oh, JOY!

16) Throw a book release party. Everyone needs closure, especially after a difficult event, and writing a book definitely qualifies as difficult. The writing of the book was overwhelming and stressful for the whole family, and we needed a reason to celebrate. Having the final product in hand made it all feel worthwhile. However, I'm finding out the real stressful part is worrying how the readers feel about the book. Just like a new father, there is the fear that others will think my new kid is "ugly," despite my own bias viewpoint. I honestly believe the book provides a wealth of information for readers of all skill levels, engineers and managers alike... but I have to wait to see what you all think, and that's tough. Real tough.

I'll be reading and writing a review shortly =) Thanks Thomas!

Thanks for taking the time and writing this little write-up, Tom, it's certainly appreciated. Seems there are many things which have to be considered at the beginning in order to save some time and nerves at the end.

Already looking forward to read first reviews on your book.

Since we've been talking about the book in the last couple days, sales at Amazon have shot up. The book is now ranked in 8th place in the Security category, and 13th place under Hacking. Since I've only been talking about it here, I have to contribute the spike in sales to the members of this forum.

Therefore, I would sincerely like to extend my gratitude to the staff of Ethical Hacker, and my overwhelming "thanks!" to its readership. This is all your doing!

- Tom W.

Thanks for sharing the good news. :-)

BTW - I have Andrew Waite slated to do the review. I'm contacting the publisher today to get a copy for him. Stay tuned...

Don

Yep, I must be doing something right/wrong (not sure which yet  ;) ) but I am looking forward to getting my hands on the book.

In all seriousness, thanks for the opportunity Don, hopefully I'll be able do the book justice. Watch this space...

Looking forward to your review, Andrew. Have fun while working through the book. ;)

An interview regarding the book was posted on net-security.org:

http://www.net-security.org/article.php?id=1286 (http://www.net-security.org/article.php?id=1286)

Please ignore the photo of me... not my best profile   :-[

Nice done, good interview. ;)

Not sure how this one slipped by my radar, but I'm totally ordering this one.

I wanted to let everyone know that I will be interviewed on PaulDotCom this Friday: http://pauldotcom.com/wiki/index.php/Episode169 (http://pauldotcom.com/wiki/index.php/Episode169)

I mention it in this thread because they should be giving away free copies of my book to listeners.
 ;D

Hi everyone.

I am a newly registered member of EH.net but have been a lurker for awhile.
Wanted to reply to Tom's post as I am very eager to check out the interview this Friday. I'm pretty sure I'll also be signing up for Mr. Wilhelm's Pen Testing Fundamentals course (either this month or next month - have to figure that out first).

Thanks for posting the link. I'll be listening!

Best regards,
Alicia

Unfortunately for anyone in the UK, Amazon seem to have an ever changing delivery date! Had the book pre-ordered since it was announced, and current arrival date is October 5th!

I'm impatient and have been kinda stoked for the release! Definitely looks worth the wait!! =)

Good job you've got a review and sample chapter (http://www.ethicalhacker.net/content/view/277/1/) to keep you going while you wait ;)

Be patient, it will be worth the wait.

Best of luck with the new book Grendel also best of luck with the new revamped Heorot courses

My interview on PaulDotCom is now available online at their website. For those who listen all the way through the interview, hope you catch the reference back to EH-Net and the book review!   ;D

That was a good interview.

W00t! My copy arrived yesterday. I had a quick look through a few pages and I'm looking forward to setting up my lab and experimenting asap. I'll also provide a short review both here and on Amazon once I'm done.

I would like to thank Andrew Waite for reviewing the book and Tom Wilhelm for writing the book.

The book is rich of materials and the DVD is more than enough as start course in EH field.
 The book is very usefull even for pepole who finished thier CEH or CPT and looking forward to improve them self.

Thanks for the feedback - as you go along, if there;s any additional questions or comments about the material in the book or DVD, please let me know or (better yet) post them on the forums at heorot.net; could be others have the same question or additional input.

...and thanks for buying the book!   ;D

- Tom

I have a safari books online sub, which I fulfiils most of my needs for access to books. Hopefully Syngress will add your book so that I can read it.

However I am interested in what's included on the DVD? I won't have access to the DVD through safari so I might be tempted to purchase a hard copy if there is something to entice me on the DVD.

The DVD is good, has two Penetration testing trainings (videos and lectures) plus some images to replicate the excercises.

50% discount on this book, for today only! Use code 97554
http://twitter.com/syngress/status/5587688694

Nice !

Ordered, although I ended up not saving much because they jacked up pricing for my local region compared to the USD cost  >:(