wooohooo!! I already bought those books but the first one is awsome

i havent read the second one but i think the first one is better

Advanced Penetration Testing for Highly-Secured Environments is a great read... +1

I've flipped through Advanced Penetration Testing for Highly-Secured Environments. I have some mixed feelings about it. Some things in the book aren't what I'd consider "advanced" (starting an ftp server, basic nmap scans, snmp scans, selecting a text editor ()). Yet there are some gems in there, like setting up your own virtual lab, and bypassing IDSs and firewalls. Other things it barely touches upon (buffer overflow refresher - but never really goes into detail). There's a section on fuzzing, but only covers basic fuzzing.

Maybe it's just me, but when I see "Advanced" I expect something like this: http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf

I've only been focusing on learning more about security since the beginning of the year and I have a bit of a different view on books.

I own a few different security books, grey hat hacking, hacking exposed and they are pretty much similar in content (which you would expect), but it depends on your skill level and the way you learn.

In all honestly I only use books as a reference point rather than reading through the whole thing, and forgetting most of it. The book depends on what you want/need to learn, for the myself I wrote a training plan over a year covering different tools and methods and then find the books (and don't forget Google) to learn those particular areas. I throw in a healthy dose of lab work (built various VM's) to push home what I've read and learnt.

Pen Testing usually follows a set pattern in terms of what you need to do:

scan, enumerated, exploit etc etc

From that you can work out the areas you need to learn about and then find books/pdf's/google material to progress. Otherwise you might end up reading books about subjects you don't need or only just cover a subject that is really important.

But then that's the just the way I learn best, like I said everyone is different and there are a lot of good books available.

I've just created a new wish list of Security books. Check it out here.

http://www.amazon.co.uk/registry/wishlist/1INPZOXT8TJY3

Adam

Question about VB and VMplayer. Chapter 8 of the advanced pen test book is avialable for free to the public. They use VB and the auther mentions that backtrack is on vlan1 and ubuntu is on vlan2. Now is the terminology of vlan in virtual box the same as it is in cisco? or is that they way virtualbox lables virtual network adapters? If it is an actual vlan, then is there a way to do that in vmplayer?

thanks guys

o cool. yeah vlan is used in hp switches, juniper and basically any managed switch. haha. i did a little bit more digging and in the book, he just calls it vlan1 and vlan2 as the name of the network in VB because pfsense firewall apparently uses vlans as the way to seperate networks. sorta like how other firewalls had color coded names. red(public)green(private lan)orange(dmz)blue(wifi) pfsense just uses vlans. pretty much same thing.

so in vb the name is just vlan1 and vlan2 in the settings. its not actually creating vlans. haha. in vmplayer, its different. im actually learning tons right now. my lab is lookin awesome. i have a firewall between bt5 and de-ice lvl 1. this way i cn see how a fw is working. gonna install snort on it next.

took me like 4 hours to figure out what the book was trying to do. haha. since i dont use vb i had to make sure it was not actual vlans, but rather just names of the network cards. he later changes them to wlan1 and wlan2 or wan1 and wan2. haha.

thanks guys.

here is the link to the free chapter in case you want to read i.its 40$ from the same site if you want to buy it

http://packtlib.packtpub.com/library/9781849517744

http://www.packtpub.com/sites/default/files/9781849517744-Chapter-8.pdf?utm_source=packtpub&utm_medium=free&utm_campaign=pdf