This has been in the works for a while (as you've probably noticed it's been listed as coming soon in our monthly newsletter for a while), so I'm happy to be able to bring it to you. I think you'll find it informative and useful as more than just a book review. As always, Mr. Oquendo (AKA sil) brings his vast experience to everything he writes.
Let us know what you think of the book and the review itself.
Permanent link: [Article]-Book Review: Metasploit – The Penetration Tester`s Guide
Review by J. Oquendo“Metasploit – The Penetration Tester's Guide”
by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni is perhaps the most enjoyable book I have come across regarding the uses and functionality of Metasploit
. There were so many concepts it refreshed me on, many functions I didn’t know existed and other functions I did not correctly understand even with my years of using Metasploit. Let’s take an in-depth look into this stellar publication by No Starch Press.
Initially I skipped through the first chapter of the book, “The Absolute Basics of Penetration Testing.” However, I went back to the chapter as I had already been in and out of reading the methodologies laid out by the Penetration Testing Execution Standard (PTES). This chapter actually made sense after the fact, since my approach was that of the technical one: Show me the meat of this book. Not everyone who uses Metasploit (and other tools like it) has a concise understanding of penetration testing, and many will assume that aiming Metasploit at an address constitutes a penetration test. The chapter is clear, summarized and offers much food for thought outside of Metasploit and into the realm of penetration testing.After the break, look for a link to a free download of Chapter 8: "Exploitation Using Client-Side Attacks"