, ,

Book Review: BackTrack 4: Assuring Security by Penetration Testing

,

Don’t have the cash for a $2000 – 3000 penetration testing course? Don’t know which tools are outdated or relevant? Lost in the sea of Backtrack options? You learn better on your own anyway? No problem! BackTrack 4: Assuring Security by Penetration Testing (BASPT), authored by Shakeel Ali and Tedi Heriyanto, is a 12-chapter compendium on everyone’s favorite hacking distribution, Backtrack 4.

Filling the need for a refresher to older titles on abandoned projects like Knoppix or Auditor (see somewhat outdated: Penetration Tester’s  Open Source Toolkit, Vol. 2), BASPT gives syntax and usage tips on a plethora of different tools included in the suite and is broken down into the generic pentesting methodology with which most people today are familiar. Not only that, but also the book itself reads like some of those intro to penetration testing classes we have all been to costing many more times the cost of a single book.

Intrigued? Let’s take a closer look.

BASPT is broken into three parts, each containing appropriate chapters to the given subject matter. Part I: Lab Preparation and Testing Procedures contains the first two chapters.

Chapter 1: Beginning with BackTrack

Chapter 1 of BASPT is a fast track to setting up the distro in its various forms, getting network connectivity up and running, and updating/installing auxiliary tools. Nothing novel here, but it is helpful to a novice user. However, the book was lacking when it came to setting up secondary useful pentesting services like apache, telnet/ftp, ssh, etc. While some curriculums consider these services pre-requisite *nix knowledge, BASPT came across at an instructional level that should have included them and their usefulness but didn’t.

Chapter 2: Penetration Testing Methodology

Chapter 2 of BASPT was a primer on assessment types and methodologies. While generally informative and educational, it missed the mark on a few descriptions and definitions. While I have no doubt that the authors referenced industry standard methodologies like OSSTMM and ISSAF, sometimes these are just too abstract or plain outdated for someone doing real pentesting nowadays. For example, their classifications of Blackbox = external and Whitebox = internal testing are erroneous.

The final section of Chapter 2 brought it all together with the “Backtrack” testing process which is very similar to what you’ll see in the real world:

bt_testing_process.png
Image from p52 of the Book

These chapters could have used some descriptions for the differentiators between Netpen vs Webpen, internal vs external tests, but, all in all, it had a very good synopsis of industry standards. It also introduced a beginning tester to all the references needed to start general pentesting.

Part II of BASPT is the Penetration Testers Armory covering the bulk of the contents of the book. For brevity’s sake, we’ll only cover chapters three and four.

Chapter 3: Target Scoping

Along with permission from the owner of the network being attacked, scoping and project management (and eventually documentation and reporting) is what separates criminals from security professionals. Although titled Target Scoping, this section covers scoping as well as PM. It was actually very well written and adequately describes what is needed therein.

Chapter 4: Information Gathering

While I’m a huge proponent of Open Source Intelligence (OSINT) and was happy to see it represented right away, it is also a good illustration of where there’s kind of a mixed bag inside BASPT. BASPT is a Backtrack 4 book that also tries to be an all-inclusive pentesting book. While going over document gathering you get a glimpse of Metagoofil, but anyone doing OSINT as part of their assessment regime knows that, barring its Windows nature, Fingerprinting Organizations with Collected Archives (FOCA) is a superior (and more often stable) metadata extraction tool.

Chapter 4 is also where the reader runs into ‘man page hell,’ where the book reads more like a series of categorized man pages with minor syntax variances, and less like an in-depth explanation of what and why you are doing what you are doing.  In addition, there is quite a bit of tool overlap. One such example is why would a pentester ever need so many DNS tools (6) is mystery to me, as fierce usually does everything I need. Then again, that’s the Backtrack way, “Give em everything, let em use what they want.”

Part II: Penetration Testers Armory continues with the following chapters:

• Target Discovery
• Enumerating Target
• Vulnerability Mapping
• Social Engineering
• Target Exploitation
• Privilege Escalation
• Maintaining Access
• Documentation and Reporting

While I could go over every chapter, the comments from the previous paragraph echo on. Each chapter goes through the Backtrack menu providing a simple man-page-style usage and output for tools in each section. Some sections had much less structure and tool context, such as “Vulnerability Mapping,” but other sections that have a much more rigid and defined role were rock solid. Not all areas were so dry, as there were numerous drills contained in certain areas of Part II (which included some post exploitation stuff with Metasploit… Bravo!). Of those that had drills, I thought they were great.

Finally we come to Part III: Extra Ammunition that includes two appendices for Supplementary Tools and Key Resources. The auxiliary tool section contained a few extra installs including a good netcat walkthrough, while the resources included were sparse but useful. These additions will be very welcome to a beginning pentester.

The Skinny

While sometimes disorganized and trying to tackle a bit too much, BASPT is a great pentest reference book for beginners.  Although BackTrack 5 was recently released, this book still stands as the most up-to-date book published on pentest tool usage in existence, and one would be hard pressed to find a better price tag for what you get.

BASPT is technical and benefits from its reference nature. Even day-job testers do not get to exercise all of these tools because of differences in engagement types, so it’s useful to have one place organizing them all with some usage cases to give context.

If you are just getting into pentesting, or are interested in the gazillion tools in Backtrack and what their differences are, I highly recommend picking up the book. All in all I thought the book represented a good updated intro to the tools and general methods in today’s pentesting arsenal. Was it the 1337est, most ninja book ever? No, but it’s going on my bookshelf anyway.

Author Bio

EH-Net Live July 2018 - Bug Hunting as a Second Income - Haddix - PicJason Haddix, VP of Trust and Security at Bugcrowd, Inc.

I am passionate about information security. Not only is security my career focus but it’s my hobby. I absolutely love my job.

In my previous role as Director of Penetration Testing I led efforts on matters of information security consulting. The gamut stretched from developing test plans for Fortune 100 companies to competing in “bake-offs” to win business against other top tier consulting vendors.

In my current role I serve as the Director of our Application Security Engineers and Technical Operations. This means I am an extension of (and advisor to) over 300+ security programs across many industry verticals. Under my direction, my team has triaged over 15,000 vulnerabilities this year alone. We also strive to keep the relationship between vulnerability researcher and customer a good one.

While I never call myself a “master” of anything, I do have a very particular set of skills; skills I have acquired over a very long career. These skills make me adept at getting business, finding security vulnerabilities, and eventually leading a customer to a better security posture.

Jason is a regular columnist for EH-Net. See all articles by Jason Haddix.

Tags:

This topic contains 10 replies, has 9 voices, and was last updated by  Anonymous 7 years, 10 months ago.

  • Author
    Posts
  • #6536
     Don Donzal 
    Keymaster

    Another sneak peak into a book that may end up on your shelf. Let us know what you think of the review or the book itself if you’ve also read it.

    Permanent link: [Article]-Book Review: BackTrack 4: Assuring Security by Penetration Testing

    by Jason Haddix

    Don’t have the cash for a $2000 – 3000 penetration testing course? Don’t know which tools are outdated or relevant? Lost in the sea of Backtrack options? You learn better on your own anyway?

    No problem!

    BackTrack 4: Assuring Security by Penetration Testing (BASPT), authored by Shakeel Ali and Tedi Heriyanto, is a 12-chapter compendium on everyone’s favorite hacking distribution, Backtrack 4. Filling the need for a refresher to older titles on abandoned projects like Knoppix or Auditor (see somewhat outdated: Penetration Tester’s  Open Source Toolkit, Vol. 2), BASPT gives syntax and usage tips on a plethora of different tools included in the suite and is broken down into the generic pentesting methodology with which most people today are familiar. Not only that, but also the book itself reads like some of those intro to penetration testing classes we have all been to costing many more times the cost of a single book.

    Intrigued? Let’s take a closer look.

    Enjoy this review and be sure to check out Jason Haddix’s column by cicking on his name above,
    Don

    • This topic was modified 10 months, 2 weeks ago by  Don Donzal.
  • #40552
     WCNA 
    Participant

    Speaking of Backtrack books, Vivek Ramachandran, who discovered the Caffe Latte Attack, has a book “BackTrack 5 Wireless Penetration Testing Beginner’s Guide” coming out in August. You can get more info here-
    http://www.packtpub.com/backtrack-5-wireless-penetration-testing-beginners-guide/book

  • #40553
     lorddicranius 
    Participant

    I thought I remember hearing about this book elsewhere on the forums.  Great review, thanks Jason.

    And thanks for the heads up on Vivek’s book, WCNA.  I love his WLAN security megaprimers series, definitely adding that one to my wishlist as well.

  • #40554
     rattis 
    Participant

    lorddicranius You did, It was talked about in the books for beginner’s topic under Book Reviews.

    Personally I’ve been looking forward to a full review of this book. Can’t wait until I get to that tab now.

    —- Edit—-

    Read the review. Still questioning whether I’d buy this book or not.  I might buy one if I can get it good price used off amazon. Having a command reference book might be worth it.

  • #40555
     El33tsamurai 
    Participant

    found the ebook version out there for 23 bucks might pick it up myself. http://www.pucktpub.com I believe the site is called.

  • #40556
     WCNA 
    Participant

    Yes, it is at the same place (packtpub) as Vivek’s book will be.

    http://www.packtpub.com/backtrack-4-assuring-security-penetration-testing/book

  • #40557
     El33tsamurai 
    Participant

    Thanks, always better to get an ebook not wasting any trees :-D.

  • #40558
     Dark_Knight 
    Participant
  • #40559
     Jhaddix 
    Participant

    Wesley is awesome, and i respect his opinion =)

    If you read carefully we actually have the same ideas about the book but draw different conclusions.

    I see it as the only up to date reference atm, and being so cheap, for anyone who wants to get into pentesting or has no idea about backtrack, it is a great resource.

    Comparing it to WAHH by content is unfair b/c WAHH is all webapp. if the comparison is one of quality, sure WAHH wins hands down…

    Imo it’s either BASPT, an outdated book,  a $300 course from offsec ,or googling everything yourself.

    Anyways, it’s always good to have multiple viewpoints!

  • #40560
     wesleymcgrew 
    Participant

    Thanks for the kind words!

    To clarify, the comparison to Web Application Hacker’s Handbook is primarily one of quality as something that intends to teach the reader something. The prose around the technical material is much better-written as well, which is the worst failing of this Backtrack book.

    In my work, I interact with a lot of students that are beginning to take an interest in penetration testing, and I rarely if ever recommend books that are primarily references to commands. In the case of Backtrack, I’d rather show them how to pull up the individual tools’ documentation for that kind of information.

    What I do recommend to beginners are “subject area” books, which take a more in-depth look at a certain topic/technique/specialization. My default recommendation for this is Web Application Hacker’s Handbook, since it’s very easy for a beginner to get into breaking web apps. If they’re coming in with the appropriate background and are interested in it, I may steer them towards Hacking: The Art of Exploitation 2nd Edition or Reversing: Secrets of Reverse Engineering instead.

  • #40561
     Anonymous 
    Participant

    I agree with wesleymcgrew I read this book and as someone knew to Pen testing I didn’t find it that great.

    It didn’t go into any real details and it seem to miss a lot stuff out like wireless there was no mention of any of the wireless tools.

    I personally felt that it didn’t teach me anything I could not find out from the man pages

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?