Professional Penetration Testing

Viewing 36 reply threads
  • Author
    Posts
    • #4163
      RoleReversal
      Participant

      Guys,

      I’ve just come across ‘Professional Penetration Testing: Creating and operating a formal hacking lab’ (via @coresecurity and @Computer_book).

      Contents list looks good:

      Product Description
      PART I – Setting Up
      Chapter 1: Introduction
      Chapter 2: Ethics and Hacking
      Chapter 3: Hacking as a Career
      Chapter 4: Setting up Your Lab
      Chapter 5: Creating and Using PenTest Targets in Your Lab
      Chapter 6: Methodologies
      Chapter 7: PenTest Metrics
      Chapter 8: Management of a PenTest

      PART II – Running a PenTest
      Chapter 9: Information Gathering
      Chapter 10: Vulnerability Identification
      Chapter 11: Vulnerability Verification
      Chapter 12: Compromising a System and Privilege Escalation
      Chapter 13: Maintaining Access
      Chapter 14: Covering Your Tracks

      PART III – Wrapping Everything Up
      Chapter 15: Reporting Results
      Chapter 16: Archiving Data
      Chapter 17: Cleaning Up Your Lab
      Chapter 18: Planning for Your Next PenTest

      Appendix A – Acronyms
      Appendix B – Definitions

      Seems to have flown beneath my radar, does anyone have any additional info or reviews for this?

      Initially it looks like a good addition to my library, but is costly if it turns out to be poor and it seems to be similar to Build Your Own Security Lab, which I already own.

      Thanks in advance.

    • #26369
      UNIX
      Participant

      Hehe, just thought that I missed this one too until I read the release date:
      August 28, 2009.
      So it should be available soon and hopefully the first reviews too. So far I couldn’t find any previews about it.

      As the author is Thomas Wilhelm, I assume that his book will focus on the De-ICE discs.

    • #26370
      dalepearson
      Participant

      Andrew how have you found “Build Your Own Security Lab”, I have this but have not read it yet.
      I had also heard about the other book, didnt think it was available over here yet.

    • #26371
      BillV
      Participant

      Found this description somewhere out there…

      An invaluable book and DVD package, Professional Penetration Testing: Creating and Operating a Formal Hacking Lab is designed to replicate the experience of in-classroom, instructor-led, penetration testing training, which costs the typical security professional (or their employer) $1,000 or more for the courses alone, plus T&E, and days upon days of non-billable hours. Expert author Thomas Wilhelm has delivered exactly this type of penetration testing training to countless security professionals and, for the first time, provides his years of experience, training, expertise, labs, and real-world vulnerability scenarios in a single book/DVD retail product. Penetration testing is the act of testing one’s own network (or that of a client) to find security vulnerabilities before these exact same holes are found and more importantly exploited by phishers, digital piracy groups, and almost countless other organized or individual malicious havkers. Addressing the profession holistically and practically, the material presented in this book targets all levels of hacking skills, benefitting both management and engineers in the trenches. This book bridges the gap between theoretical and hands-on knowledge of professional hacking techniques, targeting information systems and networks. It includes everything required to establish a secure hacking lab, learn methodologies, conduct attacks, and use real-world examples of vulnerable and exploitable servers.

    • #26372
      Grendel
      Participant

      Amazon is shipping the books now (in the US at least), so hopefully the book will appear in your local neighborhood bookstore soon, so you can take a peek before purchasing it. I hope it meets everyone’s expectations, and would really like to hear any feedback people might have (send it to my email at twilhelm [at] heorot [dot] net if you don’t mind).

      As for competitive book titles, I think you’ll find this book distinctly different and worth owning. I’m trying to temper my enthusiasm for the book, but I have to admit I am quite excited about it.

      – Tom Wilhelm

    • #26373
      dalepearson
      Participant

      Jeeze Grendel anyone would think you wrote the book or something  ;D

    • #26374
      Don Donzal
      Keymaster

      Sounds like a good one to review for EH-Net. We could also use some new blood for our writing crew, seeing as how many of you desire to eventually wrire a book of your own.

      Who wants it?

      Don

    • #26375
      UNIX
      Participant

      I would be interested in it. 😀
      It’s nice to see you here at EH-Net, Tom, didn’t know that you were here too.

      Is this your first written book? How was the experience to go through all this? Can other books be expected from you?

      edit: Just thought that Andrew might be also interested in this and as he was the one initially asking about the book, maybe he would prefer to work through it (same as others I guess), especially as “only” one unit is available 😉

    • #26376
      RoleReversal
      Participant

      @dalepearson wrote:

      Andrew how have you found “Build Your Own Security Lab”, I have this but have not read it yet.

      Must admit I was a bit dissappointed, could be that I was expecting too much. Would be a good starting point but my personal opinion is that if you’ve got some experience with virtualisation and testing/experimenting with attack vectors you might be better off purchasing additional equipment for your toolkit. But it does come with a limited demo copy of Core Impact, if you’ve never seen this suite in action, the cost could be worth it for this alone 🙂

      I’m sure Grendel could sell this further, the Professional Pentesting book looks like it goes beyond just building and attacking a lab environment to include utilising the lab as a foundation for a career and business. Thinking it might be worth a look.

    • #26377
      Anonymous
      Participant

      I’d be interested in reading a review for this book. There’s a lot of books out there but quality varies wildly. I tend to buy books based on recommendations and reviews rather than the title.

      Jimbob

    • #26378
      Grendel
      Participant

      @awesec wrote:

      Is this your first written book? How was the experience to go through all this? Can other books be expected from you?

      I’ve written chapters for other books through syngress (my favorite was “the dark side of netcat” for Netcat Power Tools), but this is the first book I wrote cover to cover. Others have said that writing a book is a lot of work, and they understate that fact – not only is it an enormous amount of work simply writing it, there is a ton of editing work that needs to be done, including feedback from the technical editor, publishing editor, the typesetting editor… I probably spent as much time editing the book as I did writing the first draft.

      Despite the effort required to write a book, and the loss of time with my family, the experience was worth it. Not only did I learn a lot about the whole publishing effort, I learned a lot about myself, and improved both in writing skills, time management, and organization (hint: write up the references as you go – and use a well-known format, such as APA… going back and doing it later is a serious pain in the ass… no lies).

      I definitely plan on writing more – I think the publisher was happy with my work, especially since they sold so many advance copies of the Professional Penetration Testing book already (I basically earned my advance and more in royalties before a single book went out the door… which is awesome, I guess).

      Hope that answers your original post… I have more answers if you have more questions.

      – Tom W.

    • #26379
      UNIX
      Participant

      Thanks for your insights, Tom. I am certain that others are interested in this too and would appreciate same as me, if you could do some kind of write-up of such a process from beginning concept to a fully published book. 🙂

    • #26380
      Grendel
      Participant

      As a quick list, here’s what I had to do, or suggestions:

      1) Create proposal for book, which required marketing research of competitive titles, market size, and educational institutional interest. I also needed to provide background information about myself, create my own quick marketing pitches (used at places like Amazon, which were expanded on by the publisher), and identify each chapter and sub-topics. The actual proposal submission is undoubtedly different for each publisher, and probably can be found online somewhere. The more information you can provide, the better. Turns out, they take your proposal as-is, and submit it through a review process (involving multiple approval steps)… so the more professional the submission and research, the better.

      2) Wait for the rejection email. If it’s close to being accepted, the email will tell me what the problem area is, so I can fix it. Otherwise… tough luck; maybe next time.

      3) If accepted, finish contract negotiation… which really means take what they offer if this is the first book.  😉 (we’ll see if there’s any flexibility on book #2).

      4) Once everything is signed, my first deliverable was the chapter outline, down to three layers (instead of just two, like in the proposal). Hint: Make sure you do your research on this before submitting it… they will hold your feet to the fire if you decide to alter your chapters once submitted).

      5) Write your ass off. Cloister yourself in a room for months, with no weekends, and no leisure time after work. I am not kidding about this. Writing the book took multiple revisions, and the sooner you can knock out the material, the better. I barely made the deadline with no additional days to spare, plus I had to take a quarter off from my PhD schooling. Writing a book consumes a lot of time.

      6) Get good feedback from people you trust to be brutally honest (preferably others who have already written something). People who massage your ego are doing you a disservice. Take the good advice and do what they tell you. I was lucky to have a friend that provided me with excellent advice, who has also written before. His advice saved me a lot of hardship.

      7) Re-write your ass off.

      8 ) Re-write your ass off again. Seriously. It sucks re-writing the entire book, over and over again, but it’ll be worth it.

      9) MAKE YOUR DEADLINES!

      10) One my book was submitted, I was passed off to a production editor, who oversaw the editing and production of the final book. I received feedback from the technical editor, and had to incorporate his suggestions, or find really valid reasons to reject them. If you reject the suggestions and the technical editor doesn’t agree, you end up in mediation  😮  Yep, you will end up in a phone call until a compromise is decided on.  In other words, you can’t BS your way through the book – know your shit. (FYI, I didn’t have to go through mediation, but was made clearly aware of the process).

      11) Re-write your ass off, taking into account what the technical editor suggests. This can be substantial. Also, the technical editor is not going to correct grammar or spelling errors. It’s important to be a good writer (technical writing does not count)… after all, that’s pretty much what you’re getting paid to do – write, and write well. Knowledge isn’t everything, or everyone would be an author.

      12) Illustrations and screenshots are critical to get correct. You may think you’re doing them right… but you’re wrong. The publisher has some very strict guidelines that have to be followed in order to get the images to print correctly.

      13) Eventually, I was done with revisions (sort of), and received copies of the chapters in PDF form, which I had to check for accuracy (stuff will always slip through…). Also, I had to check for syntax (for codes). I have no idea how many times I had to read my own book. :-

      14) In my case, I wanted to include a DVD with video tutorials and ISO images, so the reader could replicate everything discussed in the book. Originally, the DVD was going to be dual layer. What a mistake and headache. In the end, we trimmed the disk down to a single layer. I will never attempt to do a dual layer DVD with a book release again. Never.

      15) Eventually, I was done. Next, it was waiting, until I received an email telling me they were sending me an advance copy of my book. Oh, JOY!

      16) Throw a book release party. Everyone needs closure, especially after a difficult event, and writing a book definitely qualifies as difficult. The writing of the book was overwhelming and stressful for the whole family, and we needed a reason to celebrate. Having the final product in hand made it all feel worthwhile. However, I’m finding out the real stressful part is worrying how the readers feel about the book. Just like a new father, there is the fear that others will think my new kid is “ugly,” despite my own bias viewpoint. I honestly believe the book provides a wealth of information for readers of all skill levels, engineers and managers alike… but I have to wait to see what you all think, and that’s tough. Real tough.

    • #26381
      Jhaddix
      Participant

      I’ll be reading and writing a review shortly =) Thanks Thomas!

    • #26382
      UNIX
      Participant

      Thanks for taking the time and writing this little write-up, Tom, it’s certainly appreciated. Seems there are many things which have to be considered at the beginning in order to save some time and nerves at the end.

      Already looking forward to read first reviews on your book.

    • #26383
      Grendel
      Participant

      Since we’ve been talking about the book in the last couple days, sales at Amazon have shot up. The book is now ranked in 8th place in the Security category, and 13th place under Hacking. Since I’ve only been talking about it here, I have to contribute the spike in sales to the members of this forum.

      Therefore, I would sincerely like to extend my gratitude to the staff of Ethical Hacker, and my overwhelming “thanks!” to its readership. This is all your doing!

      – Tom W.

    • #26384
      Don Donzal
      Keymaster

      Thanks for sharing the good news. 🙂

      BTW – I have Andrew Waite slated to do the review. I’m contacting the publisher today to get a copy for him. Stay tuned…

      Don

    • #26385
      RoleReversal
      Participant

      Yep, I must be doing something right/wrong (not sure which yet  😉 ) but I am looking forward to getting my hands on the book.

      In all seriousness, thanks for the opportunity Don, hopefully I’ll be able do the book justice. Watch this space…

    • #26386
      UNIX
      Participant

      Looking forward to your review, Andrew. Have fun while working through the book. 😉

    • #26387
      Grendel
      Participant

      An interview regarding the book was posted on net-security.org:

      http://www.net-security.org/article.php?id=1286

      Please ignore the photo of me… not my best profile  :-[

    • #26388
      UNIX
      Participant

      Nice done, good interview. 😉

    • #26389
      TalioGladius
      Participant

      Not sure how this one slipped by my radar, but I’m totally ordering this one.

    • #26390
      Grendel
      Participant

      I wanted to let everyone know that I will be interviewed on PaulDotCom this Friday: http://pauldotcom.com/wiki/index.php/Episode169

      I mention it in this thread because they should be giving away free copies of my book to listeners.
      ;D

    • #26391
      hungrymind
      Participant

      Hi everyone.

      I am a newly registered member of EH.net but have been a lurker for awhile.
      Wanted to reply to Tom’s post as I am very eager to check out the interview this Friday. I’m pretty sure I’ll also be signing up for Mr. Wilhelm’s Pen Testing Fundamentals course (either this month or next month – have to figure that out first).

      Thanks for posting the link. I’ll be listening!

      Best regards,
      Alicia

    • #26392
      Stocky
      Participant

      Unfortunately for anyone in the UK, Amazon seem to have an ever changing delivery date! Had the book pre-ordered since it was announced, and current arrival date is October 5th!

      I’m impatient and have been kinda stoked for the release! Definitely looks worth the wait!! =)

    • #26393
      RoleReversal
      Participant

      @Stocky wrote:

      I’m impatient and have been kinda stoked for the release! Definitely looks worth the wait!! =)

      Good job you’ve got a review and sample chapter to keep you going while you wait 😉

      Be patient, it will be worth the wait.

    • #26394
      3PIL0GU3
      Participant

      Best of luck with the new book Grendel also best of luck with the new revamped Heorot courses

    • #26395
      Grendel
      Participant

      @Grendel wrote:

      I wanted to let everyone know that I will be interviewed on PaulDotCom this Friday: http://pauldotcom.com/wiki/index.php/Episode169

      I mention it in this thread because they should be giving away free copies of my book to listeners.
      ;D

      My interview on PaulDotCom is now available online at their website. For those who listen all the way through the interview, hope you catch the reference back to EH-Net and the book review!  ;D

    • #26396
      impelse
      Participant

      That was a good interview.

    • #26397
      Data_Raid
      Participant

      W00t! My copy arrived yesterday. I had a quick look through a few pages and I’m looking forward to setting up my lab and experimenting asap. I’ll also provide a short review both here and on Amazon once I’m done.

    • #26398
      Anonymous
      Participant

      I would like to thank Andrew Waite for reviewing the book and Tom Wilhelm for writing the book.

      The book is rich of materials and the DVD is more than enough as start course in EH field.
      The book is very usefull even for pepole who finished thier CEH or CPT and looking forward to improve them self.

    • #26399
      Grendel
      Participant

      Thanks for the feedback – as you go along, if there;s any additional questions or comments about the material in the book or DVD, please let me know or (better yet) post them on the forums at heorot.net; could be others have the same question or additional input.

      …and thanks for buying the book!  ;D

      – Tom

    • #26400
      KamiCrazy
      Participant

      I have a safari books online sub, which I fulfiils most of my needs for access to books. Hopefully Syngress will add your book so that I can read it.

      However I am interested in what’s included on the DVD? I won’t have access to the DVD through safari so I might be tempted to purchase a hard copy if there is something to entice me on the DVD.

    • #26401
      impelse
      Participant

      The DVD is good, has two Penetration testing trainings (videos and lectures) plus some images to replicate the excercises.

    • #26402
      Xen
      Participant

      50% discount on this book, for today only! Use code 97554

    • #26403
      Kev
      Participant

      Nice !

    • #26404
      KamiCrazy
      Participant

      Ordered, although I ended up not saving much because they jacked up pricing for my local region compared to the USD cost  >:(

Viewing 36 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?