August 12, 2014 at 5:33 pm #8723
If one can not simply afford the offensive security courses, what would be a good book to start with and basic lab set up?
There are soooo many books out there and trying to figure out which one to start with is a task for alot of people haha
August 12, 2014 at 7:34 pm #53865m0wgliParticipant
I haven’t read this myself, but I’ve seen a lot of positive comments recently regarding Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman.
August 12, 2014 at 9:37 pm #53866
Thank you. I will take a look at it. I dont feel at all even close to attempt the offensive security course. hence why i would like a great book that prepares for it haha. My school does offer a pen testing course using backtrack but i will not be able to take it because i have statics and diff eq during the times haha.
August 25, 2014 at 6:13 pm #53867
Currently reviewing a CRC Press book, “Ethical Hacking and Penetration Guide”, by Rafay Baloch. So far, it’s a pretty good read, and does a good job of introducing topics, before just diving into them (will be posting a full review when I’m done, likely early next week – sorry, work delaying my review a bit, this week.)
That said, I see you’ve been chatting with Grendel on here, a bit. He has a solid book out, as well, if you’re looking to start building your lab.
August 31, 2014 at 10:00 am #53868SephStormParticipant
Looking forward to seeing your review hayabusa I think I may have that book.
September 2, 2014 at 1:30 pm #53869rattisParticipant
I think the answers are going to be varied.
I liked Grendel’s book when I first got it: Professional Penetration Testing, Second Edition: Creating and Learning in a Hacking Lab
I’ve also heard some good things about the Hacker’s Challenge books, and Hacker’s Puzzles, even though they’re are both a little dated.
September 8, 2014 at 3:28 am #53870dynamikParticipant
Start working on absolute foundation topics. Learn Wireshark and tcpdump inside-and-out.
Go through the assembly and exploitation tutorials on Corelan, SecurityTube, Open Security Training, The Gray Corner, etc.
There are a ton of free resources available, and if you’re just starting out, you could easily spend 6-12 months on those resources. Don’t just learn how to run Metasploit (but if you want to ignore my advice and skip ahead, OffSec even has a free and comprehensive Metasploit course).
Mastering this topics at the start will make everything else easier later, and that’ll allow you to keep moving forward while you save for later courses.
September 10, 2014 at 6:22 pm #53871
Don’t just learn how to run Metasploit
Restating the obvious, but…
Please heed this advice! Reliance on pre-canned tools and frameworks will only get you a short distance, in a penetration test. You’ll be better rounded, and have a much broader skillset, if you actually learn what these tools do under the covers, and apply that to your own techniques.
September 10, 2014 at 9:22 pm #53872
AWESOME, thanks for the info. I have read Thomas’s book. I have it all marked up and have built labs based off of his book. I have also done some more research and along the way, i was referenced two additional reads that may help.
I am actually getting ready to start another thread discussing lab setups for more advanced tutorials.
thanks. I really like the second book alot.
September 11, 2014 at 9:24 pm #53873
My apologies for the delay, but I finally found time to complete my read / review of Rafay Baloch’s book. Here’s a link to the review:
September 12, 2014 at 1:27 am #53874
just finished reading your review. good job. Will they be fixing the typos and what not? or do we need to wait to next release?
September 12, 2014 at 12:39 pm #53875
Unsure on the typo fixes. I didn’t go wild notating the ones I found (with exception of a couple.) Again, for the most part, they didn’t detract from my reading. The one big one was the link to corelan’s page, as I figured most readers who were new to pentesting would want a reference to the correct site. 😉
- You must be logged in to reply to this topic.