what other options

Viewing 11 reply threads
  • Author
    • #8723
      The New LT72884

      If one can not simply afford the offensive security courses, what would be a good book to start with and basic lab set up?

      There are soooo many books out there and trying to figure out which one to start with is a task for alot of people haha


    • #53865

      I haven’t read this myself, but I’ve seen a lot of positive comments recently regarding Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman.

    • #53866
      The New LT72884

      Thank you. I will take a look at it. I dont feel at all even close to attempt the offensive security course. hence why i would like a great book that prepares for it haha. My school does offer a pen testing course using backtrack but i will not be able to take it because i have statics and diff eq during the times haha.

    • #53867

      Currently reviewing a CRC Press book, “Ethical Hacking and Penetration Guide”, by Rafay Baloch. So far, it’s a pretty good read, and does a good job of introducing topics, before just diving into them (will be posting a full review when I’m done, likely early next week – sorry, work delaying my review a bit, this week.)

      That said, I see you’ve been chatting with Grendel on here, a bit. He has a solid book out, as well, if you’re looking to start building your lab.


    • #53868

      Looking forward to seeing your review hayabusa I think I may have that book.

    • #53869

      I think the answers are going to be varied.

      The university I go to, uses The Basics of Hacking and Penetration Testing for their 400 level Ethical Hacker class. The book has a section on building a 3 device lab using only VMs.

      I liked Grendel’s book when I first got it: Professional Penetration Testing, Second Edition: Creating and Learning in a Hacking Lab

      I’ve also heard some good things about the Hacker’s Challenge books, and Hacker’s Puzzles, even though they’re are both a little dated.

    • #53870

      Start working on absolute foundation topics. Learn Wireshark and tcpdump inside-and-out.

      Go through the assembly and exploitation tutorials on Corelan, SecurityTube, Open Security Training, The Gray Corner, etc.

      There are a ton of free resources available, and if you’re just starting out, you could easily spend 6-12 months on those resources. Don’t just learn how to run Metasploit (but if you want to ignore my advice and skip ahead, OffSec even has a free and comprehensive Metasploit course).

      Mastering this topics at the start will make everything else easier later, and that’ll allow you to keep moving forward while you save for later courses.

    • #53871

      @dynamik wrote:

      Don’t just learn how to run Metasploit

      Restating the obvious, but…

      Please heed this advice! Reliance on pre-canned tools and frameworks will only get you a short distance, in a penetration test. You’ll be better rounded, and have a much broader skillset, if you actually learn what these tools do under the covers, and apply that to your own techniques.

    • #53872
      The New LT72884

      AWESOME, thanks for the info. I have read Thomas’s book. I have it all marked up and have built labs based off of his book. I have also done some more research and along the way, i was referenced two additional reads that may help.




      I am actually getting ready to start another thread discussing lab setups for more advanced tutorials.

      thanks. I really like the second book alot.

    • #53873

      My apologies for the delay, but I finally found time to complete my read / review of Rafay Baloch’s book. Here’s a link to the review:


    • #53874
      The New LT72884

      just finished reading your review. good job. Will they be fixing the typos and what not? or do we need to wait to next release?


    • #53875

      Unsure on the typo fixes. I didn’t go wild notating the ones I found (with exception of a couple.) Again, for the most part, they didn’t detract from my reading. The one big one was the link to corelan’s page, as I figured most readers who were new to pentesting would want a reference to the correct site. 😉

Viewing 11 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?