.

what other options

<<

The New LT72884

User avatar

Newbie
Newbie

Posts: 36

Joined: Mon Jul 28, 2014 2:22 pm

Post Tue Aug 12, 2014 12:33 pm

what other options

If one can not simply afford the offensive security courses, what would be a good book to start with and basic lab set up?

There are soooo many books out there and trying to figure out which one to start with is a task for alot of people haha

thanks
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 342

Joined: Fri Jul 20, 2012 3:34 pm

Post Tue Aug 12, 2014 2:34 pm

Re: what other options

I haven't read this myself, but I've seen a lot of positive comments recently regarding Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

The New LT72884

User avatar

Newbie
Newbie

Posts: 36

Joined: Mon Jul 28, 2014 2:22 pm

Post Tue Aug 12, 2014 4:37 pm

Re: what other options

Thank you. I will take a look at it. I dont feel at all even close to attempt the offensive security course. hence why i would like a great book that prepares for it haha. My school does offer a pen testing course using backtrack but i will not be able to take it because i have statics and diff eq during the times haha.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1704

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Aug 25, 2014 1:13 pm

Re: what other options

Currently reviewing a CRC Press book, "Ethical Hacking and Penetration Guide", by Rafay Baloch. So far, it's a pretty good read, and does a good job of introducing topics, before just diving into them (will be posting a full review when I'm done, likely early next week - sorry, work delaying my review a bit, this week.)

That said, I see you've been chatting with Grendel on here, a bit. He has a solid book out, as well, if you're looking to start building your lab.

http://www.amazon.com/Professional-Penetration-Testing-Second-Edition/dp/1597499935/ref=sr_1_1?ie=UTF8&qid=1408990355&sr=8-1&keywords=thomas+wilhelm
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 622

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Aug 31, 2014 5:00 am

Re: what other options

Looking forward to seeing your review hayabusa I think I may have that book.
sectestanalysis.blogspot.com/‎
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1187

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Sep 02, 2014 8:30 am

Re: what other options

I think the answers are going to be varied.

The university I go to, uses The Basics of Hacking and Penetration Testing for their 400 level Ethical Hacker class. The book has a section on building a 3 device lab using only VMs.

I liked Grendel's book when I first got it: Professional Penetration Testing, Second Edition: Creating and Learning in a Hacking Lab

I've also heard some good things about the Hacker's Challenge books, and Hacker's Puzzles, even though they're are both a little dated.
<<

dynamik

Recruiters
Recruiters

Posts: 1134

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sun Sep 07, 2014 10:28 pm

Re: what other options

Start working on absolute foundation topics. Learn Wireshark and tcpdump inside-and-out.

Go through the assembly and exploitation tutorials on Corelan, SecurityTube, Open Security Training, The Gray Corner, etc.

There are a ton of free resources available, and if you're just starting out, you could easily spend 6-12 months on those resources. Don't just learn how to run Metasploit (but if you want to ignore my advice and skip ahead, OffSec even has a free and comprehensive Metasploit course).

Mastering this topics at the start will make everything else easier later, and that'll allow you to keep moving forward while you save for later courses.
The day you stop learning is the day you start becoming obsolete.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1704

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Sep 10, 2014 1:22 pm

Re: what other options

dynamik wrote: Don't just learn how to run Metasploit


Restating the obvious, but...

Please heed this advice! Reliance on pre-canned tools and frameworks will only get you a short distance, in a penetration test. You'll be better rounded, and have a much broader skillset, if you actually learn what these tools do under the covers, and apply that to your own techniques.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

The New LT72884

User avatar

Newbie
Newbie

Posts: 36

Joined: Mon Jul 28, 2014 2:22 pm

Post Wed Sep 10, 2014 4:22 pm

Re: what other options

AWESOME, thanks for the info. I have read Thomas's book. I have it all marked up and have built labs based off of his book. I have also done some more research and along the way, i was referenced two additional reads that may help.

http://www.amazon.com/BackTrack-Penetra ... 5+assuring

and

http://www.amazon.com/Advanced-Penetrat ... on+testing

I am actually getting ready to start another thread discussing lab setups for more advanced tutorials.

thanks. I really like the second book alot.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1704

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Sep 11, 2014 4:24 pm

Re: what other options

My apologies for the delay, but I finally found time to complete my read / review of Rafay Baloch's book. Here's a link to the review:

https://www.ethicalhacker.net/forums/viewtopic.php?f=10&t=11925
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

The New LT72884

User avatar

Newbie
Newbie

Posts: 36

Joined: Mon Jul 28, 2014 2:22 pm

Post Thu Sep 11, 2014 8:27 pm

Re: what other options

just finished reading your review. good job. Will they be fixing the typos and what not? or do we need to wait to next release?

thanks
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1704

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Sep 12, 2014 7:39 am

Re: what other options

Unsure on the typo fixes. I didn't go wild notating the ones I found (with exception of a couple.) Again, for the most part, they didn't detract from my reading. The one big one was the link to corelan's page, as I figured most readers who were new to pentesting would want a reference to the correct site. ;)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software