.

Professional Penetration Testing

<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Fri Aug 21, 2009 7:17 am

Professional Penetration Testing

Guys,

I've just come across 'Professional Penetration Testing: Creating and operating a formal hacking lab' (via @coresecurity and @Computer_book).

Contents list looks good:
Product Description
PART I - Setting Up
Chapter 1: Introduction
Chapter 2: Ethics and Hacking
Chapter 3: Hacking as a Career
Chapter 4: Setting up Your Lab
Chapter 5: Creating and Using PenTest Targets in Your Lab
Chapter 6: Methodologies
Chapter 7: PenTest Metrics
Chapter 8: Management of a PenTest

PART II - Running a PenTest
Chapter 9: Information Gathering
Chapter 10: Vulnerability Identification
Chapter 11: Vulnerability Verification
Chapter 12: Compromising a System and Privilege Escalation
Chapter 13: Maintaining Access
Chapter 14: Covering Your Tracks

PART III - Wrapping Everything Up
Chapter 15: Reporting Results
Chapter 16: Archiving Data
Chapter 17: Cleaning Up Your Lab
Chapter 18: Planning for Your Next PenTest

Appendix A - Acronyms
Appendix B - Definitions


Seems to have flown beneath my radar, does anyone have any additional info or reviews for this?

Initially it looks like a good addition to my library, but is costly if it turns out to be poor and it seems to be similar to Build Your Own Security Lab, which I already own.

Thanks in advance.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Fri Aug 21, 2009 7:33 am

Re: Professional Penetration Testing

Hehe, just thought that I missed this one too until I read the release date:
August 28, 2009.
So it should be available soon and hopefully the first reviews too. So far I couldn't find any previews about it.

As the author is Thomas Wilhelm, I assume that his book will focus on the De-ICE discs.
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Fri Aug 21, 2009 8:08 am

Re: Professional Penetration Testing

Andrew how have you found "Build Your Own Security Lab", I have this but have not read it yet.
I had also heard about the other book, didnt think it was available over here yet.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Aug 21, 2009 9:08 am

Re: Professional Penetration Testing

Found this description somewhere out there...

An invaluable book and DVD package, Professional Penetration Testing: Creating and Operating a Formal Hacking Lab is designed to replicate the experience of in-classroom, instructor-led, penetration testing training, which costs the typical security professional (or their employer) $1,000 or more for the courses alone, plus T&E, and days upon days of non-billable hours. Expert author Thomas Wilhelm has delivered exactly this type of penetration testing training to countless security professionals and, for the first time, provides his years of experience, training, expertise, labs, and real-world vulnerability scenarios in a single book/DVD retail product. Penetration testing is the act of testing one's own network (or that of a client) to find security vulnerabilities before these exact same holes are found and more importantly exploited by phishers, digital piracy groups, and almost countless other organized or individual malicious havkers. Addressing the profession holistically and practically, the material presented in this book targets all levels of hacking skills, benefitting both management and engineers in the trenches. This book bridges the gap between theoretical and hands-on knowledge of professional hacking techniques, targeting information systems and networks. It includes everything required to establish a secure hacking lab, learn methodologies, conduct attacks, and use real-world examples of vulnerable and exploitable servers.
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Fri Aug 21, 2009 10:02 am

Re: Professional Penetration Testing

Amazon is shipping the books now (in the US at least), so hopefully the book will appear in your local neighborhood bookstore soon, so you can take a peek before purchasing it. I hope it meets everyone's expectations, and would really like to hear any feedback people might have (send it to my email at twilhelm [at] heorot [dot] net if you don't mind).

As for competitive book titles, I think you'll find this book distinctly different and worth owning. I'm trying to temper my enthusiasm for the book, but I have to admit I am quite excited about it.

- Tom Wilhelm
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Fri Aug 21, 2009 10:11 am

Re: Professional Penetration Testing

Jeeze Grendel anyone would think you wrote the book or something  ;D
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Aug 21, 2009 10:20 am

Re: Professional Penetration Testing

Sounds like a good one to review for EH-Net. We could also use some new blood for our writing crew, seeing as how many of you desire to eventually wrire a book of your own.

Who wants it?

Don
CISSP, MCSE, CSTA, Security+ SME
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Fri Aug 21, 2009 1:00 pm

Re: Professional Penetration Testing

I would be interested in it. :D
It's nice to see you here at EH-Net, Tom, didn't know that you were here too.

Is this your first written book? How was the experience to go through all this? Can other books be expected from you?

edit: Just thought that Andrew might be also interested in this and as he was the one initially asking about the book, maybe he would prefer to work through it (same as others I guess), especially as "only" one unit is available ;)
Last edited by UNIX on Fri Aug 21, 2009 2:53 pm, edited 1 time in total.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sat Aug 22, 2009 4:55 am

Re: Professional Penetration Testing

dalepearson wrote:Andrew how have you found "Build Your Own Security Lab", I have this but have not read it yet.


Must admit I was a bit dissappointed, could be that I was expecting too much. Would be a good starting point but my personal opinion is that if you've got some experience with virtualisation and testing/experimenting with attack vectors you might be better off purchasing additional equipment for your toolkit. But it does come with a limited demo copy of Core Impact, if you've never seen this suite in action, the cost could be worth it for this alone :)

I'm sure Grendel could sell this further, the Professional Pentesting book looks like it goes beyond just building and attacking a lab environment to include utilising the lab as a foundation for a career and business. Thinking it might be worth a look.
<<

jimbob

Post Sat Aug 22, 2009 5:07 am

Re: Professional Penetration Testing

I'd be interested in reading a review for this book. There's a lot of books out there but quality varies wildly. I tend to buy books based on recommendations and reviews rather than the title.

Jimbob
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Sun Aug 23, 2009 9:45 am

Re: Professional Penetration Testing

awesec wrote:Is this your first written book? How was the experience to go through all this? Can other books be expected from you?


I've written chapters for other books through syngress (my favorite was "the dark side of netcat" for Netcat Power Tools), but this is the first book I wrote cover to cover. Others have said that writing a book is a lot of work, and they understate that fact - not only is it an enormous amount of work simply writing it, there is a ton of editing work that needs to be done, including feedback from the technical editor, publishing editor, the typesetting editor... I probably spent as much time editing the book as I did writing the first draft.

Despite the effort required to write a book, and the loss of time with my family, the experience was worth it. Not only did I learn a lot about the whole publishing effort, I learned a lot about myself, and improved both in writing skills, time management, and organization (hint: write up the references as you go - and use a well-known format, such as APA... going back and doing it later is a serious pain in the ass... no lies).

I definitely plan on writing more - I think the publisher was happy with my work, especially since they sold so many advance copies of the Professional Penetration Testing book already (I basically earned my advance and more in royalties before a single book went out the door... which is awesome, I guess).

Hope that answers your original post... I have more answers if you have more questions.

- Tom W.
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Sun Aug 23, 2009 11:44 am

Re: Professional Penetration Testing

Thanks for your insights, Tom. I am certain that others are interested in this too and would appreciate same as me, if you could do some kind of write-up of such a process from beginning concept to a fully published book. :)
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Sun Aug 23, 2009 2:56 pm

Re: Professional Penetration Testing

As a quick list, here's what I had to do, or suggestions:

1) Create proposal for book, which required marketing research of competitive titles, market size, and educational institutional interest. I also needed to provide background information about myself, create my own quick marketing pitches (used at places like Amazon, which were expanded on by the publisher), and identify each chapter and sub-topics. The actual proposal submission is undoubtedly different for each publisher, and probably can be found online somewhere. The more information you can provide, the better. Turns out, they take your proposal as-is, and submit it through a review process (involving multiple approval steps)... so the more professional the submission and research, the better.

2) Wait for the rejection email. If it's close to being accepted, the email will tell me what the problem area is, so I can fix it. Otherwise... tough luck; maybe next time.

3) If accepted, finish contract negotiation... which really means take what they offer if this is the first book.  ;-) (we'll see if there's any flexibility on book #2).

4) Once everything is signed, my first deliverable was the chapter outline, down to three layers (instead of just two, like in the proposal). Hint: Make sure you do your research on this before submitting it... they will hold your feet to the fire if you decide to alter your chapters once submitted).

5) Write your ass off. Cloister yourself in a room for months, with no weekends, and no leisure time after work. I am not kidding about this. Writing the book took multiple revisions, and the sooner you can knock out the material, the better. I barely made the deadline with no additional days to spare, plus I had to take a quarter off from my PhD schooling. Writing a book consumes a lot of time.

6) Get good feedback from people you trust to be brutally honest (preferably others who have already written something). People who massage your ego are doing you a disservice. Take the good advice and do what they tell you. I was lucky to have a friend that provided me with excellent advice, who has also written before. His advice saved me a lot of hardship.

7) Re-write your ass off.

8 ) Re-write your ass off again. Seriously. It sucks re-writing the entire book, over and over again, but it'll be worth it.

9) MAKE YOUR DEADLINES!

10) One my book was submitted, I was passed off to a production editor, who oversaw the editing and production of the final book. I received feedback from the technical editor, and had to incorporate his suggestions, or find really valid reasons to reject them. If you reject the suggestions and the technical editor doesn't agree, you end up in mediation  :o  Yep, you will end up in a phone call until a compromise is decided on.  In other words, you can't BS your way through the book - know your shit. (FYI, I didn't have to go through mediation, but was made clearly aware of the process).

11) Re-write your ass off, taking into account what the technical editor suggests. This can be substantial. Also, the technical editor is not going to correct grammar or spelling errors. It's important to be a good writer (technical writing does not count)... after all, that's pretty much what you're getting paid to do - write, and write well. Knowledge isn't everything, or everyone would be an author.

12) Illustrations and screenshots are critical to get correct. You may think you're doing them right... but you're wrong. The publisher has some very strict guidelines that have to be followed in order to get the images to print correctly.

13) Eventually, I was done with revisions (sort of), and received copies of the chapters in PDF form, which I had to check for accuracy (stuff will always slip through...). Also, I had to check for syntax (for codes). I have no idea how many times I had to read my own book. :-\

14) In my case, I wanted to include a DVD with video tutorials and ISO images, so the reader could replicate everything discussed in the book. Originally, the DVD was going to be dual layer. What a mistake and headache. In the end, we trimmed the disk down to a single layer. I will never attempt to do a dual layer DVD with a book release again. Never.

15) Eventually, I was done. Next, it was waiting, until I received an email telling me they were sending me an advance copy of my book. Oh, JOY!

16) Throw a book release party. Everyone needs closure, especially after a difficult event, and writing a book definitely qualifies as difficult. The writing of the book was overwhelming and stressful for the whole family, and we needed a reason to celebrate. Having the final product in hand made it all feel worthwhile. However, I'm finding out the real stressful part is worrying how the readers feel about the book. Just like a new father, there is the fear that others will think my new kid is "ugly," despite my own bias viewpoint. I honestly believe the book provides a wealth of information for readers of all skill levels, engineers and managers alike... but I have to wait to see what you all think, and that's tough. Real tough.
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Sun Aug 23, 2009 6:12 pm

Re: Professional Penetration Testing

I'll be reading and writing a review shortly =) Thanks Thomas!
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Mon Aug 24, 2009 1:29 am

Re: Professional Penetration Testing

Thanks for taking the time and writing this little write-up, Tom, it's certainly appreciated. Seems there are many things which have to be considered at the beginning in order to save some time and nerves at the end.

Already looking forward to read first reviews on your book.
Next

Return to Book Reviews

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software