Permanent link: [Article]-Book Review: Professional Penetration Testing
EH-Net Exclusive - Free Download of Chapter 4: Setting Up Your Lab
Review by Andrew Waite, EH-Net Member, InfoSanity.co.uk
When I first heard about Thomas Wilhelm's new book in my Twitter feed, the title immediately caught my attention, 'Professional Penetration Testing: Creating and Operating a Formal Hacking Lab.' As I'm currently trying to build up my own training and testing environment, this tome promised to provide answers to all my questions. A quick Google search to learn more and a useful discussion right here in the EH-Net Forums left me surprised that the release of the book had managed to slip underneath my radar. So when offered a chance to get my hands on the material and provide a review for those that had similarly managed to miss the release, I jumped at the chance.
The unique selling point of this resource over potential alternatives if best highlighted by the author's own foreword, “This book is a divergence from most books as it discusses professional penetration testing from conception to completion. Rather than focusing solely on information system vulnerability identification and exploitation, by the end of this book we will have examined all aspects of a professional penetration test, including project management, organizational structures, team building, career development, metrics, reporting, test-data archival methods, risk management, and training...in addition to... information gathering, vulnerability identification, vulnerability exploitation, privilege escalation, maintaining access, and covering our tracks.”
OK... now I'm totally hooked. Let's see if Mr. Wilhelm can reel me in.
Let us know what you think of the review and also your thoughts on the book itself.