.

Suggested Supplemental Reading

<<

magicm

Newbie
Newbie

Posts: 1

Joined: Fri Sep 28, 2012 7:40 am

Post Fri Sep 28, 2012 7:57 am

Suggested Supplemental Reading

As everyone knows there's a ton of information out there regarding pen testing.  To stimulate some conversation, I'd like to throw out this scenario...

If you were mentoring someone through the OSCP who had minimum pen testing experience and could only give them 1 book (or 1 website reference) as supplemental material for the course, what book/website would you suggest?

My suggestion would be "BackTrack 4: Assuring Security by Penetration Testing".  Even though the latest BT release is v5, I still believe this book is extremely relevant for a beginner pen tester.

Thoughts?
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Sep 28, 2012 11:29 am

Re: Suggested Supplemental Reading

Not sure I'd lean solely on a BackTrack-specific book, myself, as there is a LOT that can / will be done that isn't solely BackTrack (yes, I know the course is Penetration Testing with BackTrack, but the concepts go beyond the tools in question.)

That said...  one book or reference website...  (harsh request, as it's such a broad set of topics and info)  I could go various ways on this, all dependent on who the person was, that I'm 'mentoring'  While they may be limited at pentesting, how technical are they, and what's their background in tech, otherwise.

One book - I might lean towards Thomas Wilhelm's book:

http://www.amazon.com/Professional-Penetration-Testing-Creating-Learning/dp/1597494259/ref=sr_1_3?s=books&ie=UTF8&qid=1348849211&sr=1-3&keywords=pentest

My reasons are that, whether in the course, or elsewhere, you need to know the basics, how to setup a lab environment to mimic what you're attacking (or for practice.) While it's not all 'specific' to PWB, it covers a lot of the areas you need to be familiar with, and methodologies, for progressing in the field.  I could really point to other books, as well, so I'm not singling Thomas's out.  You could also look at:

http://www.amazon.com/Metasploit-Penetr ... ds=pentest

or another of my favorites (thanks Jason Andress and Ryan Linn)

http://www.amazon.com/Coding-Penetratio ... ds=pentest

I like the last one, because it gives you more perspective on doing things for yourself, WITHOUT pre-canned tools, after all, you can't really rely on those, much when you take your OSCP exam.  Ultimately, if the person was technical enough, I think that it would get my nod as the single book.

As for one website, I think it'd be SecurityTube, if for no other reason than it's rounded videos and topics, that can be quickly referred to, in a pinch (although, again, I could point out others)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Fri Sep 28, 2012 4:07 pm

Re: Suggested Supplemental Reading

magicm wrote:If you were mentoring someone through the OSCP who had minimum pen testing experience and could only give them 1 book (or 1 website reference) as supplemental material for the course, what book/website would you suggest?


Not entirely sure this is within the spirit of your question, but with regard to websites, I'd recommend Google. Although , it's thought of just a search engine, it's just an application that's hosted via a website.
Last edited by m0wgli on Fri Sep 28, 2012 5:06 pm, edited 1 time in total.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

blackzero

Newbie
Newbie

Posts: 8

Joined: Mon Jan 24, 2011 6:16 am

Post Wed Oct 24, 2012 1:33 am

Re: Suggested Supplemental Reading

There is no single book because hacking at OSCP level is not specialized skill but more of test of understanding the bigger picture. You will not study anything too deeply for this course but you will surely have to understand lot many things and their interaction with each other.
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Wed Oct 24, 2012 10:53 pm

Re: Suggested Supplemental Reading

I was taking the course, the time expired for me, I will return in a couple of month, but let me tell you:

- Learn something about bash. python and some C
- Take any tutorials how the exploits works and try to do some exercises, in the training they explained pretty good, but you need some bases.
- Linux (what ever level).

But the most important part, you need experience in the technology (Windows/Linux servers) before to learn how to attack, otherwise you will not get what for are those services, where to go when you get some shell, etc,etc
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Mon Oct 29, 2012 6:45 am

Re: Suggested Supplemental Reading

I not really fan of that BT book I think if you want be in pen testing you have to learn how to use system and pick things up. The book for me is you can find this tool here and here basic step of using it it might be useful for a complete newbi to give them some building blocks on backtrack but I think you can learn more online watching videos.

The Other books mention are really good.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: dynamik and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software