https://community.isc2.org/t5/Career-Discussions/Any-books-to-give-me-overview-about-penetration-testing/m-p/3786#M297 <P>Loved NoStrach ever since they published the TCP/IP guide.</P><P>&nbsp;</P><P>Another book to<FONT face="arial,helvetica,sans-serif"> conside</FONT>r might be the '<SPAN class="a-size-extra-large">CEH v9: Certified Ethical Hacker Version 9 Study Guide</SPAN> <SPAN class="a-size-large a-color-secondary a-text-normal">3rd Edition' &nbsp;its been around a bit and 'Gray Hat Hacking - Forth Edition'.</SPAN></P> Mon, 20 Nov 2017 15:59:45 GMT Early_Adopter 2017-11-20T15:59:45Z https://community.isc2.org/t5/Career-Discussions/Any-books-to-give-me-overview-about-penetration-testing/m-p/3754#M290 <P>I prefer reading then viewing a video. If there are any books I can read about penetration testing, ethical hacking I would be glad to take any recommendations. I have bought a course on networking and working on that. Also I have a laptop running Kali. I just wish to read something about hacking. I was thinking about, Hacking The Art of Exploitation, but I feel like it would be out of date.</P> Sun, 19 Nov 2017 03:29:09 GMT https://community.isc2.org/t5/Career-Discussions/Any-books-to-give-me-overview-about-penetration-testing/m-p/3754#M290 Chaotic 2017-11-19T03:29:09Z https://community.isc2.org/t5/Career-Discussions/Any-books-to-give-me-overview-about-penetration-testing/m-p/3762#M293 Try Georgia Weidman's "Penetration Testing" -- <A href="https://www.nostarch.com/pentesting" target="_blank">https://www.nostarch.com/pentesting</A><BR /><BR />That should give you a good overivew of process and procedure, some lab activities to play with, etc. (assuming you can get some Win7 or XP VMs stood up).<BR /><BR />The book you mention is pretty good, but exploit mitigations such as ASLR and DEP make some of the simple buffer overflow stuff out of date... although FreeBSD doesn't have ASLR or W^X, so most of your basic ABO-type buffer overflow stuff works there. They do have stack smashing protection (cookies, non-executable stack, etc) -- but ROP beats all that. But it sounds like you have a way to go before that becomes relevant though. Sun, 19 Nov 2017 23:09:16 GMT https://community.isc2.org/t5/Career-Discussions/Any-books-to-give-me-overview-about-penetration-testing/m-p/3762#M293 Badfilemagic 2017-11-19T23:09:16Z https://community.isc2.org/t5/Career-Discussions/Any-books-to-give-me-overview-about-penetration-testing/m-p/3776#M295 <P>The books, Art of Intrusion and the Art of Deception by Kevin Mitnick are good books to read. While not specifically about penetration testing computers they offer insight to "penetration testing" of people, which will help you understand the thought process you will need while doing pentests. Most successful areas of pentesting are the people (i.e. getting them to plug in a USB drive with your payload on it, getting them to click an infected link, allowing them to give you access to their computer, etc.)</P><P>&nbsp;</P> Mon, 20 Nov 2017 13:02:23 GMT https://community.isc2.org/t5/Career-Discussions/Any-books-to-give-me-overview-about-penetration-testing/m-p/3776#M295 CISOScott 2017-11-20T13:02:23Z https://community.isc2.org/t5/Career-Discussions/Any-books-to-give-me-overview-about-penetration-testing/m-p/3786#M297 <P>Loved NoStrach ever since they published the TCP/IP guide.</P><P>&nbsp;</P><P>Another book to<FONT face="arial,helvetica,sans-serif"> conside</FONT>r might be the '<SPAN class="a-size-extra-large">CEH v9: Certified Ethical Hacker Version 9 Study Guide</SPAN> <SPAN class="a-size-large a-color-secondary a-text-normal">3rd Edition' &nbsp;its been around a bit and 'Gray Hat Hacking - Forth Edition'.</SPAN></P> Mon, 20 Nov 2017 15:59:45 GMT https://community.isc2.org/t5/Career-Discussions/Any-books-to-give-me-overview-about-penetration-testing/m-p/3786#M297 Early_Adopter 2017-11-20T15:59:45Z