Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Chaotic
Newcomer II
‎11-18-2017 10:29 PM
‎11-18-2017 10:29 PM

Any books to give me overview about penetration testing

I prefer reading then viewing a video. If there are any books I can read about penetration testing, ethical hacking I would be glad to take any recommendations. I have bought a course on networking and working on that. Also I have a laptop running Kali. I just wish to read something about hacking. I was thinking about, Hacking The Art of Exploitation, but I feel like it would be out of date.

Reply
0 Kudos
3 Replies
Badfilemagic
Contributor II
‎11-19-2017 06:09 PM
‎11-19-2017 06:09 PM

Try Georgia Weidman's "Penetration Testing" -- https://www.nostarch.com/pentesting

That should give you a good overivew of process and procedure, some lab activities to play with, etc. (assuming you can get some Win7 or XP VMs stood up).

The book you mention is pretty good, but exploit mitigations such as ASLR and DEP make some of the simple buffer overflow stuff out of date... although FreeBSD doesn't have ASLR or W^X, so most of your basic ABO-type buffer overflow stuff works there. They do have stack smashing protection (cookies, non-executable stack, etc) -- but ROP beats all that. But it sounds like you have a way to go before that becomes relevant though.
-- wdf//CISSP, CSSLP
Reply
0 Kudos
CISOScott
Community Champion
‎11-20-2017 08:02 AM
‎11-20-2017 08:02 AM

The books, Art of Intrusion and the Art of Deception by Kevin Mitnick are good books to read. While not specifically about penetration testing computers they offer insight to "penetration testing" of people, which will help you understand the thought process you will need while doing pentests. Most successful areas of pentesting are the people (i.e. getting them to plug in a USB drive with your payload on it, getting them to click an infected link, allowing them to give you access to their computer, etc.)

 

Reply
0 Kudos
Early_Adopter
Community Champion
‎11-20-2017 10:59 AM
‎11-20-2017 10:59 AM

Loved NoStrach ever since they published the TCP/IP guide.

 

Another book to consider might be the 'CEH v9: Certified Ethical Hacker Version 9 Study Guide 3rd Edition'  its been around a bit and 'Gray Hat Hacking - Forth Edition'.

Reply
0 Kudos