cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer II

Any books to give me overview about penetration testing

I prefer reading then viewing a video. If there are any books I can read about penetration testing, ethical hacking I would be glad to take any recommendations. I have bought a course on networking and working on that. Also I have a laptop running Kali. I just wish to read something about hacking. I was thinking about, Hacking The Art of Exploitation, but I feel like it would be out of date.

3 Replies
Contributor II

Re: Any books to give me overview about penetration testing

Try Georgia Weidman's "Penetration Testing" -- https://www.nostarch.com/pentesting

That should give you a good overivew of process and procedure, some lab activities to play with, etc. (assuming you can get some Win7 or XP VMs stood up).

The book you mention is pretty good, but exploit mitigations such as ASLR and DEP make some of the simple buffer overflow stuff out of date... although FreeBSD doesn't have ASLR or W^X, so most of your basic ABO-type buffer overflow stuff works there. They do have stack smashing protection (cookies, non-executable stack, etc) -- but ROP beats all that. But it sounds like you have a way to go before that becomes relevant though.
-- wdf//CISSP, CSSLP
Community Champion

Re: Any books to give me overview about penetration testing

The books, Art of Intrusion and the Art of Deception by Kevin Mitnick are good books to read. While not specifically about penetration testing computers they offer insight to "penetration testing" of people, which will help you understand the thought process you will need while doing pentests. Most successful areas of pentesting are the people (i.e. getting them to plug in a USB drive with your payload on it, getting them to click an infected link, allowing them to give you access to their computer, etc.)

 

Community Champion

Re: Any books to give me overview about penetration testing

Loved NoStrach ever since they published the TCP/IP guide.

 

Another book to consider might be the 'CEH v9: Certified Ethical Hacker Version 9 Study Guide 3rd Edition'  its been around a bit and 'Gray Hat Hacking - Forth Edition'.