Free Gift from Packt Publishing!!

All, if you like getting free info sec materials as much as I do have a look at Packt Publishing’s website.  It seems that they are getting ready to publish their 1000th title and will have gifts to registered users.

Here’s a blurb from their press release:

Birmingham-based IT publisher Packt Publishing is about to publish its 1000th title. Packt books are
renowned among developers for being uniquely practical and focused. Packt books cover highly specific
tools and technologies which IT professionals might not expect to see a high quality book on.

Packt would like you to join them in celebrating this milestone with a surprise gift – to get involved you
just need to have already registered, or sign up for a free Packt account before 30 th September 2012.

……..

Packt supports many of the Open Source projects covered by its books through a project royalty
donation, which has contributed over £300,000 to Open Source projects up to now. As part of the
celebration Packt is allocating $30,000 to share between projects and authors in a genuinely unique
way, soon to be disclosed on their website.

The part I really like about his publisher is that they do contribute to open source projects!!  So, if you’re looking for another good tech book publisher to buy from I would recommend these guys.  The books I have so far are easy to read and serve as good references as well.

Go to PacktPub to register for some great giveaways!

Advertisement

September 28, 2012
Categories: Security and Risk . Tags: , , . Author: bondmustdie . Comments: Leave a comment

BOOK REVIEW: Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide by Lee Allen

Alright, alright already… Another Pen Testing book… Many, if not all of us have purchased or downloaded purchased *cough, cough* copies of Pen Testing books in its many forms and have gone through them only to find it was fairly similar to the last one purchased.  Does it lay out the phases of a pen test? Check. Does it mention the scanners we all know and love?  Check.  Does it mention and give examples of using Metasploit?  Check.  Well, for all the experienced testers out there and for us noobs alike there is a new Sheriff-in-Town and he, or she, is looking really promising!  The book is called Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide by Lee Allen.

I know you’re probably thinking, “what another book on pen testing?, whatever…”, but I think that this one picks up where the others have left off or left out.  I’m not going to go chapter by chapter but highlight areas that I think are great to read and with methods to use.  So away we go!

It’s quite refreshing that it is assumed the reader is somewhat technical and doesn’t need to be fully hand held through the lab setup process so not a lot is wasted on setting up your VMs or debating what flavor is the best.  It can also be said that the information is also great for getting the noob up and running.  The one part that I really appreciated reading was on setting up BackTrack and the snippets of commands used to get it up and running, installed, and updated (for all us noobs it shortens the amount of time spent in the forums, but doesn’t alleviate the need to “TRY HARDER!!”).

This book is also great in introducing tools that I hadn’t had much exposure to and the thought of using Magic Tree as a means to help create your report is great!  I know that we’ve all muddled through results trying to ensure that our text files are somewhat organized.  Having Magic Tree help to collect your information and then format into a report is invaluable.  I also like that Dradis is introduced as a means to gather all of you information into one place that can be shared.  This would be very helpful when working on a team test.

One thing that I’ve enjoyed through the book is the use of the Metasploit framework and the Social Engineering  (SET) Toolkit.  I know that Metasploit has been covered in-depth within other books but I think it’s the presentation of use and updating that makes it really refreshing!  I also really like that a small part of SET is discussed and walked through.  Those two tools have become di rigueur in the pen tester’s bag of tricks!  Even though it’s not deep it gives enough for the reader to get started down the path.

One chapter that I haven’t really seen anywhere else is on Post Exploitation.  To read about and try some of the methods in the chapter has been fun.  More so it has the old brain-housing group really thinking about how to positively perform post exploitation that gives the customer or client a solid feel for what can be had in their environment.

Something else that I’ve really enjoyed seeing is that there are progressively harder challenges through the use of Kioptrix.  The reader has the chance to start at level one and move up to more advanced techniques, which the user can use to practice against.  Reminds me a lot of Web Goat and hacking challenges from Astalavista in that you have progressively harder challenges to get through.

There are so many good qualities to this book that I’ve enjoyed that I would recommend this to my friends and colleagues, even if it were only for a reference.  The pacing of the read and the examples were good enough to keep me from saying “WTF how did he set that up?” and actually kept me engaged in the content.  If you’re in the market for a good book that is not only a great primer on the subject but also an excellent reference, this is one I would recommend considering.

September 26, 2012
Categories: Security and Risk . Tags: , , , , , , , , , . Author: bondmustdie . Comments: Leave a comment

  • September 2012
    M T W T F S S
     12
    3456789
    10111213141516
    17181920212223
    24252627282930

  • Categories

  • oddjob

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 61 other subscribers