Header Ads Widget

Book Review: Advanced Penetration Testing | Py hacks

PulkitPy February 24, 2021


A couple weeks ago I picked up a book with the very appealing title: Advanced Penetration Testing: Hacking the world’s most secure networks. The author of this book is the seasoned information security expert Wil Allsopp and it has been published by Wiley in March 2017. The foreword has been written by Hans van Looy, founder of Madison Gurkha (I’ve always wondered about this name when I saw it, finally explained in the foreword). The back cover states that this book is about more complex attack simulation and Advanced Persistent Threat (APT) modelling featuring techniques that are way beyond using Metasploit and vulnerability scanners.

Advanced Penetration Testing & APT Modelling

The book is covering Advanced Penetration Testing subjects such as:
  • Discover and create attack vectors.
  • Move unseen through a target enterprise and reconnoitre networks, operating systems, and test structures.
  • Employ social engineering strategies to create an initial compromise.
  • Establish a beachhead and leave a robust command-and-control structure in place.
  • Use advanced data exfiltration techniques – even against targets without direct Internet connections.
  • Utilize advanced methods for the escalating privilege.
  • Infiltrate deep into networks and operating systems using harvested credentials.
  • Create custom code using VBA, Windows® Scripting Host, C, Java®, JavaScript®, Flash, and more.
  • Generally, we only write practical penetration testing tutorials on Hacking Tutorials but for a change, I wanted to write a short review of this book. Personally, I think this book is a must-read for every penetration tester, red teamer and security specialist.

Personally, I’ve enjoyed every page of this book because it offers a new perspective on penetration testing and security for many. The advanced penetration testing techniques described in this book are way beyond running a vulnerability scanner and downloading and executing exploits from exploit-DB. The author challenges the reader to re-think security and everything that you know about penetration testing. The book does not simply provide a collection of code and scripts. Instead, he challenges the reader to fully understand the techniques and tools and being able to develop their own. When progressing through the chapters it becomes more and more obvious how almost every network can be penetrated, including networks that are not connected to the internet. Some people might think that books like these are controversial because the techniques described can also teach bad guys or how to become one. The truth is that many advanced techniques are used by the bad guys already and they can also be used to defend against them which is exactly what APT modelling is all about.

Another thing I liked about this book is that the author writes about his own experience with APT modelling against specific industries. Each chapter describes APT modelling against an organization in a specific industry such as a hospital, pharmaceutical company or bank. The break down in industry also gives the reader a clear view of how specific industries have different assets to protect, how they are protected and by who. For instance, the most important assets for a hospital are critical medical equipment and the confidentiality of medical records. A publishing company will have their security measures focusing on maintaining the integrity of its publications. Another important factor that can be distinguished between different industries is the competence level and of course, IT budgets. All these factors require modelling different APT’s and using different techniques. I think the author did a great job of explaining this to the reader.

Conclusion

If you are looking for a book that covers the modelling of Advanced Persistent Threats and more advanced techniques, you should definitely buy this book. It will probably be a big eye-opener for a lot of people that are new to penetration testing and a great asset for existing penetration testers. Both the paperback and Kindle edition are available to buy from Amazon:

Buy Book: Advanced Penetration Testing: Hacking the World’s Most Secure Networks




Copy with Credits @
☠🔰Pulkit Saini🔰
☠💀Nothing is Impossible in front of me💀☠
☠💀This is Only For Educational Purpose 💀☠
Owner Made with ❤️ by Pulkit Saini 
For Your Support:- 
Subscribe to my YouTube Channel:- https://www.youtube.com/pulkitpy 
Follow me on Instagram:-https://www.instagram.com/pulkit_py/
Follow us on Instagram:- https://www.Instagram.com/pulkitpy 
Follow us on Github:- https://github.com/Pulkit-Py 
Join Us on Telegram:- https://t.me/pulkit_py 

Tags:
PulkitPy

Posted by: PulkitPy

Welcome to Pulkit py, your number one source for all things. We're dedicated to giving you the very best of Programming, with a focus on Programming, Projects, Code. Founded in 2020 by Pulkit Saini, Pulkit py has come a long way from its beginnings in India. When Pulkit Saini first started out, his passion for Programming drove them to open source so that Pulkit py can offer you the best content. We now serve customers all over the world and are thrilled that we're able to turn our passion into our own website. we hope you enjoy our products as much as we enjoy offering them to you. If you have any questions or comments, please don't hesitate to contact us. Sincerely, Pulkit Saini

Post a Comment

0 Comments