Advanced Penetration Testing: Hacking the World's Most Secure Networks

by Wil Allsopp

Build a better defense against motivated, organized, professional attacks Advanced Penetration Hacking the World's Most Secure Networks takes hacking far beyond Kali linux and Metasploit to provide a more complex attack simulation. Featuring techniques not taught in any certification prep or covered by common defensive scanners, this book integrates social engineering, programming, and vulnerability exploits into a multidisciplinary approach for targeting and compromising high security environments. From discovering and creating attack vectors, and moving unseen through a target enterprise, to establishing command and exfiltrating data—even from organizations without a direct Internet connection—this guide contains the crucial techniques that provide a more accurate picture of your system's defense. Custom coding examples use VBA, Windows Scripting Host, C, Java, JavaScript, Flash, and more, with coverage of standard library applications and the use of scanning tools to bypass common defensive measures.

Typical penetration testing consists of low-level hackers attacking a system with a list of known vulnerabilities, and defenders preventing those hacks using an equally well-known list of defensive scans. The professional hackers and nation states on the forefront of today's threats operate at a much more complex level—and this book shows you how to defend your high security network.

Use targeted social engineering pretexts to create the initial compromise Leave a command and control structure in place for long-term access Escalate privilege and breach networks, operating systems, and trust structures Infiltrate further using harvested credentials while expanding control Today's threats are organized, professionally-run, and very much for-profit. Financial institutions, health care organizations, law enforcement, government agencies, and other high-value targets need to harden their IT infrastructure and human capital against targeted advanced attacks from motivated professionals. Advanced Penetration Testing goes beyond Kali linux and Metasploit and to provide you advanced pen testing for high security networks.

Genres: Hackers, Technical, Technology, Programming, Science, Computer Science, Computers

229 pages, Kindle Edition

Published February 27, 2017

Reviews

[Dozo · Rating 3 out of 5]

This book is somewhat unique. It's not a book for learning about technical peneratation testing itself, it's a set of stories for you to take inspiration from with a mixture of scenarios, suggestions, code snippets and sharing of the author's experience.

This is both the strength of the book and also its weakness. The ideas in the book are good to think about and as an inspiration to get started, but they are not complete and functional code. There is no step by step typing guide here so it is not appropriate for beginners - nor seasoned hackers as they probably know all of this already.

Personally, as someone who has some experience but was looking for ideas to expand on for bed time reading, this book was perfect, but I can't imagine there is a wide audience.

[Seng Wee Wong · Rating 4 out of 5]

Like its book title, this book is only meant for cyber security professionals wishing to learn more about advanced penetration testing tips. You should probably at least have some basic pentesting experience and knowledge about how operating systems work. The book included large chunks of practical code snippets to aid his explanations in the different stages of exploitation.

Essentially, this is a repertoire of examples of how an APT would attack advanced close-walled systems like military systems. It made me realise that many of the successful attacks still require some sort of social engineering to gain the initial foothold onto the system.

I don't think this book is particularly useful for most pentesters since they would probably reference other online sources to, for example set up a C2 infrastructure but it's nice to read about it. I like that in the last chapter of this book, the author used the RedStar OS to show how the reclusive North Korea can be in setting up their Intranet.

[Kerszi · Rating 5 out of 5]

Dla osób znudzonych opisem narzędzi z Kali z innych książek o hakingu i podobnymi schematami bardzo polecam te książkę. To jest odskocznia i jest opowieścią połączoną z praktyką pentestów. Co prawda trzeba się jakoś w tym orientować, ale miłośnicy hakingu nie powinni być rozczarowani. Najbardziej mi się spodobał rozdział o Korei Północnej, chociaż inne też były ciekawe. Polecam.

[F · Rating 5 out of 5]

I feel that many books just re-hash the same old material and tools. This book covers much more than just pentesting, it covers APT and gives realistic scenarios and tools that actually work.I will say that it goes far above what I was expecting in terms of the technical material. If you are looking for something to learn basics this is NOT the book for you. Take the title literally and know that it is advanced

[Mendhak · Rating 3 out of 5]

A lot of these techniques covered are what we often see in postmortems and reports from after the fact in regular security news, and it's good to see these all in one place. The anecdotes interspersed between the techniques are interesting and some shocking, but all insightful.

The most important point I feel has been made here is that targeted APTs aren't the same as regular hackers. It requires patience, and a great deal of thought and research, and the regular security mechanisms that you put in place shouldn't be assumed to be an absolute defence, merely a first line.

[Levas · Rating 5 out of 5]

Overall that's a great book, presenting various stories from penetration tester's life and various techniques to get into sort of protected network. Recommended read though i was quite stuck several times.

[Ivars Svekris · Rating 4 out of 5]

Inspiring.

[Jack McBride · Rating 4 out of 5]

Good theoretical reading for the practicing penetration tester.

[Jovany Agathe · Rating 5 out of 5]

This helps you to better understand how the tools you use actually work, giving you an edge over anyone who is just able to use out of the box tools.

[Mehaboob · Rating 5 out of 5]

Good

[Abdulghani Alkhateeb · Rating 3 out of 5]

Not to learn a deep technical scenario, story based, inspire you to build an attack vector, help you to bypass the security solutions. Mainly for targeted attack not a penetration testing.

[Nour · Rating 4 out of 5]

Some of mentioned techniques and technologies are no longer relevant but the mindset it build will resist the changes.

[Sherb · Rating 4 out of 5]

Fantastic book for red team operations and digging deep into just how far a security assessment can go

[Mir Shahzad · Rating 5 out of 5]

Good book

[Daniel Barenboim · Rating 4 out of 5]

Incredibly interesting stories. Especially because the systems and services that we, average people, think are so secure can actually be broken into without much trouble. Wil demonstrates this in his book and it really sucks you into the world of 0's and 1's.

[Mdlsr · Rating 3 out of 5]

A very easy-to-read non-technical book: It consists of stories every each of is really amusing, and I feel like it is supposed to entertain rather than educate. Also I don't understand why author included Kwangmyong yellow pages there.