Penetration Testing: A Hands-On Introduction to Hacking
by Georgia Weidman

No Starch Press 2014.
ISBN 978-1-59327-564-8 . USD 28.11,
Table of Contents:

Reviewed by  Richard Austin   9/16/2014 

When the publication announcement for this book arrived in my EMAIL, my first response was "Not another pen-testing book!" and I gazed at the table of contents with rather of a jaundiced eye. As you have probably noticed, I have a fondness for books that require you to "do" as you read and Weidman's chapters on setting up a virtual lab and introducing Kali Linux piqued my interest enough to start reading.

Weidman wasted no time in starting to rack up credibility points as she noted that in a penetration test, you simulate attacks by actually EXPLOITING vulnerabilities rather than just identifying them (Chapter 0). Then on page 3, she earned her "veteran" status by noting that even a simple port scan of a device's management port can knock them off the air (in my experience by crashing the on-board web server).

To avoid this becoming just another catalog of tools and dialogs, the reader will definitely want to follow the procedures in Chapter 1 to set up the virtual lab for the book. Weidman makes use of Kali Linux which has an arsenal of tools already installed and avoids much time wandering the "dependency maze" in getting the tools to run. She wisely recommends that you use the Kali version available on the book website so that her walkthroughs will match the tool versions. Chapters 2 through 4 provide a brief introduction to Kali, scripting and the Metasploit framework that prepare you for the detailed walkthroughs in later chapters.

With preliminaries out of the way, Weidman devotes the next three chapters to the assessment phase of the penetration test. It's a pretty standard presentation of the usual tools (whois, nmap, Nessus, Metasploit, etc.) with accompanying introductory walkthroughs in the virtual lab environment.

The next eight chapters are devoted to attacks, and this is where Weidman starts to shine. She makes the solid point that in a penetration test, you have to go beyond identifying a vulnerability and actually exploit it where possible. And, most importantly, after a successful exploit, you have to do something interesting (interesting to you as the pen-tester but damaging to the customer if actually done by an adversary).

The catalog of attack methods is quite comprehensive and goes beyond the usual exploitation of technical vulnerabilities and cracking passwords to client-side attacks, social engineering (using SET. the Social Engineer Toolkit) and evading anti-virus. Chapter 13, "Post Exploitation", is highly recommended for its coverage (and walkthrough) of how to capitalize on an initial foothold to achieve further access within the infrastructure. She rounds out her survey of attacks with coverage of web applications (notable for illustrating use of the Burp proxy) and wireless.

Weidman's next the important topic of "Exploit Development", and she spends four chapters covering stack-based buffer overflows, SEH (Structured Exception Handler) overwrites, fuzzing and development of Metasploit modules for new vulnerabilities. This section provides a concise, all-in-one-place overview of these essential topics.

The final chapter covers Weidman's personal specialty: attacking mobile devices. As these wandering gateways into our infrastructures and repositories of proprietary data have become increasingly common, their value to our adversaries has correspondingly increased. Weidman's coverage of how these devices are attacked and use of her "Smartphone Pentest Framework" are a valuable addition to the knowledgebase of the practicing security professional. The walkthroughs are done using emulators, so there's no need to risk "bricking" a real device when following along with the text.

Through I started out with reservations about the need for yet-another-pen-testing-book, Weidman's presentation has much to recommend it to the technical security professional. No book is ever going to make one into a successful penetration tester but careful study and time invested in following her walkthroughs will provide increased understanding of the pen-tester's craft and appreciation of our adversaries' use of similar techniques in the field. Definitely a recommended read.

It has been said "Be careful, for writing books is endless, and much study wears you out" so Richard Austin ( fearlessly samples the wares of the publishing houses and opines as to which might most profitably occupy your scarce reading time. He welcomes your thoughts and comments via raustin at ieee dot org