What do you think?
Rate this book
Penetration Testing: A Hands-On Introduction to Hacking
Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses.
In Penetration Testing , security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine–based lab that includes Kali Linux and vulnerable operating systems, you’ll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you’ll experience the key stages of an actual assessment—including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more.
Learn how
–Crack passwords and wireless network keys with brute-forcing and wordlists
–Test web applications for vulnerabilities
–Use the Metasploit Framework to launch exploits and write your own Metasploit modules
–Automate social-engineering attacks
–Bypass antivirus software
–Turn access to one machine into total control of the enterprise in the post exploitation phase
You’ll even explore writing your own exploits. Then it’s on to mobile hacking—Weidman’s particular area of research—with her tool, the Smartphone Pentest Framework.
With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.
In Penetration Testing , security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine–based lab that includes Kali Linux and vulnerable operating systems, you’ll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you’ll experience the key stages of an actual assessment—including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more.
Learn how
–Crack passwords and wireless network keys with brute-forcing and wordlists
–Test web applications for vulnerabilities
–Use the Metasploit Framework to launch exploits and write your own Metasploit modules
–Automate social-engineering attacks
–Bypass antivirus software
–Turn access to one machine into total control of the enterprise in the post exploitation phase
You’ll even explore writing your own exploits. Then it’s on to mobile hacking—Weidman’s particular area of research—with her tool, the Smartphone Pentest Framework.
With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.
528 pages, Paperback
First published May 22, 2014
205 people are currently reading
1839 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 26 of 26 reviews
February 6, 2016
To learn the different domains of security and penetration testing,this is one of the best books around.
May 17, 2021
Had I read this when it came out, it would've been incredible. Unfortunately, the book is old enough that I spent equal time fighting with it as learning from it. Sometimes the installs required by the exercises can't be found online and other times the example code is based on python2 and won't work in python3. Even if you spend time learning enough python to get. To rework the code, you're still hacking windowsXP, which will only grant you concepts rather than skills applicable to later Windows editions.
I don't want to knock this book, but it may be just too old at this point to justify fighting your way through.
I don't want to knock this book, but it may be just too old at this point to justify fighting your way through.
February 20, 2020
This book was written by a security expert, researcher, and trainer Georgia Weidman. Penetration Testing: A Hands-On Introduction to Hacking teaches the fundamental skills that every penetration tester needs. You will build a virtual lab with Kali Linux and a couple of vulnerable virtual machines and you will run through multiple scenarios in this environment. Tools like Wireshark, Nmap and Burp Suite are being used in this book, amongst many others.
May 4, 2020
Although the book title has the word 'introduction' in it, do not be mistaken, this is not a book for the laymen. It assumes that you have intermediate to expert level of understanding of the computer architecture. That is to say, you understand how computer works, down to the register of a CPU. Throughout the book, there are references to assembly language and how hackers manage to exploit outdated systems with low level programming.
Computer security is a dynamic topic for which it is easy to destroy and or increase the entropy of a computer system. There are millions of ways for a program to not work, and hackers find ways to infiltrate a system from all directions. To the best of their abilities, penetration testers comb through the source code of programs to figure out how can malicious programs be prevented from entering the system in the first place. For aspiring penetration testers, I think this is a good book to start with.
The book covers a wide range of topics, from social engineering to fuzzing and also the basic standard stack-based buffer overflow. I would say 80% of the book is covered with code, so this is not a book for someone who is allergic to code. This book is full of code but technology advances quickly which means that some of the content may not be applicable to the reader by the time of reading. As I was trying to replicate the scenarios mentioned in the book, I realised some programs have compatibility issues because the software was too outdated. So don't be too hopeful that you will become a full fledged hacker after reading this book. Nonetheless, I think this book gave me a good overview of ethical hacking and penetration testing. I think this book would give a computer scientist a better understanding of the underlying code of the programs we use daily.
Computer security is a dynamic topic for which it is easy to destroy and or increase the entropy of a computer system. There are millions of ways for a program to not work, and hackers find ways to infiltrate a system from all directions. To the best of their abilities, penetration testers comb through the source code of programs to figure out how can malicious programs be prevented from entering the system in the first place. For aspiring penetration testers, I think this is a good book to start with.
The book covers a wide range of topics, from social engineering to fuzzing and also the basic standard stack-based buffer overflow. I would say 80% of the book is covered with code, so this is not a book for someone who is allergic to code. This book is full of code but technology advances quickly which means that some of the content may not be applicable to the reader by the time of reading. As I was trying to replicate the scenarios mentioned in the book, I realised some programs have compatibility issues because the software was too outdated. So don't be too hopeful that you will become a full fledged hacker after reading this book. Nonetheless, I think this book gave me a good overview of ethical hacking and penetration testing. I think this book would give a computer scientist a better understanding of the underlying code of the programs we use daily.
This entire review has been hidden because of spoilers.
May 26, 2017
Absolutely fantastic!
October 28, 2018
Very good. Perhaps the reference book i've used most during sitting the OSCP.
January 21, 2018
This was one of our textbooks from our Red Teaming class last semester. The book uses a step-by-step approach in configuring and deploying different penetration testing tools, real-world hacking scenarios and how they are executed and explains some computer science theories (buffer overflows, hashes, TCP/IP, etc) behind the attacks. You get a much broader understanding on what you are doing as a pen tester. Not bad for an introductory book.
The author is active in the penetration testing industry, gives talks around the world in security conferences and specializes in mobile security. Chapters 15 (wireless attacks) and 20 (smartphone pen test framework) is a gift because both are her expertise.
The book was published in 2014. So some of the Linux commands and pen testing tools (VMware, Kali Linux) versions are not up-to-date. You might need to do some extra research but it’s easy.
The author is active in the penetration testing industry, gives talks around the world in security conferences and specializes in mobile security. Chapters 15 (wireless attacks) and 20 (smartphone pen test framework) is a gift because both are her expertise.
The book was published in 2014. So some of the Linux commands and pen testing tools (VMware, Kali Linux) versions are not up-to-date. You might need to do some extra research but it’s easy.
August 1, 2018
An extremely thorough book that offers more than introductions to the topics at hand.
Georgia does a great job at sticking to the main points and not getting distracted.
She guides you along, usually step by step, in each exercise.
Her method aims at teaching you the fundamentals so that you can build upon them in the future, especially since technology is constantly changing and these hacks are evolving.
Instead of having you take the easiest route from A to B, you will sometimes find yourself going about things manually. This will help you develop a problem-solving mentality which, I believe, is essential in this field.
This book covers material I've read in other books on the same subject, but does it more elaborately.
Would definitely recommend for anyone interested in this topic.
Georgia does a great job at sticking to the main points and not getting distracted.
She guides you along, usually step by step, in each exercise.
Her method aims at teaching you the fundamentals so that you can build upon them in the future, especially since technology is constantly changing and these hacks are evolving.
Instead of having you take the easiest route from A to B, you will sometimes find yourself going about things manually. This will help you develop a problem-solving mentality which, I believe, is essential in this field.
This book covers material I've read in other books on the same subject, but does it more elaborately.
Would definitely recommend for anyone interested in this topic.
October 6, 2020
The author selected quite a few old softwares to demonstrate how people can exploit a vulnerable in some software. One thing I don't like about this "lab setup" is that it includes Windows XP, Windows 7 which readers may face difficulty to find the correct ISO images to install.
The exploitation is kinda one-hit exploit. It's quite obvious vulnerable and I couldn't learn much about the exploitation. Maybe it's because of my learning method. Or maybe it's because the vulnerable machines are installed with a bulk of separate apps in a "random way".
Basically I will recommend this to totally novice who wants to quickly enjoy the feeling of "pwning a machine".
The exploitation is kinda one-hit exploit. It's quite obvious vulnerable and I couldn't learn much about the exploitation. Maybe it's because of my learning method. Or maybe it's because the vulnerable machines are installed with a bulk of separate apps in a "random way".
Basically I will recommend this to totally novice who wants to quickly enjoy the feeling of "pwning a machine".
May 15, 2019
A *really* great introduction to penetration testing, and the author provides all the tools necessary with the book. My only complaint is that it's a bit dated, but that's not the fault of the book, there just hasn't been a book of similar quality that's been published more recently. Note that this book is not for casual reading; it is a step-by-step guide to pentesting and becoming familiar with the tools of the trade. It is a comprehensive and detailed manual that every cybersecurity student should use in their studies.
July 7, 2018
i will back later to read last chapter 20 (smartphone pen test framework)
meanwhile i really enjoyed reading the book had alot of explanation, most of details i knew it before since i read it on other books ,
but it deserve a reading again and refreshing
meanwhile i really enjoyed reading the book had alot of explanation, most of details i knew it before since i read it on other books ,
but it deserve a reading again and refreshing
July 10, 2019
An excellent informational resource. While the content is a bit outdated at this point the author is still very helpful and provides the necessary resources to those who take the time to ask. A great primer for getting in to penetration testing, and the PWK training and OSCP certification.
June 24, 2020
This is a great book to introduce many different concepts to people early in thier security career, or, folks just interested in pickling up a few new skills. The material in vol1 is now dated; however, none of the 1 and 0 are still 1 and 0. I look forward to vol 2 (I hope) in 2021.
December 21, 2019
Excellent
July 26, 2020
A hands-on practical step by step training book for a pentester. with this book was how I got to learn about web application pentest.
July 28, 2020
Very practical guide, albeit a little out of date. Recommended reading for infosec enthusiasts.
August 11, 2020
It is a great book that has helped me study for my security + certification
January 16, 2021
Good overview of the field and process.
Read
September 17, 2021how to read this online for free?
December 21, 2021
The books cover the basics of network penetration test, good for newcomers
Read
February 24, 2022Need smore updated content
March 1, 2022
For a book written in 2014 it's pretty solid and has a lot of information still worth reading. It would have been a 5 star book when read closer to its original publishing date.
Read
March 23, 2017Location: GG5 IRC
Accession No: DL028871
Accession No: DL028871
August 15, 2021
The perfect book to start your Cybersecurity journey.
December 25, 2019
Great handbook! Due to the fast development of technology it is a bit out of date already. But a new version is under it's way.
April 12, 2017
This first edition contained a swath of editorial errors, especially in the code examples. That slowed my progress considerably and required far more repetition than I care for. Still, the book was insightful and instructive.
Displaying 1 - 26 of 26 reviews