As I have studied Computer Science I am naturally interested in Penetration Testing. No one wants to leave their computer or mobile devices unprotected, but I also wanted to know more on how such dark arts are performed. I don’t want to know that because I want break into some one’s computer but I would like to know just how the worlds IT infrastructure is vulnerable to people pressing keys on their keyboards a world away. As such I have a number of books on penetration testing on my shelves, most are collecting dust. I am not sure why I thought Georgia Weidman’s book would be any different but after reading a teaser chapter I knew it was. I have read the entire book (which is a first) but now I also have a more complete understanding of how the various pen testing topics are interrelated. This book is nothing short of a tour de force of pen testing.

Penetration testing A Hands-on introduction to hacking by Georgia Weidman Review!

***Never mind the hideously long subtitle, my Google SEO demands it***

The first chapter deals with setting up a hacker space. Georgia assumes you’re using windows but support for Linux and Mac OS X is also there. With setting up a hacker space you are essentially using software like VMware to set up a virtual OS such as Kali Linux in order to try and hack an other virtual OS such as Windows XP. So far so good, pretty much every introduction book for hacking deals with such basics. However, Georgia’s method is more involved. She will actually guide you through the most important steps. She will also ask  you to install software packages such as Nessus and Android SDK for mobile hacking (which is her expertise). At times she does not explain the absolute necessity and just states that a future chapter will require it. This upfront work is easy to carry out but it is a chore. The upside is that your hacker space is as Georgia thinks it should be so there will be no problems further down the line.

After the first chapter the next three are relatively easy. Georgia explains the basics of programming in a Linux environment. Examples of small programs written in Python and C. Later on in the book more coding follows but each time with a proper amount of explanation. Bash scripting is also explained, with bash you can easily automate repetitive tasks. Thus Georgia lays the groundwork for making the most out of your Linux distro that you have installed but aren’t actually using.

In chapter 4 Georgia shows how step by step you can do you first hack. Although hacking literally means ‘to learn’ most associate it with a digital break in. Georgia explains how with the Metasploit framework found in Kali Linux you can hack into an older version of Windows XP. If you performed the steps in chapter 1 correctly you will have a virtual machine program run both Kali Linux and Windows XP on your Desktop. Performing such a hack is exhilarating and drives the reader to master the rest of the book. It took me most of the summer holiday to tackle the remaining chapters but I had other commitments. The text is easy to understand even after a period of inactivity. Chapter 9 on password attacks is already available online as a teaser. The chapter is easy to understand and fun to work with. The last two chapters are about hacking mobile devices which is of course a hot topic. Other chapter detail network traffic interception, firewall breaching and SQL injection attacks. All such topics are important for those planning to get a Computer Science degree. My experience from college is that they are not always well explained especially if the emphasis is on theory. With Georgia’s book you can get a head start or use it as a quick reference when you are stuck.

Conclusion…

This book written by Georgia Weidman is about the basics of penetration testing, but that doesn’t mean that by the end you are still a noob. You probably are but you are inexperienced and not uninformed. Georgia tackles a lot of Penetration testing topics and with each detailed examples and try outs are given. This helps the reader with better understanding the material. Georgia manages to create a perfect symbiosis between theory and practice. All too often pen testing books and guides get bogged down in theory. Georgia enhances the experience by giving short guides on how to use the Linux command line and how to program simple applications. For those unfamiliar with either topic this book could be an interesting addition to any text on those topics. For a few years I have tried to write my own book on penetration testing. Part of it is ready, the difficulty was to clearly explain to beginners programming, Linux and penetration to allow them to get the most out of each topic. I don’t think either can be discussed without the other two. Georgia has already written such a book.

You can buy Penetration Testing from Amazon.com for around 30 dollars. If you are willing to put the time in it then I can really suggest this book. Come Christmas you will have a completely new outlook on hacking and Linux if you were previously unfamiliar with both. If you want to delve into Linux than I can recommend the MOOC Introduction to Linux from EdX, just follow this link. If you want to know more about Georgia Weidman and not miss any of her tips than click the link to her Twitter account. Thanks for reading, this was Penetration testing A Hands-on introduction to hacking by Georgia Weidman Review.

Score; 9 / 10. Just a few rough edges although mostly it was my fault when I got stuck as I actually thought the topic was hard.

Source; http://www.nostarch.com/pentesting