• Home
  • About Us
  • General
  • Wireless
  • Web
  • Scanning
  • Metasploit
  • Hacking Courses
    • OSCP
    • The Virtual Hacking Labs
    • Certified Ethical Hacker (CEH)
    • Hacking Books
  • More
    • Exploit tutorials
    • Pentesting Exchange
    • Networking
    • Malware Analysis
    • Hacking Metasploitable 2/3
    • Digital Forensics
  • Contact
Facebook Twitter Instagram
Trending
  • CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
  • Installing Rogue-jndi on Kali Linux
  • Log4Shell VMware vCenter Server (CVE-2021-44228)
  • The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
  • CVE-2019-19781: Citrix ADC RCE vulnerability
  • Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
  • Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
  • Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Facebook Twitter YouTube Tumblr Instagram Pinterest
Hacking Tutorials
  • Home
  • About Us
  • General
  • Wireless
  • Web
  • Scanning
  • Metasploit
  • Hacking Courses
    • OSCP
    • The Virtual Hacking Labs
    • Certified Ethical Hacker (CEH)
    • Hacking Books
  • More
    • Exploit tutorials
    • Pentesting Exchange
    • Networking
    • Malware Analysis
    • Hacking Metasploitable 2/3
    • Digital Forensics
  • Contact
Hacking Tutorials
You are at:Home » Hacking Books » Book Review: Advanced Penetration Testing
Book review - Advanced Penetration Testing

Book Review: Advanced Penetration Testing

2
By Hacking Tutorials on July 4, 2017 Hacking Books

A couple weeks ago I picked up a book with the very appealing title: Advanced Penetration Testing: Hacking the world’s most secure networks. The author of this book is the seasoned information security expert Wil Allsopp and it has been published by Wiley in March 2017. The foreword has been written by Hans van Looy, founder of Madison Gurkha (I’ve always wondered about this name when I saw it, finally explained in the foreword). The back cover states that this book is about more complex attack simulation and Advanced Persistent Threat (APT) modelling featuring techniques that are way beyond using Metasploit and vulnerability scanners.

Advanced Penetration Testing & APT Modelling

The book is covering Advanced Penetration Testing subjects such as:

  • Discover and create attack vectors.
  • Move unseen through a target enterprise and reconnoiter networks, operating systems, and test structures.
  • Employ social engineering strategies to create an initial compromise.
  • Establish a beachhead and leave a robust command-and-control structure in place.
  • Use advanced data exfiltration techniques – even against targets without direct Internet connections.
  • Utilize advanced methods for escalating privilege.
  • Infiltrate deep into networks and operating systems using harvested credentials.
  • Create custom code using VBA, Windows® Scripting Host, C, Java®, JavaScript®, Flash, and more.

Generally we only write practical penetration testing tutorials on Hacking Tutorials but for a change I wanted to write a short review on this book. Personally I think this book is a must read for every penetration tester, red teamer and security specialist.

Personally I’ve enjoyed every page of this book because it offers a new perspective to penetration testing and security for many. The advanced penetration testing techniques described in this book are way beyond running a vulnerability scanner and downloading and executing exploits from exploit-db. The author challenges the reader to re-think security and everything that you know about penetration testing. The book does not simply provide a collection of code and scripts. Instead he challenges the reader to fully understand the techniques and tools and being able to develop their own. When progressing through the chapters it becomes more and more obvious how almost every network can be penetrated, including networks that are not connected to the internet. Some people might think that books like these are controversial because the techniques described can also teach the bad guys or how to become one. Truth is that many advanced techniques are used by the bad guys already and they can also be used to defend against them which is exactly what APT modelling is all about.

Another thing I liked about this book is that the author writes about his own experience with APT modelling against specific industries. Each chapter describes APT modelling against an organization in a specific industry such as a hospital, pharmaceutical company or bank. The break down in industry also gives the reader a clear view how specific industries have different assets to protect, how they are protected and by who. For instance the most important assets for a hospital are critical medical equipment and the confidentiality of medical records. A publishing company will have their security measures focusing on maintaining the integrity of their publications. Another important factor which can be distinguished between different industries is the competence level and of course IT budgets. All these factors require modelling different APT’s and using different techniques. I think the author did a great job on explaining this to the reader.

Conclusion

If you are looking for a book that covers the modelling of Advanced Persistent Treats and more advanced techniques, you should definitely buy this book. It will probably be a big eye opener for a lot of people that are new to penetration testing and a great asset for existing penetration testers. Both the paperback and Kindle edition are available to buy from Amazon:

Advanced Penetration Testing: Hacking the World’s Most Secure Networks

Have you read the book too? Let us know what you think by leaving a reply.

Virtual Hacking Labs - Penetration testing lab
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleHow to setup Metasploitable 3 on Windows 10
Next Article Metasploitable 3: Exploiting ManageEngine Desktop Central 9

Related Posts

The Best Hacking Books 2018

Course: The Virtual Hacking Labs

Installing Caine 8.0 on a virtual machine

2 Comments

  1. Kgomotso on March 18, 2018 6:27 pm

    Thanks for the great review! This will be my next read. :-)

    Reply
  2. Nariod on May 29, 2018 4:20 pm

    Very nice book ! However, as a beginner, you realize there is a long way to go to get all the subtle things from this book.

    Reply

Leave A Reply Cancel Reply

Top Tutorials
By Hacking TutorialsOctober 29, 20220

CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability

By Hacking TutorialsJanuary 10, 20220

Installing Rogue-jndi on Kali Linux

By Hacking TutorialsDecember 17, 20210

Log4Shell VMware vCenter Server (CVE-2021-44228)

By Hacking TutorialsSeptember 27, 20210

The Great Leak: Microsoft Exchange AutoDiscover Design Flaw

By Hacking TutorialsFebruary 4, 20200

CVE-2019-19781: Citrix ADC RCE vulnerability

By Hacking TutorialsNovember 1, 20188

Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations

Subscribe

Enter your email address to subscribe to Hacking Tutorials and receive notifications of new tutorials by email.

Join 828 other subscribers
Recent Tutorials
  • CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
  • Installing Rogue-jndi on Kali Linux
  • Log4Shell VMware vCenter Server (CVE-2021-44228)
  • The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
  • CVE-2019-19781: Citrix ADC RCE vulnerability
Virtual Hacking Labs
Penetration Testin Course and Hacking Labs
Categories
  • Digital Forensics
  • Exploit tutorials
  • General Tutorials
  • Hacking Books
  • Hacking Courses
  • Malware Analysis Tutorials
  • Metasploit Tutorials
  • Networking
  • Pentesting Exchange
  • Scanning Tutorials
  • Web Applications
  • Wifi Hacking Tutorials
Downloads
  • directory_scanner.py (122139 downloads)
  • PEiD-0.95-20081103.zip (112958 downloads)
  • wifi_jammer.py (139886 downloads)
Recent Tutorials
  • CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
  • Installing Rogue-jndi on Kali Linux
  • Log4Shell VMware vCenter Server (CVE-2021-44228)
  • The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
  • CVE-2019-19781: Citrix ADC RCE vulnerability
  • Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
Popular Tutorials
By Hacking TutorialsSeptember 1, 2016115

Review: Offensive Security Certified Professional (OSCP)

By Hacking TutorialsApril 18, 201738

Exploiting Eternalblue for shell with Empire & Msfconsole

By Hacking TutorialsMarch 17, 201637

Installing VPN on Kali Linux 2016 Rolling

Featured Downloads
  • directory_scanner.py (122139 downloads)
  • PEiD-0.95-20081103.zip (112958 downloads)
  • wifi_jammer.py (139886 downloads)
© Hacking Tutorials 2022

Type above and press Enter to search. Press Esc to cancel.

Go to mobile version