The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy 2nd Edition
The Basics of Hacking and Penetration Testing, 2nd Ed. serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. No prior hacking experience is needed. You will learn how to properly utilize and interpret the results of modern-day hacking tools, which are required to complete a penetration test. Tool coverage includes Backtrack and Kali Linux, Google reconnaissance, MetaGooFil, DNS interrogation, Nmap, Nessus, Metasploit, the Social-Engineer Toolkit (SET), w3af, Netcat, post-exploitation tactics, the Hacker Defender rootkit, and more. The book provides a simple and clean explanation of how to effectively utilize the tools and introduces a four-step methodology for conducting a penetration test or hack. You will be provided with the know-how required to jump-start your career or gain a better understanding of offensive security. The book walks through each of the steps and tools in a structured, orderly manner, allowing readers to understand how the output from each tool can be fully utilized in the subsequent phases of the penetration test. This process allows readers to clearly see how the tools and phases function and relate.
- The second edition includes updated information covering Kali Linux as well as focusing on the seminal tools required to complete a penetration test
- New tools added including the Social-Engineer Toolkit, Meterpreter, w3af, and more!
- Each chapter contains hands-on examples and exercises that are designed to teach you how to interpret the results and utilize those results in later phases
- Written by an author who works in the field as a Penetration Tester and who teaches Offensive Security, Penetration Testing, and Ethical Hacking, and Exploitation classes at Dakota State University.
Table of contact:
ABOUT THE AUTHOR
CHAPTER 1 What is Penetration Testing?
CHAPTER 2 Reconnaissance
CHAPTER 3 Scanning
CHAPTER 4 Exploitation
CHAPTER 5 Social Engineering
CHAPTER 6 Web-Based Exploitation
CHAPTER 7 Post Exploitation and Maintaining Access with Backdoors, Rootkits, and Meterpreter
CHAPTER 8 Wrapping Up the Penetration Test
About the author:
Dr. Patrick Engebretson obtained his Doctor of Science degree with a specialization in Information Assurance from Dakota State University. He currently serves as an Assistant Professor of Computer and Network Security and also works as a Senior Penetration Tester for a security firm in the Midwest.
His research interests include penetration testing, hacking, exploitation, and malware. Dr. Engebretson has been a speaker at both DEFCON and Black Hat in Las Vegas. He has also been invited by the Department of Homeland Security to share his research at the Software Assurance Forum in Washington, DC. He regularly attends advanced exploitation and penetration testing training from industry-recognized professionals and holds several certifications. He teaches graduate and undergraduate courses in penetration testing, malware analysis, and advanced exploitation.
Father. Husband. Professor. Hacker. Pen Tester. And now author!
Born in northern Minnesota, an undergraduate at North Dakota State University, Masters’s and Doctorate at Dakota State University.
Reviews about the ebook:
- D. Engel:
I purchased this book for a course I was taking for a Master’s program. Before reading this, I have never “hacked” a thing in my life. I didn’t even know where to start. After completing the reading of this book I was able to successfully attack another machine and get access to it (all legally of course because it was all done in a VM environment that I own).
It’s a very enjoyable read. The writing is entertaining and educational. I believe from beginning to end I spent about 6 to 8 hours reading it. If you follow along with the examples in the book and try things yourself, you can spend a considerable amount of time in this book. After I read it cover to cover I went back through to try the examples.
There are many suggestions at the end of each chapter on how you can continue learning or practicing more of the concepts presented. These suggestions often go far beyond the basics (so they seemed) and help sharpen certain skills. I have not researched or attempted any of these additional suggestions but many of them sounded very interesting and worth taking a look at.
As mentioned in the title, this is a basics course. You learn the very basics of many tools that can set you on a solid path to a penetration testing career. If you are new to this field and looking to get a solid foundation in hacking and penetration testing then I would highly recommend this book. If you already have a solid foundation of hacking because you were self-taught or are in the industry then most of this book will be irrelevant and elementary but could be a good review. He does a great job at taking a beginning to end approach pointing out areas that some often overlook that could help you be more successful.
I don’t know if Patrick Engebretson has written other books but based solely on my experience with this one I will certainly be looking for more from him.
By comparative standards, I’m still new to the art of hacking/pen-testing, but not green or a beginner by any means. However, with that said I still like to pick up books on this topic regardless of the called out “skill level” that it claimed as you never know if you might learn a new method or approach to the prospective challenge.
So with that bit of background, the aspect of the reconnaissance phase of the pen-testing was mostly repetitive for me but there were a few keys that I took stock in. From the perspective of a complete newbie to the scene, this level of detail would most definitely be of benefit for them.
When moving forward deeper into the book on to the scanning and exploitation phases the same level of detail found in phase one (reconnaissance) is still very much prevalent and I found it interesting in the sense of strategy being implemented as I myself have never really thought about the whole “why” aspect of the process, but rather just did it. Having that better grasp on the “why” I’ve found has made some of my recent actions in this field to be more instinctual now rather than involving a sense of thought.
In the end section of the book covering the reporting of your work and findings to clients I again found this section to be a little on the repetitive side since I’ve done a lot of reporting that requires the conveying of knowledge to both board members as well as the technical folks. But again the delivery of detail to present the reader with the sense of understanding why this needs to be accomplished was not lacking.
Overall I’m very impressed with the layout and flow that the book provides taking the reader down a pseudo pen testing experience. But as the title does allude to “The Basics of Hacking…” with the keyword being BASICS provides a fundamental overview and not an in-depth scope covering tools used. It talks about the more common tools utilized such as Metasploit for example and covers simple hacks to demonstrate the capabilities of the tools used and that’s it. The author does a great job of explaining what you can do next for additional information or how best to practice your newly found skills and does a great job in setting the reader up for success in this regard. If you are an experienced hacker/pen-testing or someone looking to learn/leverage the full power of a certain tool then you will be severely disappointed and I suggest looking into the technical “cookbooks” to gain that degree of knowledge. So unless you are completely new or like me looking to gain additional ways of looking at things I feel you won’t enjoy or benefit much from this book.
Honestly, I am 4 chapters in and can’t believe how helpful and informative this has been. It’s sparked my curiosity and given me enough know-how to explore it. Would be done if I didn’t keep targeting and independently learning aside from the book’s direction, an excellent resource. SO many even of these beginner resources can be such a bore, this is, fortunately, a pleasure to read.
- Mrs. Swati Singh:
Definitely, the best book that I have ever read to get started on the fundamentals for penetration testing. Not overly loaded with information and tools names. Outlines a neat, easy-to-understand structure and steps to go about penetration testing. Not for seasoned programmers and security testers. As the name suggests, it is for beginners who are coming into the field cold. It makes the first steps of learning penetration testing easy and gives a great foundation.
- E. Brightwell:
If you need to test the security of your internet connection then this book is a must-have. It is very reasonably priced, very well written, and easy to follow. It leads you through the essential processes using free software available online ( for non-commercial use ). It is sufficiently comprehensive for all but professional Pen Testers but does not get bogged down in unnecessary detail.
Good read. Entry-level to the subject. You still need technical knowledge. It’s not a starter for someone will no knowledge of computers (for those teenagers looking to be uber ninja skilled haxors)
Very good book. Not as detailed as some other Pentesting books, but certainly worth a read. Very thoughtful book, especially good for beginners who are getting into Pentesting or know a little.