Thursday, November 17, 2011

Book Review: Metasploit: The Penetration Tester's Guide

I was recently given the opportunity to review a copy of Metasploit: The Penetration Tester's Guide by David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni.

This book, which is published by No Starch Press, opens with a hearty recommendation by HD Moore, the creator of the Metasploit Framework, then continues with an introduction to penetration testing and the history of the Metasploit.

The fact that this book thoroughly covers a tool that changes daily is a credit to the authors, who as leaders in their field, strive to provide relevant information and instruction without becoming outdated before the book is purchased.

From the basics and phases of penetration testing and probing a network to building your own modules and creating your own exploits, this book has it all. Granted with such a wide base, it is difficult to really dive deep on so many topics, but this book covers different many scenarios and touches on the major features and functionality, all while showing the ease of using the tool. This is a plus, as it seems that with a tool as robust as Metasploit that it would be very easy to get caught up in the the details of individual settings and features, but luckily this is not the case here.

In addition to all of the topics covered, specific sections such as the ones on Meterpreter, the Social Engineering Toolkit and Fast-Track, help to cement the knowledge of reconnaissance, enumeration and various attack vectors and are very informative.

Lastly, the information contained in the two appendices in the back of the book puts a bow on this nicely wrapped present. Appendix A helps you get a target environment, including MS SQL Server, up and running. For me, this helps ties everything nicely together as it's impossible to understand the Metasploit Framework from a penetration testing perspective without actually having hand-on experience. Appendix B is a listing of the most frequently used commands for Metasploit's interfaces and utilities and serves as a good quick reference.

All in all, Metasploit: The Penetration Tester's Guide is an invaluable resource to get those that are new to this tool up and running while also providing experts with a great resource to turn to when help or ideas are needed. One can pick up this book and quickly gain a firm understanding of penetration testing methodology and thought processes as well as quickly come up to speed on the best security tool currently available.

No comments:

Post a Comment