Advanced Penetration Testing: Hacking the World's Most Secure Networks

Want to read a book on security that cuts through the BS by a man who's been on the front line of pen testing his entire career? This is the book I've been waiting for. Not only are the descriptions of intrusion techniques fascinating and motivating, the accompanying anecdotes range from hilarious to terrifying. Very well written and highly recommended - this will make you a better pen tester, red teamer, blue teamer or just scare you senseless.

By far the best book I've read in years. The author details several highly interesting penetration tests he went on as well as introducing many technologies that might aid in the hack. He doesn't waste ink on basic topics such as port scanning like the rest of the generic pentest books (thank you!) making it an extremely educational book.

As expected.

This book is a wonderful example of how all the little "tricks of the trade" can be pulled together. Clear and concise. Its one of those security books you can pick up, flick to a page, read 5 minutes and put down. It does assume you know the core fundamentals. This is a must have book for anyone serious about assessing APTs

Well written book. Great examples. Would definitely recommend to anyone interested in cyber security.

Very good read if you are interested in the field

So far so good, this is very good for pro's in the field.

10!

Comprato sotto consiglio di un collega e devo dire che aveva ragione molto interessante, non per neofiti

Ehrlich gesagt hatte ich mir etwas mehr tiefgang erwartet. Wil Allsopp erklärt in dem Buch anhand verschiedener Attack Patterns unterschiedliche Möglichkeiten an ein gewünschtes Ziel zu kommen. Leider tut er das nur sehr salopp zwar sind Code Beispiele vorhanden und auch Theorie über AV Evasion etc. jedoch habe ich nicht das Gefühl, auch wenn das Buch sehr gut geschrieben ist, besonders viel gelernt zu haben. Ich würde es dennoch empfehlen schon alleine um seine Gedankengänge nachvollziehen zu können.

Es uno de los mejores libros sobre seguridad que he leído. Cada capítulo detalla un escenario de pentesting basado en un engagement real realizado por el autor, y te va guiando en la construcción de un framework para simular APTs, añadiendo mayor complejidad en cada capítulo. El libro está además escrito con un estilo muy personal, donde el sentido del humor y los amplios conocimientos del autor se van dejando entrever prácticamente en cada párrafo. Los fragmentos de código y los pantallazos ayudan a la comprensión, pero se dejan deliveradamente algunas cosas para que el lector pueda cacharrear y aprender practicando. Puedes leerte el libro en una tarde y aún así, sacar lecciones valiosas. Pero la mejor forma de consumirlo sin duda es teniendo un VMWare y un Kali delante para ir jugando con las técnicas que se van describiendo. Si solo pudiera extraer una lección de este libro, sería la siguiente: el pentesting real es 0% 0Day exploits y herramientas mágicas, y 100% usar el cerebro. La mayoría de los casos descritos en el libro comienzan con algún tipo de phishing y, en situaciones donde uno pensaría en ir corriendo a buscar algo a ExploitDB, el autor te muestra posibles atajos y trucos que muchas veces se pasan por alto debido a la complejidad de los sistemas con los que trabajamos.

This book is the real deal. I found it to be eye-opening, because, despite sounding very advanced and almost next-level, the attacks accompanied by source code show how simple and effective they are in reality. This book seemed light at first (200 pages), so I was skeptical at it's ability to really tackle advanced topics, but I will say I was very pleasantly surprised. Those two hundred pages are action packed and filled with jaw-dropping 'this is cool' moments. My only gripe with it is that it's a little formulaic, with the social engineering being shoehorned into every attack, and maybe pushing the whole APT thing too much, like when you really want something to become 'a thing'. Do we really need to socially engineer payloads using the same formula for all of the attacks? Not even one 'ha Ked the router with boring Cisco exploits' example? I guess it wouldn't make for an entertaining book.

Excellent