Posted in Education, Penetration Testing

Penetration Testing Books 2017

book-reading-library-literature-159697

Having spent (wasted) a lot of money on Penetration Testing books that were either not very interesting or just far too advanced for a junior or new learner, I wanted to just put it down in words how I felt about some of the recommended material on offer.

I’ll just list the books in order of usefulness, write a little about them and let you know whether it’s suitable for a new learner in Pen Testing.

Web Application Hackers Handbook V2 – Amazon UK
I read so many great reviews of this book. It’s not called the bible of web testing for nothing. It really is a great reference manual and should feature highly in everyone’s list.

Verdict: Ideal for new learners and experienced people for quick reference. A must!

Penetration Testing: A Hands-On Introduction to Hacking – Amazon UK
I’d say this was a must for any new learner. Especially if you are thinking of taking OSCP. I’d buy this first, get through it and then do OSCP, instead of buying the book halfway through like me.

Verdict: An absolute must for new learners and juniors. Maybe more experienced testers would let it lie on a shelf, not sure.

Hacking Linux Exposed – Amazon UK
I got this book for £4 and it’s been a very worthy addition to my shelf. I’ve used it loads of times as a quick reference during PWK (OSCP) A very worthy addition for the price. It’s old in some cases but still very relevant.

Verdict: Ideal for new learners. Maybe experienced testers will use it from time to time as a refresher.

Network Security Assessment: Know your network – Amazon UK
I found it hard to put this book down when I got it. It’s really easy to read and has a calming effect when you read it. I’d add the newest version of the book even though I have version 3.

Verdict: Ideal for everyone I’d say, and a part of the CREST reading recommendations list.

 

RTFM: Red Team Field Manual – Amazon UK
The first book I ever bought. A baptism of fire if you’ve never tackled hacking before. The book makes a lot of sense to me now. It’s a great book to have a round and I found it really useful at times during OSCP.

Verdict: It’s worth getting as a new learner. Exposes you to a lot but don’t be put off by it. Before you know it, you’ll be able to recognise everything in the book.

Books I’m still not sold on yet

The Hacker Playbook 2: Practical Guide to Penetration Testing – Amazon UK
This was in many people’s recommendations for new people learning Pen Testing, however, I just found it really strange to follow as a book. There’s no quick reference possible as it has no page index as such. The images are hard to make out and I put it down several times. Probably because it’s based on American Football in it’s approach and I don’t like the sports so it took me a while to read it.

Verdict: I’d advise this be bought later. Save your money. It’s good, but for later.

Mastering Modern Web Penetration Testing – Amazon UK
I have just bought this book so it would be unfair to rubbish it or recommend it. Early thoughts are that it’s a bit expensive for the amount you get. It’s about a 3rd of the size of WAHH.

Verdict: I’d say it was ideal for new learners before reading WAHH. Only if you have money to spare.

BlackHat Python – Amazon UK
Violent Python – Amazon UK
Very specialist books (Violent Python is more useful) and I’d advise that you get a foothold into Python first before getting these books.

Verdict: Ideal for more experienced Python programmers. There’s other things to learn first.

Gray Hat Hacking 4th Edition – Amazon UK
My second ever hacking book, and what an eye opener it was. I still don’t understand half its contents. It’s very focussed on certain parts of hacking. To call it a handbook isn’t fair. It’s a big book, heavy in weight and in technical content.

Verdict: I’d steer clear of this one as a new learner. It’s reserved for many smarter than us.

Open Source Intelligence Techniques – Amazon UK
I was glued to this book for about 3 days, then the notion wore off. It’s a good book if you’re interested in OSINT as a way of finding out more info online, however, I can’t really say I’ve ever had a problem finding what I wanted without the book. I haven’t broke the back on the book yet so that shows it doesn’t feature as a desk quick reference manual.

Verdict: I wasn’t sold on it to be honest. It’s an extra if you want it.

Nmap Network Scanning – Amazon UK
Probably the book I’m most disappointed by. It’s just a load of information and no way to find what you are looking for. I want to know what the -sV switch really does. The book can’t tell me. If it does, it’s in the wrong section of the book.

Verdict: I’d avoid it. There’s a ton of resources online to teach you nmap.

Summary

InfoSec/Pen Testing books are expensive. With each of them costing around £30 each in the UK, it adds up to a lot of money you could be using on something else. Training is expensive and when you are starting out you can fall foul to buying the wrong material, hurting your wallet/purse and leaving you feeling deflated at the thought of learning from an advanced book.

I’d also be very wary of books and courses that mention the word ‘advanced’ In my experience (a year into training) there’s not much ‘advanced’ teaching in them. Gray Hat Hacker is advanced, without it mentioning it in the title.

A final note. I’ve written my opinion on these books through my own personal experience with them. I’ve had people rave about a book I’ve hated. To give you a core set to work off I’d stick to the top 5 listed here to get a feel for it. In every case, consolidate your learning by using Vulnhub vulnerable VM’s and Damn Vulnerable Web App.

I hope it helps

Thanks

Posted in Education, Penetration Testing

OSCP – My journey

oscp-certs

It will take time, effort, blood, sweat and tears, but I WILL GET THERE!

It’s with great pleasure that I can say that on the 3rd March 2017, I passed my OSCP. Nope, it still hasn’t sunk in, no matter how many times I say it.

I guess, it’s been an up and down week since passing. I haven’t really had a chance to think about it. I spent so much of my life devoted to success in the labs, sitting several exams and doing extra work on top learning about Windows and Linux Privilege Escalation that I totally forgot to live a little bit and take stock of everything around me.

Fast forward to exam attempt number 4. 

By this point I’m staring down the barrel of a 6 week wait if I fail, and no direction whatsoever and no plan for the future, because lets face it, failing 4 times in a row is not good. The only plan would be to get back to the drawing board in the labs.

Exam Day…

I wasn’t nervous. I felt calm. I hadn’t looked at any hacking for 4 days before. I played my favourite game ‘The Forest’ killed some cannibal tribes and built a massive base, so I was relaxed. On the morning of the exam I lay about the house chilling. Did my normal routine for the day. I didn’t even think about the exam. I cleared my head.

Email comes in…

Kali is fired up. Connection pack downloaded. Particulars read and off I went into the darkness for 24 hours.

I had a 10am start UK time and by 10pm that night I had 80 points. I obviously can’t talk about any aspect of the exam. I had 4 out 5 roots and used the next few hours to makes sure everything worked the way it should. 2am came and I went to bed for a sleep. I woke at 9am and tried the last box but it was pointless by that point. I was already happy with my effort.

I submitted my report before 1pm and after double checking everything I sent it off. I tell you though, that must have been the longest wait for a reply ever. Gladly it came in a couple of days later and I had passed.

Yay!

Numb

I still feel a little numb after it all. I worked my socks off for that OSCP. It’s been the best part of my life for the last 6 months at least. Anyone following my progress (it was hard to miss) cheered me on many times and it’s been great encouragement. Now I don’t really know what I’m doing.

I do have a few ideas up my sleeve, and I very rarely leave myself empty handed with tasks to do. I’m currently creating my own CTF Vuln VM, that I’ll hopefully post on Vulnhub if they let me. I was so taken by it all that I want others to take up the challenge if they are willing. You need all the help you can get.

So who is it for?

I have my own reasons for doing OSCP. Sometimes I think to myself how silly it was to jump into it so fast, spend the amount of money I did, to sell everything I had to do it, and have no plan after it. Yeah well maybe so, however, for those of you how are wondering if you should?

Why not?

If it’s fear that holds you back, just stand up, shake it off and sign up. It’ll teach you more about yourself than you’ll care to imagine. It strikes a maturity in your approach to hacking. You are taught to pay special attention to the information you find, and through sheer repetition you are taught to forge command line parameters you’ll never forget.

It’s more than just a hacking course. You meet new people all on the same journey as you. There’s a great no spoiler mentality even among friends. I’ve had people ask me if I’ve popped a box in the labs, and in the same breath say “Don’t say a word, I want to own it myself”. Not that I could tell them if I wanted to. I wouldn’t want to steal their glory.

But I can’t learn from pages of notes

Neither could I. I hate learning from books. It’s boring. One thing PWK forged into me is learning by reading. To be honest? it’s the best lesson I’ve learned from it. Now I can apply that to anything and learn.

Anyone with a drive to learn and succeed in the InfoSec space can do OSCP. Yeah, it’s a bold statement and I’ve made it before, but it’s true. I’d advise anyone to do it given the time and determination.

Ok so what’s the real deal?

I’m not going to lie to you. Yes knowing some Python helps. Knowing how to read, spot mistakes and fix C files helps, and you better be spot on with enumeration. You’ll get no points for only using linux a few times and expecting to be a 1337 hax0r. Nope, not going to happen. What I will say is that you can be limited in these fields and still get it done. It just takes longer. Would you rather learn all that stuff now then go wit PWK? or waste lab time learning stuff you could learn now?

Work hard, try your best and don’t sit at your computer saying “Shit! I’m not good enough for this, I’m out”

I don’t work in security, I never have. I passed it. Yeah it’s absolutely the hardest thing I’ve ever did in my life, but my god it was the most rewarding. Some say it’s a beginner cert or the tip of the iceberg, and that may be true, but it’s a good tip to start off with.

Special thanks

I can’t put my success down to sitting in my room all alone and pwning the world. There have been people in my life that without their encouragement I probably would have given up a long time ago.

My wife: For putting up with my moods, me being broke and just being a rock star.

Andy Gill (aka ZephrFish): For buying me more lab time when I really needed it, and just giving me the kick up the ass I needed at the right time.

Paul Ritchie (aka cornerpirate): For constantly being a source of enthusiasm and encouragement throughout.

Cheers folks 🙂


 

So I guess it’s back to the review I was meant to write.

I hope by this point you’re all raring to go sign up for PWK and get started on your epic journey. No? Well I guess it’s up to you, however, it’s starting to get very popular so if you want a job in Penetration Testing you’d probably be better getting it sooner than later 🙂

As for me? Ermm I think I’ll keep that one to myself for now if you don’t mind.

At the moment I feel like a part of a big wheel. It’s kind of hard to get off, and I don’t want to.

Don’t let fear rule your life. Do something daring like I did. I work in IT fixing servers and laptop motherboards by day and by night I felt like Batman or something like that. It’s over now and I’ve got to chase the next thing. There’s no time to sit back, you press on and keep learning as much as you can. It does get easier and you may just surprise yourself.

Take care…