Metasploit The Penetration Tester's Guide

When I ordered Metasploit: The Penetration Tester's Guide I thought that the book is the only printed reference of the Metasploit Unleashed online training and was planning to keep it for the reference only. When I finally received the book and began reading, I understood that the book is not only the reference material, it actually contains the core components of the penetration testing framework. Also, I noticed that the authors of the Metasploit Penetration Tester's Guide describe the art of the penetration testing using simple words and uncover sophisticated exploitation techniques throughout the book.

The first chapter describes the building blocks of the Penetration Testing Execution Standard. Pre-engagement interactions, intelligence gathering vulnerability analysis and exploitation are just some terms that fully covered by the authors and introduce the reader to the penetration testing.

The second chapter introduces the reader to the various tools within the Metasploit Framework that can be used to conduct a penetration testing. The third chapter shows the ways how the Metasploit can be used to conduct an intelligence gathering phase of a penetration test. The fourth chapter takes the reader through identifying vulnerabilities and using vulnerability scanning technologies.

The fifth chapter uncovers the Metasploit target exploitation techniques that can be used to successfully check a discovered vulnerability. The sixth chapter walks the security enthusiasts through the Meterpreter commands and explains how to run them without mistakes.

The seventh chapter focuses on the main principles of the antivirus evasion techniques that can be very interesting to the people who rely on the host based protection. The eight chapter describes how to exploit an operating system using client-side attacks. The chapter explains in details the mechanism of the Internet Explorer Aurora exploit along with the file format exploits.

The ninth chapter introduces the reader to the anatomy of the auxiliary modules inside of the Metasploit framework. The tenth chapter probably will be interesting to the penetration testers who specialize on social-engineering and practice different web penetration techniques such as java applets, client-side web exploits, user name and password harvesting, tabnabbing, web jacking etc. I have a deep feeling that Dave Kennedy was the main contributor to the paragraph ten which is fully dedicated to the Social Engineer toolkit.

Paragraph eleven goes through the Fast-Track exploitation framework and explains how to compromise a SQL server using different techniques. Also, the paragraph uncovers the way to exploit multiple clients using Fast-Track. Paragraph twelve walks the reader through the client exploitation using the Karmetasploit. The paragraph thirteen and fourteen explain how to build a module and create an exploit inside of the Metasploit exploitation framework.

In paragraph fifteen the readers will learn how to port different exploits to Metasploit Framework. The sixteenth paragraph fully uncovers Meterpreter scripting. It teaches readers how the Meterpreter scripts work and how to manipulate API and receive needed output. The seventeenth paragraph put all the pieces of the penetration testing puzzle together and delivers simulated penetration test using the time proven technique and obviously Metasploit Penetration Testing framework.

In conclusion, I just would like to say that every Information Security Professional has to read Metasploit: The penetration Tester's Guide book. The book helps to become familiar with the latest computer systems exploitation techniques, aids to recognize attempts to penetrate a security perimeter and explains how to merge together Metasploit Penetration Testing framework tools with the Penetration Testing Execution Standard to conduct a successful security assessment.


Get this book from Amazon.com