One thing I have to say about it is that if you want to learn how to do a solid penetration test using a tool in every pen tester's toolbox then this has to be in you library. It not only shows you how to test the security of your network using Metasploit.
You learn how to integrate other programs such as nmap, nessus, and nexpose. It also teaches how exploits work and how to craft cleaver exploits that avoid detection. All of this is done with the goal of teaching best practices within pen testing and testing systems. The final step it goes over is cleaning up after the testing.
Another benefit of the book is that it tells you how to configure your lab environment to test some of the techniques and tools to attack both a Windows virtual machine and a Linux virtual machine, and walks you through the steps of doing a pen test in a safe and legal manner. It puts together the steps that you learned throughout the book into a consistent and concise chapter. The pen test is a small one, but with the skills and vm's that they give you it is a good starting point.
Overall I give this book a 4 out of 5 stars only because I wish it would have been a bigger book. :) I hope they will continue to update the book or expand as the Metasploit Project continues to grow and techniques become more standardized though the Penetration Execution Standards become more firm.
No comments:
Post a Comment