CDN$ 77.60
In Stock.
Ships from and sold by Amazon.ca. Gift-wrap available.
Quantity:1
Advanced Penetration Test... has been added to your Cart
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 3 images

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide Paperback – May 16 2012

4.0 out of 5 stars 1 customer review

See all 4 formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
Paperback
"Please retry"
CDN$ 77.60
CDN$ 46.46 CDN$ 46.60

There is a newer edition of this item:


Harry Potter and the Cursed Child
click to open popover

Special Offers and Product Promotions

  • You'll save an extra 5% on Books purchased from Amazon.ca, now through July 29th. No code necessary, discount applied at checkout. Here's how (restrictions apply)

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.




Product Details

  • Paperback: 414 pages
  • Publisher: Packt Publishing (May 16 2012)
  • Language: English
  • ISBN-10: 1849517746
  • ISBN-13: 978-1849517744
  • Product Dimensions: 19 x 2.4 x 23.5 cm
  • Shipping Weight: 885 g
  • Average Customer Review: 4.0 out of 5 stars 1 customer review
  • Amazon Bestsellers Rank: #930,028 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Product Description

About the Author

Lee Allen

Lee Allen is currently the Vulnerability Management Program Lead for one of the Fortune 500. Amongst many other responsibilities, he performs security assessments and penetration testing.

Lee is very passionate and driven about the subject of penetration testing and security research. His journey into the exciting world of security began back in the 80's while visiting BBS's with his trusty Commodore 64 and a room carpeted with 5 ¼ inch floppy disks. Throughout the years, he has continued his attempts at remaining up to date with the latest and greatest in the security industry and the community. He has several industry certifications including the OSWP and has been working in the IT industry for over 15 years. His hobbies include validating and reviewing proof of concept exploit code, programming, security research, attending security conferences, discussing technology, writing, and skiing.

He lives in Ohio with wife Kellie and their 6 children Heather, Kristina, Natalie, Mason, Alyssa, and Seth.

Customer Reviews

4.0 out of 5 stars
5 star
0
4 star
1
3 star
0
2 star
0
1 star
0
See the customer review
Share your thoughts with other customers

Top Customer Reviews

Format: Paperback
I must say, I was quite pleased with this book. For one, it introduced some great new resources to add to my lab environment, and most of all, provided me with some additional tips and techniques for a thorough pentest. While not technically a beginners book, the book does go over some pretty basic (core) functions to a pentest. I would venture to say that nmap, dig, nslookup, and so forth are more in the basics area. Regardless, the book doesn't say on them too long and the content and pace is overall decent. The examples provided were clear and easily reproducible. To break it down by chapters:

As with most books, Chapter One is usually pretty boring. What you need, why you need it, and how to do basic setup and configuration. Nothing to see here.

Chapter Two goes into the information gathering phase of the pentest. The author covers tools like nslookup, dig, whois, and touches briefly on DNS bruteforcing with fierce. Following up with SHODAN, metagoofil, and some basic Google hacking.

Chapter Three goes into back to revisit material covered in Chapter One and you get into some basics like nmapping and some SNMP discovery methodologies .

Chapter Four gets into exploitation. You setup and configure a Kioptrix VM and begin your information gathering and then proceeding to exploitation. You'll find a vulnerability, search exploit DB, and finally get to building the exploit and firing it against the target. Once you get access, it's all about moving files back to your machine and performing further exploitation techniques--like moving the /etc/passwd and /etc/shadow files and cracking the hashes, as well as a brief introduction to Hydra.

Chapter Five goes into web exploitation.
Read more ›
One person found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: HASH(0xa6eb5d2c) out of 5 stars 17 reviews
23 of 23 people found the following review helpful
HASH(0xa6ecf8c4) out of 5 stars Advanced Penetration Testing for Highly Secured Environments July 5 2012
By Mat - Published on Amazon.com
Format: Kindle Edition
I must say, I was quite pleased with this book. For one, it introduced some great new resources to add to my lab environment, and most of all, provided me with some additional tips and techniques for a thorough pentest. While not technically a beginners book, the book does go over some pretty basic (core) functions to a pentest. I would venture to say that nmap, dig, nslookup, and so forth are more in the basics area. Regardless, the book doesn't say on them too long and the content and pace is overall decent. The examples provided were clear and easily reproducible. To break it down by chapters:

As with most books, Chapter One is usually pretty boring. What you need, why you need it, and how to do basic setup and configuration. Nothing to see here.

Chapter Two goes into the information gathering phase of the pentest. The author covers tools like nslookup, dig, whois, and touches briefly on DNS bruteforcing with fierce. Following up with SHODAN, metagoofil, and some basic Google hacking.

Chapter Three goes into back to revisit material covered in Chapter One and you get into some basics like nmapping and some SNMP discovery methodologies .

Chapter Four gets into exploitation. You setup and configure a Kioptrix VM and begin your information gathering and then proceeding to exploitation. You'll find a vulnerability, search exploit DB, and finally get to building the exploit and firing it against the target. Once you get access, it's all about moving files back to your machine and performing further exploitation techniques--like moving the /etc/passwd and /etc/shadow files and cracking the hashes, as well as a brief introduction to Hydra.

Chapter Five goes into web exploitation. You'll configure another Kioptrix VM along with pfSense an go into exploitation using w3af. A basic understanding of SQLi is recommended here and the author assumes you have a good foundation (this is an advanced book, after all)

Chapter 6 goes into client side exploitation, particularly fuzzing and buffer overflows. You'll create and identify applications vulnerable to buffer overflows as well as using some baked-in fuzzing tools in BT5 to assist, as well as detecting/enabling/disabling ASLR This chapter also touches on SET and FastTrack, although not in great depth.

Chapter Seven goes into post-exploitation and doesn't really contain any earth-shattering material. What it does provide is some great cheat-sheets on where to go and what to look for on the compromised system according to the OS.

Chapter Eight goes into bypassing firewalls and avoiding detection by an IDS. I was disappointed that the author didn't chose to use a open-source IDS/IPS in this chapter--there are a lot of good options out there--Snort, AlienVault, SecurityOnion, BroIDS, etc that would've been handy in the lab setup. Snort and AlienVault detected my activity in this chapter.

Chapter Nine goes into tools for reporting and analysis. The basic premise is that if your customer can't read and understand your report, you've wasted their time. Pretty charts and graphs. The boring part of the engagement.
Chapters Ten and Eleven are more in-depth about configuring your virtual lab and setting up scenarios where you attempt to attack and pass through multiple configurations of firewalls and servers.

All in all, this was a good book that had some great content. There were a few grammatical errors, but for the most part the examples provided were spot on and easily to replicate in a lab environment. Recommend for anyone looking to move into an intermediate pentesting arena.
24 of 25 people found the following review helpful
HASH(0xa6ecf918) out of 5 stars Good book but not advanced. Sept. 29 2012
By Gergely Revay - Published on Amazon.com
Format: Kindle Edition
To start off with I must say I liked it. It didn't tell me so much new, but still... let me explain.

What is it about?

It is about penetration testing as a whole. If you did something like the OSCP course then this book covers most of the course's topics. It goes through the general pentest topics i.e. enumeration, exploitation, web attacks, client-side attacks, post exploitation, bypassing firewall. However it does it a very precise and descriptive way. It is more like a huge tutorial (or guide as the title says) then a theoretical book. It describes everything what one has to do to try everything out. To be precise it describes how to build your own virtual pentest lab, with every resources linked and everything is illustrated with screenshots and terminal output snippets. I think it is really useful that if you follow the book you can try out everything in your own test environment.
Another important topic it covers is all the other tasks related to penetration testing which is usually not mentioned. Such as planning the pentest, communicating with the customer, managing your own work, managing all your data and writing the report. I like that it talks about penetration testing as a profession which has requirements and outputs and not as just fun and play.
It also introduces quite a few tools that are used during the examples, I think everybody will see something new.

Target audience

I think the people who can benefit the most, are those who decided to become penetration testers. As the book describes everything from the very beginning I assume that it targets the beginner pentesters. Still it goes into topics which could be too much for people who just wanna get an introduction. But if you are not a pentester yet but you have decided to become one then this is a very good resource to start with.

PROs

I've already mentioned the most of it but I wanna structure the information a bit.
* Penetration testing as a whole. Well described planning, reporting etc..
* Covers the most of the network pentest.
* Builds a virtual pentest lab.
* Very descriptive, well written and easy to follow.
* Full of examples that can be tried in the lab.

CONs

* Not that advanced(see later).
* Some topics are not detailed enough, for instance you won't be able to write your first buffer overflow exploit based on the book.
* The Web application exploits part is not that detailed.
* Sometimes it's more about tools then about the technique.

Last words

The only thing about this book that I cannot digest is it's title. It says 'Advance' and 'Ultimate', both are quite strong words. When I say advanced penetration testing then I mean something like what average pentesters don't know. It implies that you can still learn something new even if you are not a beginner. From this point of view I don't think it is too advanced. There are some topics which are advanced but it is definitely for beginners in the network pentest.
With the 'ultimate' I just don't know what makes a security guide ultimate.
Still it's a good book and if you feel that you are in the target audience then it is a good choice.
8 of 8 people found the following review helpful
HASH(0xa6ecfd50) out of 5 stars Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide Sept. 28 2012
By Simba - Published on Amazon.com
Format: Paperback
When I heard about Lee Allen's "Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide", I was very eager to read it. The title of the book is very captivating and invites you to want to read. The book is broken down into eleven chapters, which flow really well.

I found Chapter 1, Planning and Scoping for a Successful Penetration Test very informative, but incomplete. It was incomplete because it referenced a website "pentest-standard dot org" which is incomplete while there are better sites out there that have excellent penetration testing frameworks. An example is vulnerabilityassessment dot co dot uk.

The rest of the chapters were very general. For example, Chapter 2 and Chapter 3 have information that you would do better reading from insecure dot org. OSSTMM, and vulnerabilityassessment dot co dot uk. Chapter 5, Web Application Exploitation was really disappointing because it only highlighted how to install the tools and Mutillidae. However, the author never delved into how you would exploit web application, other than how to detect if there is a load balancer and/or WAF.

I learned something from Chapter 6. I have known about SET, but never really got around to playing around with it. This book gave a really great overview of the tool, such that I found myself interested in learning about it. Chapter 7, Post Exploitation was also a very good chapter. It highlighted tools to use to locate and gather information from exploited hosts.

Overally, I think the ebook is great for those who are starting out. It provides a step by step process of how to setup the labs and what tools to use. However, for those who have been doing pen testing for a while, this book is lacking in terms of being an "Ultimate Guide". I think this was a great start by the author and this ebook can be improved by expanding some chapters, such as Web Application Exploitation.
3 of 3 people found the following review helpful
HASH(0xa6ed512c) out of 5 stars "Fast Track" for beginners Oct. 1 2012
By Yuval Sinay - Published on Amazon.com
Format: Paperback
The book "Advanced Penetration Testing for Highly-Secured Environments - The Ultimate Security Guide" is the fifth book that I read on Penetration Testing.
Although my prepared book series is "Hacking Exposed" series (Current edition: Hacking Exposed version: 7: Network Security Secrets & Solutions, Seventh Edition) - I would like to recommended this book for beginner IT staff that like to obtain a "Fast Track" for the Penetration Testing world.
One on the main reason for this recommendation is the good "How To" guides, that allow a quick lab setup & a quick learning of Penetration Testing basics.
However, I found the following limitation that each reader should be aware to it: First, the book is base mainly the Back Track (5 R1) toolkit. Second, the book doesn't go deeper on "Windows" Penetration Testing, so the main focus in the NIX world. Third, the book doesn't go deeper cover "Smart Phones" Penetration Testing.
So my conclusion is simple: if you are in the first steps to the Penetration Testing world, the book can be a good start point. Otherwise, consider the other alternatives in the market.
2 of 2 people found the following review helpful
HASH(0xa6ed5210) out of 5 stars The most comprehensive Pentesting How-To Book that I have seen! Sept. 24 2012
By D. Dieterle - Published on Amazon.com
Format: Paperback
You may have layers of security, popularly known as "Defense in Depth", but are your security features setup properly? Are their configuration errors that a vulnerability scan will not find? What information is being broadcast by your computers, company, or employees, that don't show up in a software scan?

Many companies think that if they just run a vulnerability scan and it passes that they are good, but is this an accurate test of your network security? Even if you have a secured environment how could you test this using the actual techniques that a hacker would use to see if your security is up to the challenge?

Enter "Advanced Penetration Testing for Highly Secured Environments: The Ultimate Security Guide" the latest book by Lee Allen and Packt Publishing.

From preparing the scope of a pentest, to learning the tools of pentesting, to installing and running a full mock pentest in a virtual lab, this book truly is the ultimate security guide!

Here is a quick overview of the main topics:

Reconnaissance - Learn about DNS data siphoning techniques, Shodan, and the Google Hacking Data Base. The chapter also covers numerous tools that can help with recovering network, computer, and user information. And sometimes even user documents.

The Enumeration section includes a very good tutorial on Nmap scanning including using decoys and zombie hosts in your scans, and a look at gathering pertinent information from SNMP.

Exploitation covers installing Kioptrics (a purposefully vulnerable Linux install) and running attacks against it from the Backtrack system. In this chapter the user learns how to retrieve service information from the target system. Then searching the Exploit-DB database (online and in Backtrack) to find exploits against it, and once an exploit is found, compiling and using it in Backtrack. This chapter then covers transferring data to and from the system and cracking passwords, and finally exploiting the machine with the Metasploit Framework.

Web App Exploitation covers creating a virtual lab by installing Kioptrics level 3, pfSense (firewall), HAProxy (load Balancer) and Irongeek's Mutillidae (contains the OWASP top 10). The author covers detecting Load Balancers and WAP firewall and scanning with the Web Application Attack and Audit Framework (w3af). You also learn how to use WebScarab to record and analyze your pentest and are introduced to Mantra, the pentester's Plug-In toolkit.

Client side attacks are covered including Buffer Overflows, fuzzing, using David Kennedy's (ReL1K) Fast Track and the Social Engineering Toolkit.

The Post Exploitation chapter explains data and service enumeration on the target system. This includes which files to try to recover, which logs to analyze, what processes and networking details to view on both Linux and Windows systems. And finally using the exploited machine to scan or gain access to other hosts via pivoting.

The book also covers bypassing firewalls, avoiding detection, data collection tools and reporting.

Okay, after you have learned all of this excellent information, what are you going to do with it? Why not put it to the test with the last two chapters where you build a full testing lab and then run through a mock penetration test using the lab and all the skills that you have learned from the book.

This book is packed full of excellent training and tutorials. The author masterfully walks you through each section with step by step instructions, including screenshots. It is easy to read and follow, for novice and expert alike. If you are new to pentesting or want to learn more about it, then this is the book for you.

I highly recommend this book.

Daniel W. Dieterle
Cyberarms.wordpress.com


Feedback