Advanced Penetration Testing: Hacking the World's Most Secure Networks

This book is the real deal. I found it to be eye-opening, because, despite sounding very advanced and almost next-level, the attacks accompanied by source code show how simple and effective they are in reality. This book seemed light at first (200 pages), so I was skeptical at it's ability to really tackle advanced topics, but I will say I was very pleasantly surprised. Those two hundred pages are action packed and filled with jaw-dropping 'this is cool' moments. My only gripe with it is that it's a little formulaic, with the social engineering being shoehorned into every attack, and maybe pushing the whole APT thing too much, like when you really want something to become 'a thing'. Do we really need to socially engineer payloads using the same formula for all of the attacks? Not even one 'ha Ked the router with boring Cisco exploits' example? I guess it wouldn't make for an entertaining book.

This is the best penetration testing book that I have ever read to date. There is such a depth of understanding of penetration testing that is conveyed in this book in the way that the author is able to portray highly advanced topics in a conceptually understandable way. A novice might not be able to follow the text, as it is advanced, but for anyone looking to open their mindset up to becoming a more effective penetration tester, I HIGHLY advise this book.

This book is in a class of its own compared to other security and pentesting books. I would highly recommend to anyone interested or currently working in network security. Instead of simply explaining how to use common pentesting tools, Wil Allsopp explains how they work and how to write your own custom tools from the ground up. Even if you do not have a programming background, it is worth understanding how an attacker can infiltrate a "secure" network without being detected.

This book is largely about social engineering, not "advanced penetration testing". It's not bad, but it seems to follow a few ways to drop a binary, conceptualize a C&C infrastructure without finding security defects.

The author truly knows his art. As a penetration tester, I feel that many books just re-hash the same old material and tools. This book covers much more than just pentesting, it covers APT and gives realistic scenarios and tools that actually work. This is a book for everyone who works offensive and defensive security because it covers how real malicious actors approach companies and steal their critical data.

Bought yesterday, can't put it down -- will reread it again this week. This book is a solid gold mine on pulling our InfoSec heads out of our InfoSec tailpipes and focusing on the modes and methods our real adversaries are using. (Pro Tip: They aren't using crappy malware, so if you're InfoSec program is built on stopping malware you should be concerned.) We all hear about the social engineering component to an effective attack, but to see it so effectively used over and over again with Wil's case studies really drives home the point. If you're involved in either the management of an Information Security program, or involved in the more tactical parts of penetration testing, I'd put this on your short list of books to read this year. I hope he does a follow-up.

One of the better books on the market on real penetration testing and creating advanced persistent threats. Great coding examples/strategies and how to think outside the box when it comes to attacking systems/companies. Elite guys like Wil Allsopp create their own custom tools all the time for real penetration testing. This is what nation-state actors are doing. Highly recommended.

I purchased this to continue my training and learning. This is a great addition if you are in courses like eLearnSecurity's CPPT or CompTIA's new Pen Test+. Alot of great ideas should you encounter some of these occurrences.

Comprato sotto consiglio di un collega e devo dire che aveva ragione molto interessante, non per neofiti

Ehrlich gesagt hatte ich mir etwas mehr tiefgang erwartet. Wil Allsopp erklärt in dem Buch anhand verschiedener Attack Patterns unterschiedliche Möglichkeiten an ein gewünschtes Ziel zu kommen. Leider tut er das nur sehr salopp zwar sind Code Beispiele vorhanden und auch Theorie über AV Evasion etc. jedoch habe ich nicht das Gefühl, auch wenn das Buch sehr gut geschrieben ist, besonders viel gelernt zu haben. Ich würde es dennoch empfehlen schon alleine um seine Gedankengänge nachvollziehen zu können.

Want to read a book on security that cuts through the BS by a man who's been on the front line of pen testing his entire career? This is the book I've been waiting for. Not only are the descriptions of intrusion techniques fascinating and motivating, the accompanying anecdotes range from hilarious to terrifying. Very well written and highly recommended - this will make you a better pen tester, red teamer, blue teamer or just scare you senseless.

Es uno de los mejores libros sobre seguridad que he leído. Cada capítulo detalla un escenario de pentesting basado en un engagement real realizado por el autor, y te va guiando en la construcción de un framework para simular APTs, añadiendo mayor complejidad en cada capítulo. El libro está además escrito con un estilo muy personal, donde el sentido del humor y los amplios conocimientos del autor se van dejando entrever prácticamente en cada párrafo. Los fragmentos de código y los pantallazos ayudan a la comprensión, pero se dejan deliveradamente algunas cosas para que el lector pueda cacharrear y aprender practicando. Puedes leerte el libro en una tarde y aún así, sacar lecciones valiosas. Pero la mejor forma de consumirlo sin duda es teniendo un VMWare y un Kali delante para ir jugando con las técnicas que se van describiendo. Si solo pudiera extraer una lección de este libro, sería la siguiente: el pentesting real es 0% 0Day exploits y herramientas mágicas, y 100% usar el cerebro. La mayoría de los casos descritos en el libro comienzan con algún tipo de phishing y, en situaciones donde uno pensaría en ir corriendo a buscar algo a ExploitDB, el autor te muestra posibles atajos y trucos que muchas veces se pasan por alto debido a la complejidad de los sistemas con los que trabajamos.

Excellent