The Cybersecurity Canon: Metasploit: The Penetration Tester’s Guide - Palo Alto Networks

___ Blog Palo Alto Networks Cybersecurity The Cybersecurity Canon: ... The Cybersecurity Canon: Metasploit: The Penetration Tester’s Guide Link copied By Brian Kelly Dec 01, 2015 4 minutes Cybersecurity Cybersecurity Canon cybersecurity canon Metasploit Metasploit: The Penetration Tester’s Guide penetration testing We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.  The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so! Book Review by Canon Committee Member, Brian Kelly: Metasploit: The Penetration Tester’s Guide (2011) by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni Executive Summary Learning to think like a criminal, or in this case a cybercriminal, is a requirement for all penetration testers. Fundamentally, penetration testing is about probing an organization’s systems for weakness. While the goal of Metasploit: The Penetration Tester’s Guide is to provide a useful tutorial for beginners, it also serves as a reference for practitioners. The authors write in the Preface that, “This book is designed to teach you the ins and outs of Metasploit and how to use the Framework to its fullest.” While the book is focused on using the Metasploit Framework, it begins by building a foundation for penetration testing and establishing a fundamental methodology. Using the Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. While Metasploit has been used by security professionals for several years now, the tool can be hard to grasp for first-time users. This book fills the gap by teaching readers how to harness the Framework and interact with the active community of Metasploit contributors. While the Metasploit Framework is frequently updated with new features and exploits, the long-term value of this book is its emphasis on Metasploit fundamentals, which, when understood and practiced, allow the user to be comfortable with both the frequent updates of the tool and also the changing penetration testing landscape. Review Metasploit: The Penetration Tester’s Guide is laid out in two sections, Chapters 1 to 5 introduce the basics of penetration testing and the Metasploit framework with the remaining 11 chapters outlining specific areas of the framework, building on the fundamental concepts introduced in the first section. The bulk of the book takes the penetration tester through using the framework with examples of both use cases and the syntax required. The examples begin with the very basics techniques of the craft and move through carrying out exploits and gaining value from the post-exploitation capabilities of Meterpreter. The authors give a short overview of each topic before jumping right into the hands on – showing readers the commands to use and then dissecting the output – explaining step by step what is happening and what was accomplished. The book allows readers to move quickly from the basics of penetration testing through using the platform to perform the different phases of intelligence gathering and exploitation. The exploitation sections cover a wide range of techniques, including attacking MS SQL, dumping password hashes, pass the hash and token impersonation, killing antivirus, and gathering intelligence from the system to pivot deeper into the target network. Conclusion Metasploit: The Penetration Tester’s Guide is written in a hands-on, tutorial-like style that is great for beginners, as well as folks who prefer to learn by doing. This is an excellent book for anyone interested in a hands-on learning approach to cybersecurity and the fundamentals of penetration testing. It is also a great reference book for the seasoned Metasploit user and those new to Metasploit who want a step-by-step instruction manual. The craft of penetration testing is covered deeply and broadly. However, the book’s greatest source of value is how the concepts being applied are explained and demonstrated with well-annotated examples. The authors’ experiences in formal instruction and practice are evident. This book achieves a good balance between concept and practicality. The goal of the Cybersecurity Canon is to identify a list of must-read books for all cybersecurity practitioners -- be they from industry, government or academia -- where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete. Finally, the books must provide timeless technical know-how. Metasploit: The Penetration Tester’s Guide achieves these goals, and I believe it is worthy of inclusion in the Cybersecurity Canon candidate list. It is a valuable resource for all cybersecurity professionals’ libraries, whether they be novices or experienced practitioners. Related Blogs Cybersecurity, Cybersecurity Canon, Points of View Cybersecurity Canon Candidate Book Review: “Abundance: The Future Is Better Than You Think Cybersecurity, Cybersecurity Canon, Points of View The Cybersecurity Canon - American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road Cybersecurity, Cybersecurity Canon We’re Down to the Last Two Contestants In the 2018 Cybersecurity Canon People’s Choice Awards! Cybersecurity, Cybersecurity Canon 2018 Cybersecurity Canon People’s Choice Awards: The Final Four Cybersecurity, Cybersecurity Canon 2018 Cybersecurity Canon People’s Choice Awards: Vote Now for Round 3 Cybersecurity, Cybersecurity Canon 2018 Cybersecurity Canon People’s Choice Awards – Round 2: Did Your Favorites Make the Cut? Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. Sign up Please enter a valid email. By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Products and Services AI-Powered Network Security Platform Secure AI by Design Prisma AIRS AI Access Security Cloud Delivered Security Services Advanced Threat Prevention Advanced URL Filtering Advanced WildFire Advanced DNS Security Enterprise Data Loss Prevention Enterprise IoT Security Medical IoT Security Industrial OT Security SaaS Security Next-Generation Firewalls Hardware Firewalls Software Firewalls Strata Cloud Manager SD-WAN for NGFW PAN-OS Panorama Secure Access Service Edge Prisma SASE Application Acceleration Autonomous Digital Experience Management Enterprise DLP Prisma Access Prisma Browser Prisma SD-WAN Remote Browser Isolation SaaS Security AI-Driven Security Operations Platform Cloud Security Cortex Cloud Application Security Cloud Posture Security Cloud Runtime Security Prisma Cloud AI-Driven SOC Cortex XSIAM Cortex XDR Cortex XSOAR Cortex Xpanse Unit 42 Managed Detection & Response Managed XSIAM Threat Intel and Incident Response Services Proactive Assessments Incident Response Transform Your Security Strategy Discover Threat Intelligence Company About Us Careers Contact Us Corporate Responsibility Customers Investor Relations Location Newsroom Popular Links Blog Communities Content Library Cyberpedia Event Center Manage Email Preferences Products A-Z Product Certifications Report a Vulnerability Sitemap Tech Docs Unit 42 Do Not Sell or Share My Personal Information This site uses cookies essential to its operation, for analytics, and for personalized content and ads. By continuing to browse this site, you acknowledge the use of cookies. Manage My Cookie Settings Your Opt Out Preference Signal is Honored Privacy Preference Center When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information on cookie consent Allow All Manage Your Consent Preferences Strictly Necessary Cookies Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.    You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Performance Cookies Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.    All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. Functional Cookies Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages.    If you do not allow these cookies then some or all of these services may not function properly. Targeting Cookies Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.    They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Cookie List Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Reject All Confirm My Choices