Metasploit: The Penetration Tester's Guide

I received my copy of "Metasploit: The Penetration Tester's Guide" on Friday and read it over the weekend.

"Metasploit: The Penetration Tester's Guide" teaches readers how to identify vulnerabilities in networks by using Metasploit to launch simulated attacks. The book's authors, acknowledged Metasploit gurus, begin by building a foundation for penetration testing and establishing a methodology.

From there, they explain the Framework's conventions, interfaces, and module system, and then move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, devastating wireless attacks, and targeted social-engineering attacks.

This book shows penetration testers how to:

• Find exploits in unmaintained, misconfigured, and unpatched systems
• Perform reconnaissance and find valuable information about a target
• Bypass antivirus technologies and circumvent security controls
• Integrate Nmap, NeXpose, and Nessus data with Metasploit
  
• Use the Meterpreter shell to launch attacks from inside a network
• Harness stand-alone Metasploit utilities, third-party tools, and plug-ins
• Learn how to write Meterpreter post exploitation modules and scripts.

The book covers similar topics as the online Metasploit Unleashed training website but with more technical details, more depth, and uses relevant and current examples. What I really liked about the book was the incorporation of the Metasploit tools and capabilities with a penetration testing methodology. There are many tools in existence today. You can learn how to use a tool but knowing when to use a tool, why to use a tool, and where to use a tool are extremely important when it comes to testing.

Additionally, I personally like using books as a reference because they allow me to write additional notes/references and highlight key items. I cannot do this with a website! ;-)

I give this book a 5 out of 5 star review.