undrgrnd Cliquez ici ValentinB nav-sa-clothing-shoes nav-sa-clothing-shoes Cloud Drive Photos cliquez_ici nav_HPTV Cliquez ici Acheter Fire Acheter Kindle Paperwhite cliquez_ici Jeux Vidéo Montres soldes Bijoux Soldes

Envoyer sur votre Kindle ou un autre appareil


Essai gratuit

Découvrez gratuitement un extrait de ce titre

Envoyer sur votre Kindle ou un autre appareil

Désolé, cet article n'est pas disponible en
Image non disponible pour la
couleur :
Image non disponible

Penetration Testing: A Hands-On Introduction to Hacking [Format Kindle]

Georgia Weidman

Prix conseillé : EUR 33,76 De quoi s'agit-il ?
Prix livre imprimé : EUR 47,02
Prix Kindle : EUR 19,99 TTC & envoi gratuit via réseau sans fil par Amazon Whispernet
Économisez : EUR 27,03 (57%)

App de lecture Kindle gratuite Tout le monde peut lire les livres Kindle, même sans un appareil Kindle, grâce à l'appli Kindle GRATUITE pour les smartphones, les tablettes et les ordinateurs.

Pour obtenir l'appli gratuite, saisissez votre adresse e-mail ou numéro de téléphone mobile.


Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 19,99  
Relié --  
Broché EUR 48,26  
-40%, -50%, -60%, -70%... Découvrez les Soldes Amazon jusqu'au 16 février 2016 inclus. Profitez-en !

Les clients ayant acheté cet article ont également acheté

Cette fonction d'achat continuera à charger les articles. Pour naviguer hors de ce carrousel, veuillez utiliser votre touche de raccourci d'en-tête pour naviguer vers l'en-tête précédente ou suivante.

Descriptions du produit

Présentation de l'éditeur

Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses.

In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine-based lab that includes Kali Linux and vulnerable operating systems, you'll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you'll experience the key stages of an actual assessment - including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more.

Learn how to:

  • Crack passwords and wireless network keys with brute-forcing and wordlists
  • Test web applications for vulnerabilities
  • Use the Metasploit Framework to launch exploits and write your own Metasploit modules
  • Automate social-engineering attacks
  • Bypass antivirus software
  • Turn access to one machine into total control of the enterprise in the post exploitation phase

You'll even explore writing your own exploits. Then it's on to mobile hacking - Weidman's particular area of research - with her tool, the Smartphone Pentest Framework.

With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.

Détails sur le produit

  • Format : Format Kindle
  • Taille du fichier : 15558 KB
  • Nombre de pages de l'édition imprimée : 528 pages
  • Utilisation simultanée de l'appareil : Illimité
  • Editeur : No Starch Press; Édition : 1 (29 mai 2014)
  • Vendu par : Amazon Media EU S.à r.l.
  • Langue : Anglais
  • ASIN: B00KME7GN8
  • Synthèse vocale : Activée
  • X-Ray :
  • Word Wise: Non activé
  • Composition améliorée: Non activé
  • Classement des meilleures ventes d'Amazon: n°137.394 dans la Boutique Kindle (Voir le Top 100 dans la Boutique Kindle)

En savoir plus sur l'auteur

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Quels sont les autres articles que les clients achètent après avoir regardé cet article?

Commentaires en ligne

Il n'y a pas encore de commentaires clients sur Amazon.fr
5 étoiles
4 étoiles
3 étoiles
2 étoiles
1 étoiles
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 4.4 étoiles sur 5  51 commentaires
17 internautes sur 18 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Great for Beginners 26 juillet 2014
Par Perry Norton - Publié sur Amazon.com
Format:Broché|Achat vérifié
I have tried hacking before, years ago with no success. There are a lot more tools now (I've learned) and I'm sure there is a lot more info online but finding the right info and things that actually work can be a daunting task in itself. You can find the info you need online for anything these days if you want to work that hard. I don't. I especially like all the screen shots. I hate it when the instructions take you through multiple steps and then show you a screenshot. When mine doesn't look like theirs, I have no clue where I went wrong. Thanks to all those screenshots, that doesn't happen with this book. Big plus!

I saw this book and thought it would make an interesting summer project. And it has been! Setting up the lab was challenging but the instructions were great. Be prepared for a lot of "I did it!" rushes as you work through this book. I especially enjoyed the Exploit Development chapters. I can't compare it to other books on the subject but you won't be disappointed with this one. It is truly a great book for beginners on the subject. It does not make you an expert but I feel I know enough to be of use on a team of pentesters.
18 internautes sur 21 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 An excellent resource for people looking for an introduction to penetration testing 21 juillet 2014
Par Martin Bos - Publié sur Amazon.com
Format:Format Kindle|Achat vérifié
Penetration testing and hacking is a sexy subject. With all of the big public breaches every year, security has come to the forefront of many peoples minds and the demand for young skilled hackers is greater than ever. The problem is that many of these would be hackers have no idea where to begin. They don't have money for higher education of fancy certifications, so where do we as a security community tell them to begin. I always point people at books. They are generally inexpensive and easy to get. I have been doing penetration testing for a number of years professionally so I am familiar with all of the topics in this book already, however, I am constantly reading material like this so that I can find the best resources to point out to new hackers.

I found this book to be well laid out with lots of explanations and an easy to follow methodology. I believe some of the people who have previously reviewed the book forgot what it is like to start with zero knowledge. I know when I was starting in hacking, I was thankful for as many screenshots as possible so I knew I was entering the correct commands. I especially like the way the book follows the Penetration Testing Execution Standard (PTES).

If you are new to hacking or penetration testing, this is the perfect resource to get you started and help you determine if this is the correct career path for you!
7 internautes sur 8 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Great book for an introduction to penetration testing - highly recommend 23 octobre 2014
Par Dave Kennedy (ReL1K) - Publié sur Amazon.com
I've finally had the chance to sit down and read through Georgi'a book Penetration Testing - A Hands on introduction to Hacking. First, I sat down without any expectations and really tried to take an unbiased look at the content and how it was communicated. First I want to state that working with NoStarch press is an amazing experience because they thoroughly critique the book and make it better. First, I think Georgia is an extremely talented individual and an up and comer in the security industry. The book reflects that. Technically, its a great resource for new comers wanted to learn about a vast array of topics inside the INFOSEC / penetration testing field. I think what this book does is give you a broad understanding of a number of different specializations in the field to give you an understanding and from there - continue with learning and expanding knowledge. I truly wish there was a book out here like Georgia's when I started because it would have given me a better foundation for growing.

I definitely recommend this book to folks that are interested in getting into penetration testing, or those that are already established. It's always great to see other techniques or ways people think about pentesting because it is a problem we all tackle differently both from a methodical perspective but also from a mindset. Nice work on the book - really enjoyed it as a read.
3 internautes sur 4 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 the author guides us through the process of vulnerability analysis for the propose of obtain better target success and traffic c 20 mai 2015
Par Kellep Charles - Publié sur Amazon.com

A Book Review of “Penetration Testing: A Hands-On Introduction to Hacking”

In June of 2014 No Starch Press published “Penetration Testing: A Hands-On Introduction to Hacking” by security trainer and researcher Georgia Weidman (@georgiaweidman). Although the book has been categorized as an introductory guide to penetration testing, the information should also benefit more seasoned individuals as well. Wikipedia defines penetration testing as “an attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data.”

The book provides a blue print that can be used by information security practitioners who are tasked in ensuring an organization’s security posture as well as checking to confirm if employees are abiding to the security policies that are in place. Moreover, as an educator, I quickly realized the practical usefulness of “Penetration Testing: A Hands-On Introduction to Hacking” would serve in a classroom and lab environment.

The table of contents represents an orderly and organized method to learning the material in the book. The book begins with an introduction, a very informative section titled “Penetration Testing Primer” that laid out the purpose of the book and builds to more advance concepts and practices in later chapters. The body of the book consists of five parts, twenty well-written chapters as well as a resource and index section. Each chapter in the book ends with a chapter summary recapping the main topics.

Part I titled “The Basics” consist of four chapters that provided outstanding information that would be advantageous in later chapters as well as in the readers’ personal computing activity. The chapters consist of “Setting Up Your Virtual Lab” (Chapter 1), “Using Kali Linux” (Chapter 2), “Programming” (Chapter 3) and “Using the Metasploit Framework” (Chapter 4). The author provided a meticulous step-by-step process, which aided in the successful implementation of the reader’s pen-testing environment, the installation/explanation of the Kali tool, networking and additional testing tools. The author also provided instructions about various computer programming/scripting languages that penetration testers can use to enhance when conducting testing on information resources. Lastly, Metasploit is examined for its use in exploitation and risk factors capability.

In part II titled “Assessments” it consisted of three chapters that provided detectable and undetected techniques to collect information about an organization or computer. The chapters are as follows “Information Gathering (Chapter 5), Finding Vulnerabilities (Chapter 6) and Capturing Traffic (Chapter 7). In chapter 5, “Information gathering”, the author stressed that before starting an active penetration test, the tester must collect as much information as possible. This can be accomplished through the use of “Open Source Intelligence Gathering” tools such as “Net craft” and “Whois Lookups” to name a few. While in chapter 7, “Finding Vulnerabilities” and chapter 8, “Capturing Traffic”, the author guides us through the process of vulnerability analysis for the propose of obtain better target success and traffic capturing to collect and manipulate packets to gain information from other computer systems.

Part III titled “Attacks” consisted of eight of the following chapters “Exploitation” (Chapter 8),
“Password Attacks” (Chapter 9), “Client-Side Exploitation” (Chapter 10), “Social Engineering”
(Chapter 11), “Bypassing Antivirus Applications” (Chapter 12), “Post Exploitation” (Chapter 13), “Web Application Testing” (Chapter 14) and “Wireless Attacks” (Chapter 15) provided scores of exciting information about attacking a target. In this section the author builds from the preparatory work of the assessment (Part II) section of the book to conduct precision attacks. Many concepts are discussed such as default password attacks, exploiting open NFS share, browser, and PDF and Java exploitation. I found the use of the social-engineering toolkit (SET) in “Social Engineering (Chapter 11) to be one of my favorite parts of the book. In this chapter, the authors used SET to conduct spear phishing, web-based and email attacks on a target. This is an excellent way a security practitioner can test to determine if employees are adhering to the organization’s security policies. Post exploitation and wireless attacks were also well covered.

In part IV titled “Exploit Development” the author took a turn from using ready available tools such as Metasploit to attack a target, to using writing our own exploit code. I found this section to be a bit of a challenge, but if you stick with it and do additional research, it will become clearer as time and repeated learning occurs.

As for the last component of the book part V “Mobile Hacking” consist of using the Smartphone Pentest Framework (Chapter 20). This section explains and allows the reader to understand the issues organizations face when employees bring their own device and connects to the network. The chapter discusses the mobile attack vectors that exist such as text messaging, near field communications and QR codes. The introduction and installation process of the Smartphone Pentest Framework is provided. The author provides detail steps on testing and attacking mobile devices and apps. If is obvious, this is one of the author’s strong technical areas.

The appendix and index also provided some additional information the reader should be able to build on and obtain extra reading information to assist in understanding the background thoughts in the book.

The author’s approach of the book was comprehensive for both the beginner and seasoned security individual. The information would serve valuable in the educational environment as well as in the professional training environment. I found the book to be well written and to follow a logical pattern in its concepts.

This book is a contribution to the information security community and will likely aid in producing knowledgeable information security practitioners in the future. I personally enjoyed topics in the assessment portion of the book as well as the use of the Social-Engineering Tool-kit. I do recommend that if you are interested in penetration testing, would like to know more about topic or curious, this book would be a great source.
39 internautes sur 57 ont trouvé ce commentaire utile 
1.0 étoiles sur 5 A failed attempt 26 août 2014
Par antisnatchor - Publié sur Amazon.com
I've been asked to review this book by NoStarchPress (thanks!).

It was an ambitious goal to write such book, and I can imagine it's not an easy challenge given the fact that most of us (already in the pentesting business) had very different backgrounds and used different learning approaches. However I have to say I didn't particularly like the book structure nor the amount of information that just barely scratched the surface of too many completely different topics.

The only interesting chapters for someone starting into this field are those from Part IV (exploit development).

Most of other chapters contain either very outdated material (for instance teaching to a newbie how to do client-side exploitation with a 6 years old PDF exploit on Windows XP is not cool) or too much content about very basic things such as installing a bunch of virtual machines or open source tools. If someone wants to become a penetration tester, I guess he should already know pretty well Linux (*BSD/Win/etc..) and virtualization solutions, or anyhow he can find information online about it without the need to buy a book.

Another thing I didn't like is mentioning VirusTotal. Everyone knows that this service share malware analysis data with AV companies, so what's the point of creating your own dropper for LEGAL penetration testing purposes, make it AV undetectable, then submit it to VirusTotal? You wouldn't except that to work in your next pentesting engagement.

Other sections like Web Application Testing contain too little content. For example XSS is quickly explained saying you can trigger an alert(1) as a PoC. Then BeEF is mentioned, but instead of showing some interesting and advanced usage of this attacking framework, the author shows again how to trigger alert(1). What a newbie is supposed to understand?

The book really lacks interesting references to research papers, articles, books and other material that someone reading such a book will need to increase his skill level.

Last thing. Something I think is really missing from this book is a proper intro to some basic coding skills in a language of choice (Ruby or Python or Perl). From the start to page 75 it's all about setting your virtual machines, using Kali linux and so on, while there are only 11 pages (11!) out of 470 about coding. I think coding is very important, every pentester should know how to properly code, and newbies entering the pentesting business should be trained in such way, not teaching them how to merely use tools but instead how to have that lateral thinking needed to find bugs imho.
Ces commentaires ont-ils été utiles ?   Dites-le-nous

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Première publication:
Aller s'identifier

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon

Rechercher des articles similaires par rubrique