{"product":{"product_id":"1593275641","title":"Penetration Testing: A Hands-On Introduction to Hacking","price":"25.99","image_url":"https://m.media-amazon.com/images/I/51zQBqAk83L._SL500_.jpg","url":"https://www.amazon.com/dp/1593275641"},"comments":[{"body":"For books, this one is older, super basic and you can get the tools required if you email the author:\r\n\r\nhttps://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641\r\n\r\nBut if you don't understand how the internet works on a fundamental level....not sure if pen testing should be where you start.","subreddit_name":"Pentesting","author":"Khrimz000"},{"body":"He may enjoy; Pentration Testing: A hands-on Introduction to hacking by Georgia Weidman\r\n https://www.amazon.com/dp/1593275641/ref=cm_sw_r_cp_apa_i_A-bsFbRMD6DN4\r\n\r\nIt focuses on Pentration Testing, the act of testing how secure a system is from unauthorized access. If he's interested in making a new firewall, he has to test it right?","subreddit_name":"AskNetsec","author":"kadragoon"},{"body":"I want to at least tackle a workbook on the Linux command line, review networking protocols and such, and work through [Georgia Weidman's *Penetration Testing: A Hands-On Introduction to Hacking*](https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641), otherwise I fear I'd be throwing money down the drain with lab access.\r\n\r\nAre there prerequisite certifications and/or pre-OSCP hands-on training materials that this sub recommends for noobs like me? :-)","subreddit_name":"oscp","author":"[deleted]"},{"body":"I graduated from NTU EEE recently and have only decided to embark on the cybersecurity path after my internship which involves learning about penetration testing for an MNC. My supervisor was kind enough to actually give me some insights and let me set up my own virtual machines to learn the basics of cybersecurity and from there, I decided to take some certs (CCNA R\u0026amp;S, Security+ etc.) to get a better chance of going into this field in the future. \r\n\r\nI would suggest that you pick up a [book](https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641) to understand how it works and try your hand on some experiments using virtual machines. TBH you only need a strong interest rather than technical skills to go into this field for an entry position so make sure that you are really interested in this path. If you have any queries hit me up.","subreddit_name":"singapore","author":"manaXmizery"},{"body":"OP,  get this book.  It’s a great starting point. Hands on approach to setting up a home lab and using common pen test tools.  \r\n Penetration Testing: A Hands-On Introduction to Hacking https://www.amazon.com/dp/1593275641/ref=cm_sw_r_cp_api_i_3MvcBbZFM0P1R","subreddit_name":"Pentesting","author":"FuzzyPickles02"},{"body":"\u0026gt; Gloria book\r\n\r\nDo you mean [Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman](https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641/ref=sr_1_fkmr0_2?ie=UTF8\u0026amp;qid=1523194816\u0026amp;sr=8-2-fkmr0\u0026amp;keywords=Pentest+handbook)","subreddit_name":"CompTIA","author":"reubadoob"},{"body":"Penetration Testing: A Hands-On Introduction to Hacking https://www.amazon.com/dp/1593275641/ref=cm_sw_r_cp_apa_h4oYAbTMDV0T3\r\n\r\nI personally think it doesn't go into enough detail, which I suppose is to be expected for an introductory book that covers an absolutely massive subject. It doesn't help that there's not much info out there so I'm kinda flying blind.\r\n\r\nI have a Safari Books subscription through my job so I'm trying to supplement it with CEH resources I find. ","subreddit_name":"CompTIA","author":"token_negro"},{"body":"Don't know your background. I've been doing networking and security auditing/policy type stuff for a few years, so I think I have a solid understanding of the basics. I just started Georgia Weidman's  [book](https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641) and it seems pretty easy to follow so far. The problem is... there's just so much; it's never ending haha. Nerd out on YouTube, etc, and see what interests you. Then in the process you'll probably stumble upon other stuff you need/want to learn. \r\n\r\nMy best advice as somebody who's also just starting... just start, my friend! You got this","subreddit_name":"blackhat","author":"EgoIsTheEnemy"},{"body":"The basics. Id go to my local bookstore and get a good book, like the Georgia Weidman [book](http://www.amazon.com/Penetration-Testing-Hands-On-Introduction-Hacking/dp/1593275641)\r\n\r\nA person new to netsec should not be doing pentesting, just my .02.","subreddit_name":"AskNetsec","author":"BlastedInTheFace"},{"body":"As a pentester you would typically need to follow a methodology of some sort. Here is a well known one http://www.pentest-standard.org/index.php/Main_Page\r\n\r\nTypically you would first enumerate all open tcp/udp ports using a port scanner such as nmap. Then you would analyze ports one by one to see if they contain any vulnerabilities. If it’s a service running an outdated version of a particular software you would look up exploit-db and see if there is a corresponding exploit. Then tweak it to give you reverse shell to your IP address in metasploit or netcat. If it’s a web service you would use web methodology such as the one from here https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/ to look for web vulnerabilities in the web application and attempt to gain a shell that way. After you get a shell you might be highest privileged user or you might need to escalate your privileges. If you are regular user you look for ways to escalate your privileges depending on operating system you are logged in to. Get hackthebox vip account because this will give you access to retired vms and especially windows.\r\n\r\nThe OSCP certification is pretty much is doing combination of the steps described above on multiple machines. There is a book which goes over this methodology as well https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641\r\n\r\nHere is a great resource that many people use as a resource to study for OSCP as well https://xapax.gitbooks.io/security/content/\r\nAnd if you search for oscp survival guide you can get additional resource to reference. Also rtfm is a good reference book as well.\r\n\r\nEdit: here’s a good guide on using methodology with template you can import https://411hall.github.io/OSCP-Preparation/","subreddit_name":"AskNetsec","author":"spidermesh"},{"body":"1. Code Academy has some free resources for getting started: https://www.codecademy.com/learn/learn-the-command-line Overthewire is also usually recommended. Also, just start using Linux and google solutions as things come up that you don't know how to do. Regarding pentesting methods - There's a lot of resources out there, check the sidebar, but this book lays out the standard methods used: https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641 (you can probably find it cheaper with a no starch press discount code)\r\n2. WSL and python (or just python, but might as well get used to linux at the same time). Also, bash and powershell scripting.\r\n3. Yes, the book above isn't free, so like I said, sidebar and such. Ask for it for your birthday, do odd jobs, etc. You don't have to make things expensive, but you're eventually going to have to spend a little bit here and there.\r\n4. Anything. Kali is kind of the standard, which is basically Ubuntu Gnome (actually Debian based) with all the tools installed. Windows is good for some tools though, and just to learn the environment since Windows environments are typically the target.\r\n\r\nAlso, second what /u/BigDaddyXXL said.","subreddit_name":"HowToHack","author":"BeanBagKing"},{"body":"Penetration testing sounds like something he would like. In order to be good at it you have to fundamentally understand how machines work, this includes boring things like understanding command line programs and reading tons of man pages. \r\n\r\nGeorgia Wiedman has a book thats considered one of the essentials for pen testing \r\nhttps://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641\r\nThat book is a little dated, but learning how to exploit old stuff and how to use the tools and start on exploit dev is great. \r\n\r\nhttps://www.hackthebox.eu/ has a ton of great challenge boxes that will allow you to hack in real time and you can even join teams to learn more\r\n\r\nHack This Site - Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.\r\nHack This! - Want to learn about hacking and network security? Discover how hacks, dumps and defacements are performed and secure your website against hackers with HackThis!!\r\n\r\nFinally there are some good infosec podcasts such as https://www.twitch.tv/hackerrehab and https://darknetdiaries.com/ the first which is open line and able to have live questions asked in twitch chat or via call in and the second which dissects real life hacks.\r\n\r\nCollege is kind of a sham in this field a lot of the time, focusing on certifications is big for most companies, however, by the time he is in in college some of the degree programs may be better.","subreddit_name":"hacking","author":"UpgradeSolution"},{"body":"Georgia's book is great.\r\n\r\nhttps://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641","subreddit_name":"cybersecurity","author":"strandjs"},{"body":"When it comes to learning new things I think you have to decide for yourself what and where the worth is. Monetarily speaking I don't necessarily think you would benefit from OSCP unless maybe you tried to do cloud security. Knowledge wise I would say that you might not even learn anything directly helpful to your current job. However that being said, I think you would learn an immense amount from even attempting OSCP. The time commitment is not anything to be blink at though and you may find that your time is better used elsewhere. Hacking can be profitable and with the knowledge under your belt and a little fortitude you could turn those skills into a part time hobby that would pay fairly decently with bug bounties. Ultimately to anyone just wanting to hack for fun and not looking to do it for a career I would personally recommend utilizing free resources like [https://www.hackthebox.eu/](https://www.hackthebox.eu/) to learn. OSCP as a cert provides you with nothing more than a playground to hack in a little bit of direction and ultimately validation with a cert. All of which say for the last one can be found for free or at least significantly cheaper than going through OSCP. Check out this book for a good intro [https://www.amazon.com/dp/1593275641/ref=cm_sw_r_cp_apa_i_Pk6jFb1WSMJ31](https://www.amazon.com/dp/1593275641/ref=cm_sw_r_cp_apa_i_Pk6jFb1WSMJ31)","subreddit_name":"oscp","author":"formidabletaco"},{"body":"I realy enjoyed\r\n\r\n\u0026amp;#x200B;\r\n\r\nHacking The Art Of Exploitation\r\n\r\n\u0026amp;#x200B;\r\n\r\nIts a great hands on book for beginners to get started\r\n\r\n\u0026amp;#x200B;\r\n\r\n[https://www.amazon.co.uk/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641](https://www.amazon.co.uk/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641)\r\n\r\n\u0026amp;#x200B;\r\n\r\n\u0026amp;#x200B;\r\n\r\nand for learning more about linux I would recommend \r\n\r\n\u0026amp;#x200B;\r\n\r\nLinux For Hackers\r\n\r\n\u0026amp;#x200B;\r\n\r\nhttps://www.amazon.co.uk/Linux-Basics-Hackers-Networking-Scripting-ebook/dp/B077WWRK8B","subreddit_name":"hacking","author":"THESEASANIC"}]}