Advanced Penetration Testing: Hacking the World's Most Secure Networks

This book is the real deal. I found it to be eye-opening, because, despite sounding very advanced and almost next-level, the attacks accompanied by source code show how simple and effective they are in reality.This book seemed light at first (200 pages), so I was skeptical at it's ability to really tackle advanced topics, but I will say I was very pleasantly surprised. Those two hundred pages are action packed and filled with jaw-dropping 'this is cool' moments.My only gripe with it is that it's a little formulaic, with the social engineering being shoehorned into every attack, and maybe pushing the whole APT thing too much, like when you really want something to become 'a thing'. Do we really need to socially engineer payloads using the same formula for all of the attacks? Not even one 'ha Ked the router with boring Cisco exploits' example? I guess it wouldn't make for an entertaining book.

This is the best penetration testing book that I have ever read to date. There is such a depth of understanding of penetration testing that is conveyed in this book in the way that the author is able to portray highly advanced topics in a conceptually understandable way. A novice might not be able to follow the text, as it is advanced, but for anyone looking to open their mindset up to becoming a more effective penetration tester, I HIGHLY advise this book.

Bought yesterday, can't put it down -- will reread it again this week. This book is a solid gold mine on pulling our InfoSec heads out of our InfoSec tailpipes and focusing on the modes and methods our real adversaries are using. (Pro Tip: They aren't using crappy malware, so if you're InfoSec program is built on stopping malware you should be concerned.)We all hear about the social engineering component to an effective attack, but to see it so effectively used over and over again with Wil's case studies really drives home the point.If you're involved in either the management of an Information Security program, or involved in the more tactical parts of penetration testing, I'd put this on your short list of books to read this year. I hope he does a follow-up.

This book is largely about social engineering, not "advanced penetration testing". It's not bad, but it seems to follow a few ways to drop a binary, conceptualize a C&C infrastructure without finding security defects.

This book is in a class of its own compared to other security and pentesting books. I would highly recommend to anyone interested or currently working in network security. Instead of simply explaining how to use common pentesting tools, Wil Allsopp explains how they work and how to write your own custom tools from the ground up. Even if you do not have a programming background, it is worth understanding how an attacker can infiltrate a "secure" network without being detected.

Allsopp demonstrates in terms even a toddler could follow how to compromise the world's most secure networks. Banks? Yeah. Research Pharma outfits? Good luck.If you're a pen tester then read this. If you're not read it anyway and learn how precarious your entire existence is. I read this dude's last book years ago and was struck by how much he got it - these are the people who rule the world. It behooves you to understand how they think.

This book is one chapter after the next about sample hacking scenarios, but each chapter explores a different hacking methods in different environments. It's not a book on theory; it's about real-world examples of hacking networks. So, if you read something in the news about someone getting hacked, and you wonder how it may have possibly been done, this is the book to read.

The author truly knows his art. As a penetration tester, I feel that many books just re-hash the same old material and tools. This book covers much more than just pentesting, it covers APT and gives realistic scenarios and tools that actually work. This is a book for everyone who works offensive and defensive security because it covers how real malicious actors approach companies and steal their critical data.