Metasploit
Authors: David Kennedy, Jim O’Gorman, Devon
Kearns, Mati Aharoni
Publisher: O’Reilly Media,
Inc.
Reviewer/Blogger: Virginia
Benedict
Target Audience: This
Guide offers a wealth of information to both the novice as Tutorial and the
experienced as Reference. For starters,
the Novice will learn relevant steps on how to get started; and the Experienced
with benefit from the discussions on Methodology. Program Managers and Stake
Holders will benefit from a managers perspective
Pre-requisites: Desire to lean, Integrity, Methodical,
Analytical, Programming & Scripting languages recommended but not required
Overview: This Metasploit
guide will help the Pen Tester get started; or take him/her to the next level
Related
Standards: Pen Testing Standards are loosely followed due
to the nature of the investigative process and intelligent garthering.
Related Commercial
Products: Metasploit
Express Edition || Metasploit Pro Edition
Related Basic
Products: Metasploit Framework
Edition || Metasploit Community Edition
Chapters: Seventeen Chapters extensively indexed and a
Cheat Sheet referencing important commands with syntax commonly used within Metasploit’s
various interfaces and utilities.
A guide such as this is best produced by an extensive
collaborative effort of experienced professionals. It is especially valuable when the related
community of information security experienced professionals has had direct or
indirect input into the final product, as with this outstanding effort.
Once the authors have taken the reader through the
absolute basics of Penetration Testing, then they introduce the basics of
Metasploit, arming the novice with the necessary knowledgebase to move into the
intelligence gathering processes while teaching you the various commands and
tools.
I found their discussion on the risks and
responsibilities of the Tester very poignant.
I recommend that since the Metasploit Framework is large
and complex requiring an array of innate and learned skill sets that the novice
reader first study the organizational framework of this guide. In other words, become familiar with the flow
of the work by creating an inventory of the various learning points.
As with any learning process, I always recommend that the
“student” begin by fully understanding their learning style(s). Be aware that you, as many of us do, may have
different learning styles and combinations thereof for different
learning requirements. As a reader in
this case, you might have a couple of learning styles, which you might apply in
perspective. By studying the method(s) used by the authors hereby to present
the information and processes, you will gain the ability to understand and
retain the knowledge presented.
About
the Authors
Devon kearns (dookie2000ca) is a former Communications Technician and IS Security Analyst with over 15 years of formal IT experience but his true passion lies in the field of information security, most notably in the realm of software exploitation and bug hunting. This fascination with vulnerabilities has led Devon to being the lead administrator of the Exploit Database, a co-author of the free online Metasploit Unleashed training course, and a Kali Linux developer.
Jim O'GormanJim (Elwood) is a professional penetration tester, an instructor at Offensive Security, and manages Offensive Security’s consulting services. Jim has lived online from the times of BBS’s, to FidoNet, to when SLIP connections were the new hotness. Jim spends time on both network intrusion simulation as well as digital investigations and malware analysis. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.
David Kennedy is Chief Information Security Officer at Diebold Incorporatedand creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit Database development team and is a core member of the Social-Engineer podcast and framework.Kennedy has presented at a number of security conferences including Black Hat, Defcon, ShmooCon, Security B-Sides, and more.