Saturday, August 13. 2011Book Review: Metasploit - The Penetration Tester's Guide
Recently I received a free review copy of Metasploit - The Penetration Tester's Guide from No Starch Press. I was pretty excited about the book because I have not yet worked with Metasploit before, even though I have followed the Metasploit development for a long time. For those who do not know, Metasploit is a "free open-source penetration testing solution developed by the open source community and Rapid7". Originally started by HD Moore in 2003, it also doubles as one of the world's largest open-source Ruby projects.
Written by the four authors David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni, this new book aims to "teach you the ins and outs of Metasploit and how to use the Framework to its fullest" while also acknowledging that their "coverage is selective". They set out to live up to that aim on roughly 300 pages divided into 17 chapters and two appendices. The individual chapters are 'The Absolute Basics of Penetration Testing' (6 pages), 'Metasploit Basics' (8 pages), 'Intelligence Gathering' (20 pages), 'Vulnerability Scanning' (22 pages), 'The Joy of Exploitation' (18 pages), 'Meterpreter' (24 pages), 'Avoiding Detection' (10 pages), 'Metasploit Auxiliary Modules' (12 pages), 'The Social-Engineering Toolkit' (28 pages), 'Fast-Track' (14 pages), 'Karmetasploit' (8 pages), ' Building your own Module' (12 pages), 'Creating your own Exploits' (18 pages), 'Porting Exploits to the Metasploit Framework' (20 pages), 'Meterpreter Scripting' (17 pages), and 'Simulated Penetration Test' (16 pages). As you can see, due to the small amount of pages and the high number of chapters there is not a lot meat per chapter. In fact, roughly one-third of the book is console output listings or screenshots. That means you can subtract one-third of the pages of each chapter to get a more accurate estimate of the information provided in each chapter. It also means that you will read roughly 100 pages of console output over the course of book. In the beginning I made an effort to do that but after a while this gets ridiculously boring and I began skipping most console output. There is a reason for the huge amount of console listings you are expected to read. The book is a cook book, not a compendium. Throughout the book, you are basically told to 'enter <somestring> and hit enter' or 'click menu X' and then they show the console listing of what output you can expect. Between being told what to enter and output dumps to expect, there is little space left for any in-depth background discussion of what is actually going on. Now, I learned to write code using these sorts of books and it worked out well for me so if you are at that stage of your professional life you might appreciate this writing style. I have moved on to prefer compendium style books though. Another issue I noticed is probably the result of having different authors write individual chapters of the book seemingly without much coordination. The assumed skill level of the reader is confusing and non-linear. Here is an example. At the beginning of chapter eight (Exploitation using Client-Side Attacks), the authors spend a whole paragraph explaining the x86 instruction NOP starting with the phrase "NOPs are covered in detail in chapter 15 [in itself the funniest phrase of the book, nearly as absurd as my long-time favorite 'There aren't actually physical rings on the microchip' from Greg Hoglund's rootkit book], but we'll cover the basics here...". Just a few pages later (and again in chapter 14), without explaining other x86 instructions before, the reader is expected to understand complete Immunity Debugger code listings. Only in chapter 15 - after you were supposed to create your own exploits in chapter 14 - do the authors explain things like 'EIP and ESP registers' or 'The JMP Instruction Set'. The order of assumed and explained knowledge of x86 assembly code is completely out of whack. Before starting the book I expected to read about internal in-depth information about the Metasploit framework itself and less cook book style. This might have been a wrong assumption since it's the penetration tester's guide after all, not the contributor's guide. The good news is that the last few chapters kind of go into that direction and were more interesting to me. Starting with chapter eight, the content of the chapters move away from pure usage of Metasploit to extending Metasploit. Especially the chapters 14 and 15 about creating your own exploit and adding it as a module to the Metasploit framework were enjoyable. Let's take a closer look at those two chapters. In chapter 14, the authors explain how you can use Metasploit as a fuzzer. The target of the chapter is a known vulnerable version of SurgeMail. Once the fuzzer hits the expected crash, they walk you through the bug and instruct you how to control the SEH chain to get to remote code execution and how to structure the shellcode. In the end, a new module is created to add this exploit to Metasploit. At the beginning of chapter 15 - after writing a SEH overwrite exploit - you finally learn about ESP, EIP, JMP and NOP. Afterwards the authors take an existing MailCarrier exploit written in Python and port it to Metasploit. Even though I liked those two chapters I have to wonder whether both are necessary (they are really similar) or whether the order of the two chapters was supposed to be different at first. In general, while the first edition of the book is rocky, not all is lost for a second edition. The authors are clearly knowledgeable and touch upon large parts of the Metasploit framework. It's just that they favored breadth over depth. My recommendation would be to find a way to seriously cut down on the console output listings to improve the flow of reading, to give more in-depth background knowledge instead of mostly cookbook style instructions (think of the IDA Pro book as a positive example), and to make a clear model of what skill level you are targeting in the reader. I think it is safe to assume that the average reader of a penetration testing book knows what a NOP is. Even more so after implementing a SEH exploit earlier in the book. Saturday, June 13. 2009Book Review - Gray Hat Python
What is Gray Hat Python all about? The back cover of the book describes it like this: "Gray Hat Python explains the concepts behind hacking tools and techniques like debuggers, trojans, fuzzers, and emulators." And all of that using Python code and popular Python libraries. How awesome is that? Pretty awesome I thought when I first heard about the book. So awesome in fact that several months before the book was published I actually sent Justin an email asking him if everything's fine because I was concerned that the publisher is imposing stuff on him which could lead to a shitty book (see: Reverse Engineering Code with IDA Pro; if you ever meet any of the authors of that book ask them to tell you just how much Syngress sucks; it's an entertaining story). Continue reading "Book Review - Gray Hat Python"Monday, May 4. 2009Book Review - Growing Software![]() Continue reading "Book Review - Growing Software" Monday, March 9. 2009Book Review - Profiling HackersIn late 2008 Raoul Chiesa, Stefania Ducci, and Silvio Ciappi published an interesting book called Profiling Hackers (Amazon). The idea behind this book is simple: Police officers use profiling to find criminals. Hackers often do illegal things. Police officers therefore need to profile hackers. Most police officers do not have a clue about hackers though. On 240 pages divided into seven chapters this book tries to help them by explaining what Hackers are like. Continue reading "Book Review - Profiling Hackers"Tuesday, February 17. 2009
Book Review - The Adventures of Dr ... Posted by sp
in Book reviews at
19:19
Comments (2) Trackbacks (0) Book Review - The Adventures of Dr Debugalov
Some days later it arrived and I was surprised. The book is actually a comic book. It is a compilation of the comics you can find here. As you can see, the comics are not especially well-drawn and they're nearly completely unfunny to boot. OK, four or five of the comics in the book are actually funny. The other 40 or so are not. The problem is obvious. There are only so many good jokes you can make about debugging (and to be honest, I debug a lot of stuff and I know very few good jokes about debugging). About four years and 100 blog entries ago, I complained about the ridiculous puns in the book C++ Coding Standards. The Dr Debugalov book suffers from exactly the same problem. Except that the Dr Debugalov book has (nearly) no content except for the puns in comic form. This magnifies the problem to the point where it's getting painful. Talking about ridiculous puns. The pages of the book do not just contain comics. Every single page also features a more or less famous quote that has been reworked (by replacing or inserting words) to turn it into a quote about debugging. After reading approximately 20 of these so called bugtations I wanted to shoot myself. So yeah, what to recommend. You should probably buy the book, rip off the cover (which is really cute), frame it and hang it onto the wall of your little cog-in-the-machine cubicle or wherever you are working. The rest of the book can quickly be discarded. Tuesday, November 4. 2008
Book Review - The Art of Debugging ... Posted by sp
in Book reviews at
21:30
Comments (2) Trackbacks (0) Book Review - The Art of Debugging with GDB, DDD, and Eclipse
The book is roughly 260 pages long and divided into eight chapters. Continue reading "Book Review - The Art of Debugging with GDB, DDD, and Eclipse"Tuesday, September 9. 2008Book Review - The IDA Pro Book
Anyway, less talk about No Starch Press and more about The IDA Pro Book. Written by Chris Eagle, The IDA Pro Book is the latest book that tries to guide reverse engineers through the exciting world of binary files you've "lost" the source code for. The approximately 580 pages of the book (it's not 640 pages long as claimed on Amazon) are divided into 26 chapters which are themselves grouped into six parts. Continue reading "Book Review - The IDA Pro Book"Sunday, July 20. 2008Book Review - Dreaming in Code
Monday, May 12. 2008
Book Review - Advanced Windows Debugging Posted by sp
in Book reviews at
17:21
Comments (0) Trackbacks (0) Book Review - Advanced Windows Debugging![]() Tuesday, April 22. 2008
Book Review - Reverse Engineering ... Posted by sp
in Book reviews at
21:05
Comments (8) Trackbacks (0) Book Review - Reverse Engineering Code with IDA ProThis week I managed to read Reverse Engineering Code with IDA Pro. I was pretty curious about the book because it's the first book specifically about everyone's favourite disassembler IDA Pro and it turned out to be very different from what I expected. Co-authored by Dan Kaminsky (editor), Justin Ferguson, Jason Larsen, Luis Miras, and Walter Pearce, Reverse Engineering Code with IDA Pro sets out to give an introduction to IDA Pro and how to use it to reverse engineer software. The book is approximately 310 pages long and divided into nine chapters ("Introduction", "Assembly and Reverse Engineering Basics", "Portable Executable and Executable and Linking Formats", "Walkthroughs One and Two", "Debugging", "Anti-Reversing", "Walkthrough Four", "Advanced Walkthrough", "IDA Scripting and Plug-Ins"). Continue reading "Book Review - Reverse Engineering Code with IDA Pro"Friday, April 4. 2008
Book Review - The New School of ... Posted by sp
in Book reviews at
21:28
Comments (0) Trackbacks (0) Book Review - The New School of Information SecurityHi everyone and welcome to another post in my favourite blog entry category: Book Reviews. I'm happy to announce that for the first time ever I have actually managed to read a book and write a review of it before its official release (unlike my other reviews where I often review three year old books). I'm talking about Adam Shostack's and Andrew Stewart's new book The New School of Information Security here which will be released tomorrow. The New School of Information Security is a weird book. From the title of the book you'd think that this is a book about information security for people who have at least some kind of clue about information security. I mean why would people that do not have a clue about information security read a book about reforming and improving the field of information security? Unfortunately this assumption is wrong. Continue reading "Book Review - The New School of Information Security"Sunday, August 19. 2007
Book review: The Art of Software ... Posted by sp
in Book reviews at
13:53
Comment (1) Trackbacks (0) Book review: The Art of Software Security Assessment![]() The Art of Software Security Assessment - Identifying and Preventing Software Vulnerabilities (Amazon / Official Website) by Mark Dowd, John McDonald and Justin Schuh is a huge book. At more than 1100 pages it's the fourth biggest book I've ever read. It was quite a task to read it front to back and so it took me a while. Here's my review of the book. Continue reading "Book review: The Art of Software Security Assessment"Monday, January 8. 2007
Book review: The Algorithm Design Manual Posted by sp
in Book reviews at
13:28
Comments (0) Trackbacks (0) Book review: The Algorithm Design Manual
Steven S. Skiena's book The Algorithm Design Manual is different from all the other algorithm books I've read so far. Skiena's book makes you aware of three things:
Friday, January 5. 2007
Book review: Programming Interviews ... Posted by sp
in Book reviews at
16:10
Comments (0) Trackbacks (0) Book review: Programming Interviews Exposed
The first thing that amused me about the book "Programming Interviews Exposed - Secrets to Landing Your Next Job" were two sentences from the beginning of the third paragraph of the preface:
At this point you may be wondering who we are and what gives us the authority to write this book. We're both recent graduates who've been through a lot of interviews in the past few years. Are people who went through a lot of job interviews actually qualified to write a book about acing job interviews? On the other hand a guy who only needed a single job interview to get his dream job is probably not qualified either. I guess only people who actually sat on both sides of the table can really write good books about job interviews. If you want to have an example of what I'm talking about check out Steve Yegge. He writes amusing blog posts about job interviews once in a while (old site - new site). Continue reading "Book review: Programming Interviews Exposed" Wednesday, December 6. 2006Book review - Hacker's Delight
When the Quake 3 source code was released a while ago, people found a curious function called InvSqrt. This function turned out to calculate the inverse square root of a floating-point number in a pretty cool way (read everything about the function here). Recently someone tried ( unsuccessfully ) to find out the origin of the function and the function was once again on Slashdot and Digg.
Personally I'm not concerned with calculating square roots or their inverses but I'm implementing a compiler for a severely limited RISC architecture right now. This architecture only knows 15 very basic operations. For example there are only logical shifts. Arithmetic shifts and rotate operations have to be compiled to a combination of logical shifts and bit-wise operations like "and" and "or". There's not even a bit-wise "not" instruction. Inversing an operand means xor-ing it with a bitmask with every bit set. Anyway, the latest round of e-popularity of the InvSqrt function and my current work brings me to this update. Three years ago I bought the first edition of the book Hacker's Delight by Henry S. Warren, Jr (the official website of the book is http://www.hackersdelight.org/ ). On nearly 300 pages it tells the tale of some decades of assembly programming on weird platforms and what tricks people came up to overcome the limits of older computers. An Amazon reviewer describes the book in the following words: "Think of it as 'The Art of Computer Programming, Volume 0: Bit Manipulation'. Except without the annoying Knuth attitude". This describes it well, I think. Continue reading "Book review - Hacker's Delight" |
Calendar
QuicksearchArchivesContact
Links
Errorserendipity error: could not include serendipity_plugin_topexits:9e394f6ce1233c944505729bbd323460 - exiting.
Blog AdministrationPowered byCategories |