It's been some time since I posted my last review, so here comes the next one. This one is for the book Ethical Hacking by Daniel G. Graham. It's been a couple of months since I finished this book. That's the time it takes (at least for me) to truly absorb all the information presented in this book. It was published in October 2021 by No Starch Press. I got it as part of No Starch Press Humble Bundle.

Content Overview

This book is divided into five + 1 parts, covering network fundamentals, cryptography basics and attacks, social engineering techniques, exploitation and post-exploitation attacks. Before diving into concepts, the author has dedicated a chapter to setup a basic lab to enable readers to try out various techniques demonstrated in this book. Throughout the book the author has listed challenging exercises for readers to build upon the concepts learnt through this book.

Book Layout

The book is divided into five + 1 parts:

• Setting Up - This chapter covers setting up a basic lab that will be used throughout the book to demonstrate various attacks. The lab mostly uses open-source technologies like Virtual Box, Metasploitable (as the victim machine), pfSense and Ubuntu.

• Network Fundamentals - This section encompasses chapters two to four. It covers basics of MAC addresses, IP addresses, ARP tables etc. It demonstrates how to perform and detect an ARP spoofing attack. It then covers basics of network layers, packet structures and explains how to capture and analyze network traffic using WireShark. It closes by teaching how to create custom TCP shells.

• Cryptography - This section encompasses chapters five and six. It describes certain cryptography algorithms in detail (including the math behind them). It also explains how Diffie-Hellman, ECC algorithms work. Throughout this section there is an extensive usage of openssl to generate various keys.

• Social Engineering - This section encompasses chapters seven and eight. It covers how to craft a phishing campaign (email, domain names, website etc.). It also demonstrates how modern technologies such as DeepFake videos and machine learning models can be used for phishing. It then delves into information gathering about the target organization using various Open Source Intelligence (OSINT) tools and techniques. Tools covered in this section include, Maltego, Masscan, Shodan, Google Dorks etc.

• Exploitation - This section encompasses chapters nine to thirteen. It demonstrates how to write exploits from scratch and uses Heartbleed vulnerability as an example. It then discusses the theory of fuzzing and how to perform fuzzing using tools and techniques such as AFL, Symbolic Execution, Dynamic Symbolic Execution, Angr and Spike. It then explains how to build Linux and Android Trojans using metasploit. It also covers how to be OPSEC (operation security) safe by adding anti-virus evasion techniques or embedding a rootkit into the Linux kernel. Next, it covers exploiting common web application vulnerabilities and cracking passwords.

• Controlling The Network - This section encompasses chapters fourteen to sixteen. It covers post exploitation tactics such as privilege escalation, lateral movement and attacking Active Directory infrastructure (pass-the-ticket, DCSync, Golden ticket attacks).

Salient Features

• It focuses on building custom tools (TCP shells, Trojans, Rootkits etc.) which helps in understanding how they work behind the scenes.

• It was interesting to learn some novel techniques like back-dooring a .deb package, phishing using DeepFake technology etc.

• It covers modern technologies such as ECC, DeepFake etc.

• In some ways it can be considered as the much-awaited updated version of Georgia Weidman's Penetration Testing book by No Starch Press.

• It is good for beginners in cybersecurity, ethical hacking and offensive security.

• The author has created a Discord server associated with this book.

Not so salient Features

• A cloud-based template of the lab would have been nice.

• It goes into a little more depth of certain topics than required.

• I would have loved a self-hosted hands-on lab to practice the techniques demonstrated in the book.

My rating 4.5 / 5.0

Join our book club on Discord and share your views on this book (or any other security book of your choice).

Other book reviews

• Practical Social Engineering by Joe Gray

• How to Hack Like a GHOST by Sparc Flow

• How to Hack Like a LEGEND by Sparc Flow

• CCSP for dummies by Arthur J. Deane

• Cyber Warfare – Truth, Tactics, and Strategies by Dr. Chase Cunningham

• Practical Threat Intelligence and Data-driven threat hunting by Valentina Costa-Gazcón

• Hacking APIs by Corey Ball

• Pentesting Azure Applications by Matt Burrough

• Penetration Testing Azure for Ethical Hackers by David Okeyode, Karl Fosaaen

• Red Team Development and Operations by Joe Vest and James Tubberville

• Container Security by Liz Rice

• Web Application Security by Andrew Hoffman