Metasploit, 2nd Edition

David Kennedy, Mati Aharoni, Devon Kearns , Jim O'Gorman

$130

Paperback

Forthcoming
Pre-Order now

QTY:

English

No Starch Press,US
25 February 2025

Computer security

The new and improved guide to penetration testing using the legendary Metasploit Framework.

The new and improved guide to penetration testing using the legendary Metasploit Framework.

Metasploit- The Penetration Tester's Guide has been the definitive security assessment resource for over a decade. The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless, but using it can be challenging for newcomers.

Written by renowned ethical hackers and industry experts, this fully updated second edition includes-

Advanced Active Directory and cloud penetration testing Modern evasion techniques and payload encoding Malicious document generation for client-side exploitation Coverage of recently added modules and commands

Starting with Framework essentials-exploits, payloads, Meterpreter, and auxiliary modules-you'll progress to advanced methodologies aligned with the Penetration Test Execution Standard (PTES). Through real-world examples and simulated penetration tests, you'll-

Conduct network reconnaissance and analyze vulnerabilities Execute wireless network and social engineering attacks Perform post-exploitation techniques, including privilege escalation Develop custom modules in Ruby and port existing exploits Use MSFvenom to evade detection Integrate with Nmap, Nessus, and the Social-Engineer Toolkit

Whether you're a cybersecurity professional, ethical hacker, or IT administrator, this second edition of Metasploit- The Penetration Tester's Guide is your key to staying ahead in the ever-evolving threat landscape.

By: David Kennedy, Mati Aharoni, Devon Kearns, Jim O'Gorman, Daniel G. Graham
Imprint: No Starch Press,US
Country of Publication: United States
Dimensions: Height: 234mm, Width: 177mm,
Weight: 369g
ISBN: 9781718502987
ISBN 10: 1718502982
Pages: 352
Publication Date: 25 February 2025
Audience: Professional and scholarly , Undergraduate
Format: Paperback
Publisher's Status: Forthcoming

Foreword by HD Moore Chapter 1: The Absolute Basics of Penetration Testing Chapter 2: Metasploit Fundamentals Chapter 3: Intelligence Gathering Chapter 4: Vulnerability Analysis Chapter 5: The Joy of Exploitation Chapter 6: Meterpreter Chapter 7: Avoiding Detection Chapter 8: Client-Side Attacks Chapter 9: Auxiliary Modules Chapter 10: Social Engineering Chapter 11: Wireless Attacks Chapter 12: Porting Exploits to the Framework Chapter 13: Building Your Own Modules Chapter 14: Creating Your Own Exploits Chapter 15: Simulated Penetration Test Chapter 16: Pentesting the Cloud Appendix A: Configuring Your Lab Environment Appendix B: Cheat Sheet

Dave Kennedy, founder of Binary Defense and TrustedSec, is a cybersecurity leader who advised on the Emmy-winning series Mr. Robot. Mati Aharoni, OffSec founder, is a veteran penetration tester who has uncovered major security flaws. Devon Kearns co-founded the Exploit Database and Kali Linux. Jim O'Gorman heads the Kali Linux project at OffSec. Daniel G. Graham is a professor of computer science at the University of Virginia and a former program manager at Microsoft.

Reviews for Metasploit, 2nd Edition

"""This is an excellent book to help familiarize testers with one of the most popular security tools ever created. It will help guide you through familiar concepts and how they integrate into the broader security framework of Metasploit. An absolutely fantastic addition to any penetration tester's bookshelf."" —Menachem Rothbart, Principal Security Consultant, Hacker, OSCE3 ""The Metasploit Framework has enrichments and features that can enhance your offensive security journey, and they're all covered in this book. Many users are acquainted with the pre-built exploitation and initial access use cases covered in the first edition, but this update includes new vulnerabilities, their associated modules, and the new frontier of cloud penetration testing. A practitioner's toolkit and environment may change, but the methodology remains the same."" —Billy Trobbiani, @billycontra, Red Team Engineer"