Book Review: Basic Security Testing with Kali Linux 2

Basic Kali 2

A fully updated version of the very popular “Basic Security Testing with Kali Linux” is now available! Now totally re-written from the ground up to cover the new Kali Linux “2016-Rolling” with the latest pentesting tools and Ethical Hacking techniques.

I was honestly shocked how well received the first Basic Security Testing book was received by the security community. But all in all, it was my first book attempt and definitely had room for improvement. I was flooded with requests and advice from students, instructors and even military personnel on recommended changes and ways the book could be improved.

I took every comment to heart and with the help of an amazing editorial and reviewer team, that included a computer security professor and a CTF player, created Basic Security Testing 2!

What’s new:

  • Completely re-written to cover topics more logically
  • Better lab layout that is used consistently throughout the book
  • Written for the latest version of Kali (Kali 2.0 “Sana” & Kali “2016-Rolling”)
  • Includes an introduction chapter for the new Kali 2016-Rolling
  • All tools sections have been updated – old tools removed, new tools updated
  • Now uses PowerShell for most of the remote Windows Shells
  • XP removed, Windows 7 used as the main Windows target (though Windows 10 is mentioned a couple times  🙂  )
  • More tool explanations and techniques included
  • 70 pages longer than original book

What’s the same:

  • Learn by doing
  • Hands on, Step-by-Step tutorials
  • Plenty of pictures to make steps more understandable
  • Covers the same major topics as the original, but using the latest tools
  • The front cover, well, except for the “2”!

My goal was to provide a common sense Ethical Hacking how-to manual that would be useful to both new and veteran security professionals. And hopefully I have accomplished that task. Thank you to everyone for your continuous support and feedback, it is greatly appreciated!

So what are you waiting for, check it out!

Basic Security Testing with Kali Linux 2





Security Book Give Away: Intermediate Security Testing with Kali Linux 2

UPDATE 4/3 – The Contest is now over, and winners have been notified. Thank you everyone for your interest and support!

Want a chance to win a signed copy of “Intermediate Security Testing with Kali Linux 2”?

This almost 500 page hands-on, step-by-step tutorial style book doesn’t dwell on the theory of security, but instead walks you through implementing and using the latest security tools and techniques using the most popular computer security testing platform, Kali Linux:

Book Cover proof

My third book, “Basic Security Testing with Kali Linux 2” a total update of my hugely popular “Basic Security Testing” book, has just been published! To celebrate I am giving away four signed copies of my second book, “Intermediate Security Testing with Kali Linux 2”.

Simply share a link to this article on your favorite social media site. Then place a copy of the link in the comments field below. Winners will be chosen at random in two weeks (April 1st) from links in the comments section.

Security Book Preview: The Tao of Network Security Monitoring

“The Tao of Network Security Monitoring, Beyond Intrusion Detection” – By Richard Bejtlich

I don’t normally do this, but I am making an exception for this book.  This is not a full review, but just a preview. I have not finished reading this book, but thought it to be good enough to give you a heads up.

The author, Richard Bejtlich, is the Director of Incident Response at GE, author of the TaoSecurity Blog, and the instructor of the TCP/IP Weapons School. He is also a Harvard graduate and was an Air Force Captain responsible for supervising the Air Force Computer Emergency Response Team (AFCERT).

Okay, first off, if you are new to the computer security field, you may want to skip this book for now. This is not an entry level book. But if you are familiar with Linux, Intrusion Detection Systems and the TCP/IP protocol, this book is for you.

The book starts out with a scenario; you are the head of network security for a large corporation. Strange pop ups are showing up on workstations. Trouble tickets are coming in reporting an abnormal amount of traffic through your border router. Your intrusion detection sensors are all going off and you are notified that an ecommerce site is being attacked by your network.

Bejtlich then asks the 64 Million dollar question, “Now What?”

Bejtlich’s philosophy on network security is that it is not a matter of if you will be attacked, and compromised, but to already have network system monitoring practices in place to deal with these intrusions. He bases this philosophy on Dorothy Denning and Peter Neumann’s report “Requirements and Model for IDES – A Real-Time Intrusion-Detection Expert System”:

  1. Most existing systems have security flaws that render them susceptible to intrusions, penetrations, and other forms of abuse. Finding and fixing all these deficiencies is not feasible for technical and economic reasons.
  2. Existing systems with known flaws are not easily replaced by systems that are more secure – mainly because the systems have attractive features that are missing in the more secure systems, or else they cannot be replaced for economic reasons.
  3. Developing systems that are absolutely secure is extremely difficult, if not generally impossible.
  4. Even the most secure systems are vulnerable to abuses by insiders who misuse their privileges.

Wow, how true that is, and the amazing thing about this report is that it was written in 1985!

Excellent book, as I mentioned before, I have not finished it yet (It’s about 800 Pages!), but so far it has been very good. I have to admit early on that I almost put the book down and walked away, sometimes it seemed a little heady and philosophical (did I mention he was a Harvard grad?), but as I progressed and saw how Bejtlich pulled the information together, I saw the method in the madness and could see the writing for what it truly is, brilliant.

“The Tao of Network Security Monitoring, Beyond Intrusion Detection” available at