Metasploit, 2nd Edition (Paperback)

The new and improved guide to penetration testing using the legendary Metasploit Framework.

The Metasploit Framework makes discovering, exploiting, and sharing systemic vulnerabilities quick and painless. But, this popular pentesting tool can be hard to grasp for first-time users. Written by some of the world’s top hackers and security experts, Metasploit fills the gap by teaching you how to best harness the Framework and interact with its vibrant community of Metasploit open-source contributors.

This indispensable guide's updated second edition introduces modules and commands recently added to the Metasploit Framework, along with a new chapter on conducting cloud-based assessments, and discussions of contemporary evasion techniques, malicious document generation, Active Directory attacks, and more.

You’ll learn:

• Foundational pentesting techniques, including network reconnaissance and enumeration
• The Metasploit Framework's conventions, interfaces, and module system
• Client-side attacks, wireless exploits, and targeted social-engineering attacks
• Methods of creating custom modules and porting existing exploits to the Framework

In a fast-paced digital ecosystem, the modern hacking techniques covered in Metasploit, 2nd Edition are essential for today's penetration testers.

Reviews

"This is an excellent book to help familiarize testers with one of the most popular security tools ever created. It will help guide you through familiar concepts and how they integrate into the broader security framework of Metasploit. An absolutely fantastic addition to any penetration tester's bookshelf." 
—Menachem Rothbart, Principal Security Consultant, Hacker, OSCE3

"The Metasploit Framework has enrichments and features that can enhance your offensive security journey, and they're all covered in this book. Many users are acquainted with the pre-built exploitation and initial access use cases covered in the first edition, but this update includes new vulnerabilities, their associated modules, and the new frontier of cloud penetration testing. A practitioner's toolkit and environment may change, but the methodology remains the same."  
—Billy Trobbiani, @billycontra, Red Team Engineer at Toast, Inc.

"Not just another Metasploit tutorial. The second edition of this comprehensive book walks you through each stage of a simulated penetration test, and shows you how to use Metasploit to its full potential. Plus, it is logically ordered and easy to follow."
—Andy “ApexPredator” Poole, OSEE, GSE

"[P]rovides invaluable insights for penetration testers seeking to enhance their skills and understanding using Metasploit. However, its benefits extend beyond penetration testers. In contrast, blue teamers can also leverage the same techniques and knowledge in this book to go behind enemy lines and identify gaps in their own security controls before they can be exploited by attackers using the same toolset."
—Josh Tristram, @jdtristram, Healthcare Blue Teamer

"An easy read that is more than a metasploit book. It covers beginner and intermediate concepts anyone interested in the offensive side of security should understand."
—Dave Curtin, security consultant, LRQA

About the Author

Dave Kennedy has been named one of the Top 10 IT Security Influencers in the World by CISO Platform. In his more than 20 years of experience in the security industry, he cofounded Binary Defense and founded TrustedSec, an information security consulting company located in Fairlawn, Ohio, which specializes in attack simulations with a focus on strategic risk-management.

Jim O'Gorman is the Chief Content and Strategy Officer at OffSec, where he primarily focuses on cyber workforce development and training. He also heads the Kali Linux project, the industry-standard Linux distribution for information security tasks, and can be found online at https://elwood.net.

Devon Kearns is a Canadian information security professional. During his time at Offensive Security, he co-founded The Exploit Database and Kali Linux, and served as lead editor on all in-house content.

Mati Aharoni (muts) is the founder of OffSec. With over 10 years of experience as a professional penetration tester, Mati has uncovered several major security flaws and is actively involved in the offensive security arena.

Dr. Daniel G. Graham is a professor of computer science at The University of Virginia (UVA), where he has taught courses in computer networks and network security. His research interests include secure embedded systems and networks. Before teaching at UVA, Dr. Graham was a program manager at Microsoft. He publishes in IEEE journals relating to sensors and networks.