Advanced Penetration Testing
Hacking the World's Most Secure Networks
A red-teamer's tour of getting into high-security targets without Metasploit, leaning on custom C2, social engineering, and tradecraft. Strong ideas, uneven execution.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Wil Allsopp
- Published
- 2017
- Publisher
- Wiley
- Pages
- 288
- Language
- English
Prerequisites
Comfortable writing C#, VBA, and PowerShell, and already familiar with the basics of pentesting. This is not a first book.
Read this if
Working pentesters who want to move past tool-driven engagements and build their own payloads and C2 against hardened, monitored environments.
Skip this if
Beginners, and anyone wanting a polished, reproducible lab manual. Skip this if you need code you can copy-paste and run, the listings are illustrative and dated.
Key takeaways
- Against mature targets the interesting work is custom tooling and tradecraft, not off-the-shelf frameworks.
- A realistic APT-style engagement is a campaign, social engineering, staged payloads, and patient C2, not a single exploit.
- Evading EDR and egress controls is a design problem you solve before the engagement, not a flag you toggle during it.
Notes
The ideas are genuinely good, especially the insistence on writing your own C2 and thinking like an APT rather than a tool operator. But the code is sloppy in places, the threat models have aged, and it reads more like a senior consultant's collected war stories than a structured course. Worth reading for the mindset; do not treat the listings as gospel.
What to read before
What to read before Advanced Penetration Testing →Intermediate · 2018
The Hacker Playbook 3
Peter Kim's hands-on red-team field manual: assumed-breach scenarios, lateral movement, AV/EDR evasion, and the operational rhythm of a real engagement rather than a checklist of CVEs.
Intermediate · 2025
Metasploit
The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.
Intermediate · 2018
Pentesting Azure Applications
Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.
What to read next
What to read after Advanced Penetration Testing →Intermediate · 2018
The Hacker Playbook 3
Peter Kim's hands-on red-team field manual: assumed-breach scenarios, lateral movement, AV/EDR evasion, and the operational rhythm of a real engagement rather than a checklist of CVEs.
Advanced · 2017
Attacking Network Protocols
James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.
Advanced · 2024
Windows Security Internals
Forshaw takes apart the Windows security model from the SRM and access tokens up through Kerberos, with live PowerShell you can run against your own machine. The most authoritative single source on how Windows actually decides who can do what.
Explore similar books
Alternatives to Advanced Penetration Testing →Intermediate · 2018
The Hacker Playbook 3
Peter Kim's hands-on red-team field manual: assumed-breach scenarios, lateral movement, AV/EDR evasion, and the operational rhythm of a real engagement rather than a checklist of CVEs.
Intermediate · 2025
Metasploit
The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.
Intermediate · 2018
Pentesting Azure Applications
Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.