Cyber Shelf

// Comparison

Advanced Penetration Testing vs Attacking Network Protocols: Which Should You Read?

Two cybersecurity books on Offensive, compared honestly: who each is for, what each does best, and which to read first.

Advanced
3/52017
Advanced Penetration Testing

Hacking the World's Most Secure Networks

Wil Allsopp

A red-teamer's tour of getting into high-security targets without Metasploit, leaning on custom C2, social engineering, and tradecraft. Strong ideas, uneven execution.

Advanced
5/52017
Attacking Network Protocols

A Hacker's Guide to Capture, Analysis, and Exploitation

James Forshaw

James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

Read this if

Working pentesters who want to move past tool-driven engagements and build their own payloads and C2 against hardened, monitored environments.
Anyone who needs to understand traffic, not just see it. Forshaw is the rare Project Zero veteran who can also teach; the book turns network protocol analysis into a learnable craft.

Skip this if

Beginners, and anyone wanting a polished, reproducible lab manual. Skip this if you need code you can copy-paste and run, the listings are illustrative and dated.
Beginners who haven't yet handled a pcap, or readers who only want HTTP/web. The book covers Layer 2 through application-level RPC, and the value compounds the deeper you go.

Key takeaways

  • Against mature targets the interesting work is custom tooling and tradecraft, not off-the-shelf frameworks.
  • A realistic APT-style engagement is a campaign, social engineering, staged payloads, and patient C2, not a single exploit.
  • Evading EDR and egress controls is a design problem you solve before the engagement, not a flag you toggle during it.
  • Capturing, parsing, and replaying traffic is one workflow, not three, and Forshaw's tooling-first framing makes that explicit.
  • Custom-protocol auditing (the part security curricula skip) is the part of the book that pays back hardest, especially for embedded, OT, and proprietary stacks.
  • The "build your own network analysis tool" chapters teach more about how protocols actually work than any number of Wireshark lessons.

How they compare

We rate Attacking Network Protocols higher (5/5 against 3/5 for Advanced Penetration Testing). For most readers, that means Attacking Network Protocols is the primary pick and Advanced Penetration Testing is a useful follow-up.

Both books target advanced-level readers, so the choice is about topic, not difficulty.

Advanced Penetration Testing and Attacking Network Protocols both cover Offensive, so reading them in sequence reinforces the same material from different angles.

Keep reading

Advanced Penetration Testing

Alternatives to Advanced Penetration TestingWhat to read after Advanced Penetration Testing

Attacking Network Protocols

Alternatives to Attacking Network ProtocolsWhat to read after Attacking Network Protocols

Related topics

Offensive