Penetration Testing
A Hands-On Introduction to Hacking
Georgia Weidman's lab-driven introduction to pentesting, walking the reader from setting up a target environment through scanning, exploitation, post-exploitation, and reporting.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Georgia Weidman
- Published
- 2014
- Publisher
- No Starch Press
- Pages
- 528
- Language
- English
Read this if
Beginners who want a single hands-on intro that walks them through a complete pentest workflow: lab setup, recon, exploitation, post-exploitation, reporting. Still the friendliest entry point in print.
Skip this if
Readers who already work in offensive security or want current-decade tooling specifics. The edition is dated against modern Active Directory tradecraft and EDR realities; the workflow is timeless, the tools are not.
Key takeaways
- A complete pentest is a small number of repeated motions (recon, find foothold, escalate, pivot, document); Weidman teaches the rhythm before the tooling.
- Lab setup is half the learning; running through the book's Metasploitable-and-Windows-VM lab is what builds the muscle memory the OSCP later assumes.
- Reporting matters as much as exploitation; the book is one of the few intro texts that takes the deliverable seriously.
Notes
The OSCP-prep community still recommends this book first, despite its age, because nothing has replaced it for newcomers. Pair with Hacking: The Art of Exploitation for the binary side and PortSwigger Academy for current web. Weidman is also a strong public speaker (her DEF CON talks on smartphone botnets and Shevirah are worth watching). Buy the older edition cheap; the workflow taught is what you're paying for.
What to read before
What to read before Penetration Testing →Intermediate · 2025
Metasploit
The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.
Beginner · 2021
Bug Bounty Bootcamp
Vickie Li's pragmatic walk through the bug-bounty workflow, from picking a program and recon to reporting findings that actually pay out.
Beginner · 2025
Linux Basics for Hackers
OccupyTheWeb's introduction to Linux from the angle that hackers and pentesters actually need it: shells, networking, scripting, and Kali tooling.
What to read next
What to read after Penetration Testing →Intermediate · 2025
Metasploit
The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.
Intermediate · 2024
Black Hat Bash
Nick Aleks and Dolev Farhi on getting offensive work done with the shell: privilege escalation tooling, lateral movement, and pipelining bash with the rest of the toolkit.
Intermediate · 2020
Black Hat Go
Tom Steele, Chris Patten, and Dan Kottmann show how to use Go's networking primitives, concurrency model, and cross-compilation to write offensive tooling that runs almost anywhere.
Explore similar books
Alternatives to Penetration Testing →Intermediate · 2025
Metasploit
The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.
Intermediate · 2024
Black Hat Bash
Nick Aleks and Dolev Farhi on getting offensive work done with the shell: privilege escalation tooling, lateral movement, and pipelining bash with the rest of the toolkit.
Intermediate · 2021
Black Hat Python
Justin Seitz and Tim Arnold's hands-on tour of writing offensive tooling in Python: network sniffers, web scrapers, GitHub-based command-and-control, screen capture, keylogging, and Volatility extensions.