Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization

I do a lot of APT intelligence and did not like this book. The author has years of experience in pen testing which is fine, but, I think this book should be re-named to "The Art of Pen Testing" because that's mostly what it is. The author goes through "APT hacker" methodology when he's really describing pen testing methods. I bought this book for an additional understanding of APT actors and how they operate but what I really got is pen testing and some bloat. Could it have just been my expectations were too high? Maybe.I'd like to be honest while not to bash this author. This is a good book and has lots of good information in it, however, I felt the main focus was not on APTs, as is advertised. I do not believe pen testers to be APTs however, the way the book is written makes you think the author sees them as one in the same. I also found some bloat and topics that have nothing to do with APTs in this book which I didn't like.My definition of an APT is a group of skilled threat actors who's mission is to infiltrate targeted computer systems, conduct their activities for as long as they can/wish to and remain undetected throughout while having nothing but time on their hands. They don't "think outside the box" unless they've tried all the easiest and fastest methods known to work on the weakest link known to get them in. Are there exceptions to this description? Of course! Do they sometimes use state of the art tools the world has never seen before? Yes! Flame, Stuxnet, Regin..etc are some examples. But the majority though? That's what I want to read and learn about, not the fringe, publicized attacks we hear about in the news. What's the #1 method of choice for network infiltration? Email! How are they getting in through email? What tools are they using to get in through email? What tools are they using after they've gotten in? How are they pivoting? How are they persisting? What might they be after? Who might it even be? How can we attribute them to real-world people? How does politics affect what we might see the APTs do? These are the things I wanted the the majority of the book to include and speak about.I didn't like the author talking about physical intrusion, wireless hacking, credit card skimmers, lock picking, tailgating..etc. These are all topics that are important to know, yes, but in my opinion shouldn't be included in a book that is supposed to describe a specific type of threat, APT. It more describes methods pen testers employ. The sheer mention of Kevin Mitnick is a perfect example of what I didn't want to see. Kevin is a pen tester! He's not an APT even though yes, he's "advanced" and I'm sure at one time he was "persistent" and undoubtedly yes, is/was a "threat".Anyways to wrap this up I'll reiterate. This is a good book with lots of good information in it however, will it teach you how to defend against APTs? No. Will it help you detect or understand how APTs operate? No. Will it teach you pen testing methods? Yes. Are the topics covered in this book applicable to a real-world defender trying to understand APTs? Being one of those people, my answer is No.Maybe my expectations were just a little too high as I wanted more technical, applicable data. Still a good read though!

All in all this is an average penetration testing book. There isn't much material pertaining to Advanced Persistent Threats aside from the constant reminders that APT's don't "follow rules". There is interesting but brief material on picking locks and wakizashi phones. Other than that this book reads exactly like a white-hat penetration testing book.A major pet peeve: this book constantly references source code that should be available on the "APT Hacker website". The address of this website is never explicitly mentioned in the book, as other books do when they are introducing the book layout. I've looked up the author and discovered his blog (which is infrequently updated) and another site, apthacker[dot]com. There is no source code to be found. Which is a shame because the last chapter on software backdoors promises all this code that should be on a website that is never named.On that alone, I would say do not buy this book. The author failed to deliver on his promises.Author, if you read this review, feel free to tell me where this "APT Hacker website" is. Maybe I'm dumb and can't find it.

Unfortunately this work has little to do with "Advanced Persistent Threats". The author's biography indicates that he's a penetration tester and this work reads as a pen tester's howto guide. My suspicion is that the author wrote a pen test book and the publisher wanted an APT angle to sell more books. As a result this work has a misrepresentative title and lots of APT fear, uncertainty, and doubt. To give you an idea, it starts: "You didn't realize it, but when you decided to use the Internet, a computer, that new cell phone, even Facebook and Twitter, you joined a war."The book does not draw from any relevant APT intelligence sources. There's no reference to analysis of accepted APT malware samples. There's no reference to threat intelligence or common indicators of accept APT actors. Stuxnet and Olympic Games are mentioned but without thoughtful analysis or comparison as to how those incidents compare to APT actions. Further, the work does not reference data from Snowden's leak. The author suggests hacking like an APT actor using pen tester hardware while there is leaked documentation showing how nation states truly act.I can't recommend this book if you want to learn about APT threats or actors. If you want a quick survey of pen testing methodologies while some APT hyperbole, this is your book.

Great book for where our cyber defenders need to have a foundation. Don’t skim through to python too fast without have some assembly and c. Too many good hacks without really knowing an actual defense might make you greedy

I really liked this book. I ordered it months ago not knowing it was a pre-order book. When it came in the mail it was quite a surprise, as I had forgot I ordered it. I read the entire book in about 4 days. Nothing drastically new to me but I really like some of the real world examples it portrays. My favorite section of the book was the by passing physical security stuff and some of the details of the Stuxnet worm, etc. I hope you all enjoy it!

Great book, several of the sections are old school with examples that had me rolling on the floor. Have to admit I did learn several low tech methods that are a lot faster than the methods I have used in the past. This is a must for any auditor that performs assessment testing. Great job and wish I had this when I first started security auditing.

Very minimal APT methods and contradicting statements abound. It does, however, say APT, A WHOLE LOT. Kind of annoying. This book a long with "The Hacking Bible" are two titles that seriously misrepresent their title.

Great book, but it is a 2014 book. Some sections contain a old information, but it is a good source to study assessment testing.

You can just call it hacking. You don't need to prepend APT to everything. Btw, spearphishing and client-sides are not new, and certainly not advanced.Protip: If you're looking at this book, buy THP2 and RTFM instead.