Have you ever seen the movie, The Matrix? If you haven't, I strongly recommend that you rent this timeless sci-fi classic. Those who have seen The Matrix will recall that Keanu Reeves's character, a hacker named Neo, awakes to find himself in a vicious battle between humans and computer programs with only a rag-tag crew of misfits to help him win the fight.
Neo learns the skills he needs for battle from Morpheus, a Zen-like master played by Laurence Fishburne. As the movie unfolds, Neo is wracked with questions about his identity and destiny. In a crucial scene, Morpheus takes Neo to someone who can answer all of his questions: the Oracle, a kindly but mysterious grandmother who leads Neo down the right path by telling him just what he needs to know. And to top off her advice, the Oracle even gives Neo a cookie to help him feel better.
So what does The Matrix have to do with this book? Well, my friends, in our matrix (that is, the universe that you and I inhabit), the Oracle is none other than Google itself.Think about it.Whenever you have a question, whether big or small, you go to the Oracle (Google) and ask away. "What's a good recipe for delicious pesto?" "Are my dog's dentures a legitimate tax write-off?""Where can I read a summary of the post-modern philosophical work Simulacra and Simulation?"The Oracle answers them all. And if you configure some search preferences, the Oracle—i.e., Google—will even give your Web browser a cookie.
But, of course, you'll get far more information from the Oracle if you ask the proper questions. And here's the best part: in this book, Johnny Long plays Morpheus, and you get to be Neo. Just as Fishburne's character tutored and inspired Neo, so too will Johnny show you how to maximize the value of your interactions with Google. With the skills Johnny covers in this book, your Google kung fu will improve dramatically, making you a far better penetration tester and security practitioner.
In fact, even outside the realm of information security, I personally believe that solid Google skills are some of the most important professional capabilities you can have over the next five to 10 years. Are you a professional penetration tester? Puzzled parent? Political partisan? Pious proselyte? Whatever your walk is in life, if you go to Google and ask the right questions using the techniques from this book, you will be more thoroughly armed with the information that you need to live successfully.
What's more, Johnny has written this book so that you can learn to ask Google for the really juicy stuff—secrets about the security vulnerabilities of Web sites. Using the time-tested advice on these pages, you'll be able to find and fix potentially massive problems before the bad guys show up and give you a very bad day. I've been doing penetration testing for a decade, and have consistently been astounded by the usefulness of Web site searches in our craft. When Johnny originally started his Web site, inventorying several ultra-powerful search strategies a few years back, I became hooked on his stuff. In this book, he's now gathered his best tricks, added a plethora of new ideas, and wrapped this information in a comprehensive methodology for penetration testing and ethical hacking.
If you think,"Oh, that Google search stuff isn't very useful in a real-world penetration test... that's just playing around," then you have no idea what you are talking about. Whenever we conduct a detailed penetration test, we try to schedule at least one or two days for a very thorough investigation to get a feel for our target before firing a single packet from a scanner. If we can get even more time from the client, we perform a much deeper investigation, starting with a thorough interrogation of our favorite recon tool, Google.With a good investigation, using the techniques Johnny so masterfully shares in this book, our penetration-testing regimen really gets off on the right foot.
No comments:
Post a Comment