image: Daniel G. Graham is an assistant professor whose new book is “Metasploit: The Penetration Tester’s Guide.”
Credit: UVA Engineering photo
A University of Virginia researcher has a new book out — and the title will be instantly recognizable in the cybersecurity field.
Daniel G. Graham, assistant professor of computer science in the School of Engineering and Applied Science and a former program manager at Microsoft, joined the authors of the authoritative “Metasploit: The Penetration Tester’s Guide” for the book’s second edition, released in January.
Penetration testing simulates cyberattacks on systems to identify vulnerabilities. Banks, for example, have whole teams dedicated to keeping your money safe.
The book’s namesake comes from the Metasploit Project, a cybersecurity testing architecture that includes an open-source framework. The book serves as a comprehensive, user friendly introduction for cybersecurity professionals.
Students use "Metasploit" in Graham's Network Security course.
“After my book ‘Ethical Hacking’ (2021) was released, I was invited by the publisher, my editor and other authors to contribute to this edition,” Graham said. “It was a great opportunity to ensure that the cybersecurity field has an up-to-date, go-to resource for high-level security assessment.”
Graham contributed updated content as well as new chapters on penetration testing in cloud environments, advanced evasion techniques and other key topics “to ensure the book remains a comprehensive resource for security professionals.”
The other authors are cybersecurity industry professionals David Kennedy, Mati Aharoni, Devon Kearns and Jim O'Gorman.
The new release has received positive reviews from "red team engineers," whose job is to make their organizations’ systems hard targets, as well as other industry experts.
Menachem Rothbart, principal security consultant with Nettitude, called the book “(a)n absolutely fantastic addition to any penetration tester's bookshelf."
Graham earned his bachelor’s in computer engineering and master's in systems engineering from UVA in 2010 and 2011, respectively. He earned his Ph.D. in computer science from William and Mary in 2016. More information about his work is available on his author and research page.