The Hacker Playbook 3: Practical Guide To Penetration Testing
Back for the third season, The Hacker Playbook 3 (THP3) takes your offensive game to the pro tier. With a combination of new strategies, attacks, exploits, tips and tricks, you will be able to put yourself in the center of the action toward victory.
The main purpose of this book is to answer questions as to why things are still broken. For instance, with all the different security products, secure code reviews, defense in depth, and penetration testing requirements, how are we still seeing massive security breaches happening to major corporations and governments? The real question we need to ask ourselves is, are all the safeguards we are putting in place working? This is what The Hacker Playbook 3 - Red Team Edition is all about.
By now, we are all familiar with penetration testing, but what exactly is a Red Team? Red Teams simulate real-world, advanced attacks to test how well your organization's defensive teams respond if you were breached. They find the answers to questions like: Do your incident response teams have the right tools, skill sets, and people to detect and mitigate these attacks? How long would it take them to perform these tasks and is it adequate? This is where you, as a Red Teamer, come in to accurately test and validate the overall security program.
THP3 will take your offensive hacking skills, thought processes, and attack paths to the next level. This book focuses on real-world campaigns and attacks, exposing you to different initial entry points, exploitation, custom malware, persistence, and lateral movement--all without getting caught! This heavily lab-based book will include multiple Virtual Machines, testing environments, and custom THP tools.
So grab your helmet and let's go break things! For more information, visit http://thehackerplaybook.com/about/.
Reviews (114)
A must have for every security professional. Packed with cutting edge techniques that will give YOU the upper hand.
There are many cybersecurity books out there, however The Hacker Playbook is different than the rest. A lot of books go over theory, but few actually walk the walk and detail how to pull off the techniques. The author explains techniques in simple-to-understand concepts while backing them up with real-life code. You can choose to read with broad strokes to understand the techniques, and/or get granular with the code to execute the techniques. I stopped wasting my time with other "theory" books and have increased my knowledge and skill with this series. You won't be disappointed!
No coding, just a bunch of tools.
I do not have any experience with cyber security, information technology, linux, or even github. So the first thing that stuck out to me with this book was how things aren't really motivated. As I kept reading I understood why that is. It's because the book is meant to give you all the tools and nothing more. The book does an excellent job at this and there are A LOT of tools given to you throughout this book. The problem is, I was looking for a good deal of coding and a deep understanding. This book doesn't provide either of those. I guess I should've taken the title of the book 100% literally and not assume there would be any more to it. I had assumed it would be kind of like a Thomas or Stewart calculus textbook with a combination of rigor and practicality. This book is more like a life sciences calculus textbook.
Great addition to the series, plenty of new material including VMs to practice!
The 3rd addition to the Hacker Playbook series did not disappoint! There was plenty of new material from the last book making the new addition definitely worth the purchase. The author included VMs to actually practice some of the techniques and exploitation methods discussed in the book. My favorite part was a vulnerable web application (included with book) that allows you to put into practice some of the newer web attacks seen today. Attacks against NodeJS templating, NoSQL Injection, more advanced XSS, XXE, deserialization and more.. The author also included some pro tips on how to leverage BugBounties in the real world to up your game and make some cash. I would highly recommend this book for new and experienced penetration testers and red teamers looking to add to their arsenal.
Great hacks and up-to-date info for 2018
Good information, not organized as well as it could be; example is that you find out half-way through the book that there is a linux distro made for the book, one of the chapters has a link to a zip file with code samples for THP3. Lots of references to THP2 book and why they did and didn't include content, wasted space in some cases. Most useful chapters are on phishing methods, AV bypass through meterpreter/payload recompilation and encoding, and some OSINT data collection.
PoC-focused Red Team Resource
As a red team lead, it is often challenging to find quality technical literature focused on managing and executing red team operations. Other books focus on theory or provide too high-level guidance that is not actionable (i.e. ensure you red team your cloud environment), whereas Peter Kim provides direct proof of concepts and technical guidance. This book isn't intended to cover every possible red team attack scenario, but it is an excellent resource and overview of some of the must-have tactics, tools and procedures any red team who is aiming to get to the next level of sophistication should incorporate into their baseline. Peter does an excellent job breaking down each phase of an engagement into it's own contained section. This makes it easy for red team operators to go back and reference a particular tool, as there are dedicated sections for initial setup, reconnaissance, web app, etc. Lastly, I have to compliment Peter's ability to engage his audience. The book incorporates internet-accessible web/network challenges. This is great if you don't have a handy lab to test the discovery tools and attacks out against. This extra attention to detail further enables readers to grasp concepts by actually executing a simulated attack.
The Master Magician's Guide to Pen Testing! Notebook style...hands-on strategies, tools, labs and instructions! Tips & Tricks!
Need a hands-on practical step-by-step strategies...tools...labs...instructions...Tips & Tricks?! Well, this series of books has it all and is for YOU! Version 3 has arrived...so, roll up your sleeves and get ready to dive right into the depths and heart of pentesting with Peter Kim as your guide! Each page is packed with references, tools and step by step actionable instructions that open up door after door of knowledge to widen your perspective and deepen your knowledge. After reading just a few pages...I spent another several hours going through the links provided, installing tools, exploring the tools, and understanding lab setups. Then, on to the next set of few pages. This book is densely packed and small doses will take you a long way. However, the notebook style material is very clearly organized in specific phases so you don't got lost down the rabbit hole of Pentesting Wonderland. The explanations are well-written and straight to the point. So get busy and enjoy this book! Thank you, Peter! Excellent work!
Great book filled with useful pen testing TTPs
This is a great book. I've spent quite a bit of time methodically working through it, keeping notes, and appreciating the Github repos that extend the value of it. Do note, this edition is more red-team oriented. With that, the focus is less on compromising a Windows domain and more so persistence and capturing/exfiltrating information. I think this is the general direction of the pen testing profession as we know it today. You could say, this book is ahead of its time in that regard.
Five Stars. Fantastic resource.
The Hacker Playbook 3 is a fantastic resource for those looking to step up their penetration testing game or understand how advanced adversaries think and act. From setting up your hacking environment to creating custom malware and payloads, this book shows you the tools, tips, and tricks that are being used today. The book also contains links to free labs to give you hands-on experience with the material. While this book is not necessarily for a beginner, it should be on the shelf of every professional Pen Tester. The format makes the book easy to read, and the logical order of the book makes it a great reference material. A must-read for security professionals on both sides.
Interesting so far :) !..
I'm not really a computer whiz, but I found this book pop up on amazon and showed some interest...I guess I've just got interest in the "bad-boys gone good" in life :) I can read a page at a time, and get general information, though he does go into some detail, I think. He claims to not be a writer, but its produced in such a way that's fine to read. Its not all "algorithms" or "numbers", its paragraph format with some examples thrown about. This book is as the disclaimer author says (paraphrased), good-guy-hackers. Don't do this illegally, or you'll get in trouble...but if your helping your own company out, here's how to do it...gosh I hope I'm remembering the authors note right XD
Lack of Credibility
The author starts out by stating that he has no experience and is relying on experts? I know I would prefer to read from someone that has real world and programming experience. That admission kind of floored me, so much for credibility...
Comments
Post a Comment