What do you think?
Rate this book
The Hacker Playbook: Practical Guide to Penetration Testing
Just as a professional athlete doesn’t show up without a solid game plan, ethical hackers, IT professionals, and security researchers should not be unprepared, either. The Hacker Playbook provides them their own game plans. Written by a longtime security professional and CEO of Secure Planet, LLC, this step-by-step guide to the “game” of penetration hacking features hands-on examples and helpful advice from the top of the field.
Through a series of football-style “plays,” this straightforward guide gets to the root of many of the roadblocks people may face while penetration testing—including attacking different types of networks, pivoting through security controls, and evading antivirus software.
From “Pregame” research to “The Drive” and “The Lateral Pass,” the practical plays listed can be read in order or referenced as needed. Either way, the valuable advice within will put you in the mindset of a penetration tester of a Fortune 500 company, regardless of your career or level of experience.
Whether you’re downing energy drinks while desperately looking for an exploit, or preparing for an exciting new job in IT security, this guide is an essential part of any ethical hacker’s library—so there’s no reason not to get in the game.
Through a series of football-style “plays,” this straightforward guide gets to the root of many of the roadblocks people may face while penetration testing—including attacking different types of networks, pivoting through security controls, and evading antivirus software.
From “Pregame” research to “The Drive” and “The Lateral Pass,” the practical plays listed can be read in order or referenced as needed. Either way, the valuable advice within will put you in the mindset of a penetration tester of a Fortune 500 company, regardless of your career or level of experience.
Whether you’re downing energy drinks while desperately looking for an exploit, or preparing for an exciting new job in IT security, this guide is an essential part of any ethical hacker’s library—so there’s no reason not to get in the game.
294 pages, Kindle Edition
First published March 13, 2014
203 people are currently reading
1413 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 20 of 20 reviews
January 26, 2015
This book lays a great framework for running a successful penetration test. This book does not go in depth with any technique or tool but does a good job at instructing the reader where to go to learn more by providing links to presentations or other books.
If you don't know your way around Metasploit+Linux+Windows, I'd start off with a different book. This book is more of a reference guide than instructional, so I don't see people without a little background knowledge retaining the information.
If I had read it at the time of publication, I probably would of rated it five stars. A few tools came out since publication which would of been great mentions. For instance it states do not upload to VirusTotal, but doesn't mention a great way to do virus scans yourself. PlagueScanner, would of been great right here, but is very new software (saw the presentation at the Shmoocon 2015 Firetalks).
I read it in ~5 days on the Kindle PaperWhite, the formatting was better than most technical eBooks.
If you don't know your way around Metasploit+Linux+Windows, I'd start off with a different book. This book is more of a reference guide than instructional, so I don't see people without a little background knowledge retaining the information.
If I had read it at the time of publication, I probably would of rated it five stars. A few tools came out since publication which would of been great mentions. For instance it states do not upload to VirusTotal, but doesn't mention a great way to do virus scans yourself. PlagueScanner, would of been great right here, but is very new software (saw the presentation at the Shmoocon 2015 Firetalks).
I read it in ~5 days on the Kindle PaperWhite, the formatting was better than most technical eBooks.
June 10, 2019
DNF. The gist of this book is that it namedrops a metric ton of different tools, spend pages on describing how to install them and two words on that they can be used. No explanation of the tools, what they do, the exploits they use, or what else they can do outside of the extremely narrow focus of the current paragraph.
Granted, the reader is warned about this in the beginning (you are expected to know how to use these tools before you read this book), but this also means that the book renders itself pointless -- if you know how to use all the tools you do not need this book because you probably know more than the author already, and if you don't know the tools the book will not help you.
The book is weirdly formatted (bullet list all the things!), and not proofread.
Granted, the reader is warned about this in the beginning (you are expected to know how to use these tools before you read this book), but this also means that the book renders itself pointless -- if you know how to use all the tools you do not need this book because you probably know more than the author already, and if you don't know the tools the book will not help you.
The book is weirdly formatted (bullet list all the things!), and not proofread.
September 30, 2014
I perform pentests everyday for a living and this is an invaluable book. I would recommend it to anyone starting or even any seasoned pentester. #Don'tLeaveHomeWithoutIt
September 24, 2021
The first edition is a little dated, but all of the basics are still there. If you are looking to read this book, grab the second edition. I'll be reading that next to see what changes were made.
that being said, this book was amazing. It didn't deep dive into any of the topics, but it was a good, fast read. I believe the second edition will go deeeper into these topics and more. can't wait to read it!
that being said, this book was amazing. It didn't deep dive into any of the topics, but it was a good, fast read. I believe the second edition will go deeeper into these topics and more. can't wait to read it!
March 10, 2023
This book can be seen as some kind of a “tips” book for each phase of a pentest, it doesn’t go too deep into the explained techniques and each uses 2 or 3 different tools. Code formatting is way too bad and somehow kinda uncomfortable to read. It’s a nice guide with some points of view from an experienced pentester.
August 8, 2017
Thought the book started off incredibly poorly for the reconaissance and web exploitation sections. However the post-exploitation and lateral movement chapters were outstanding and somewhat redeemed the book.
November 15, 2019
Aimed to pentesting professionals, has interesting ideas but wastes too much time and space on how to install the tools and screenshots. Would have preferred more explanation on how the tools actually work or more out-of-the-box ideas.
January 8, 2019
Its too focused on being step by step it's either the authors way or the highway.
October 13, 2021
Good source of information summed up to a really short read. Even it can feel quite outdated nowadays, it's a very nice manual for the begging.
October 27, 2021
Very practical!
November 14, 2023
This book is not for OSCP. Basically just a list of stuff.
November 10, 2022
it's the best book for who wants to learn about cyber-security.
November 8, 2015
That's totally a worth to read book.
For beginner it will give Idea about a lot of techniques out there , and for professionals It really can be considered as large amount of notes which can be depend on during pentesting
4* because there still a lot of technologies and techniques that haven't been discussed in the book (which am sure they cant be collected in one book)
At the moment am writing that review , second edition is already out
will start reading hopefully it filled the gabs in this edition
For beginner it will give Idea about a lot of techniques out there , and for professionals It really can be considered as large amount of notes which can be depend on during pentesting
4* because there still a lot of technologies and techniques that haven't been discussed in the book (which am sure they cant be collected in one book)
At the moment am writing that review , second edition is already out
will start reading hopefully it filled the gabs in this edition
January 21, 2015
The book tried to cover a lot of penetration testing aspects under one cover (web vulnerabilities, system exploitation, AV evasion, social engineering,..etc). It's useful for professional penetration testers (not beginners) who would like to learn tricks to help them do their job. Sometimes a small trick can help you penetrate a million dollar system.
March 10, 2015
You need liters of "smart juice" (coffee) to try all the tools in this book. Appreciated the straightforward approach and had lots of fun playing around. Honestly, I started monitoring my access point to check if my neighbors read this book as well!
April 27, 2015
it is a good book which many useful ways to evade antivirus and create web shells.
I would recommend reading about metasploit and network scanning before reading this book
the book is full of URLs .
overall, it is really good book
I would recommend reading about metasploit and network scanning before reading this book
the book is full of URLs .
overall, it is really good book
June 15, 2014
Very little by way of new material, but if one is just starting out, this book is decent for its purpose.
Read
October 16, 2015Location: PTI IRC
Accession No: DL027626
Accession No: DL027626
March 28, 2016
A great book if you know how hacking works and want a step by step guide through a professional pentest.
Both engaging and informative without being filled with fluff.
Both engaging and informative without being filled with fluff.
March 8, 2021
walk through of various tools that pen testers use. Would have liked to see underlying how they work and more use cases rather than how to use them.
Displaying 1 - 20 of 20 reviews