The Hacker Playbook 3: Practical Guide To Penetration Testing

by Peter Kim

Back for the third season, The Hacker Playbook 3 (THP3) takes your offensive game to the pro tier. With a combination of new strategies, attacks, exploits, tips and tricks, you will be able to put yourself in the center of the action toward victory. The main purpose of this book is to answer questions as to why things are still broken. For instance, with all the different security products, secure code reviews, defense in depth, and penetration testing requirements, how are we still seeing massive security breaches happening to major corporations and governments? The real question we need to ask ourselves is, are all the safeguards we are putting in place working? This is what The Hacker Playbook 3 - Red Team Edition is all about. By now, we are all familiar with penetration testing, but what exactly is a Red Team? Red Teams simulate real-world, advanced attacks to test how well your organization's defensive teams respond if you were breached. They find the answers to questions Do your incident response teams have the right tools, skill sets, and people to detect and mitigate these attacks? How long would it take them to perform these tasks and is it adequate? This is where you, as a Red Teamer, come in to accurately test and validate the overall security program. THP3 will take your offensive hacking skills, thought processes, and attack paths to the next level. This book focuses on real-world campaigns and attacks, exposing you to different initial entry points, exploitation, custom malware, persistence, and lateral movement--all without getting caught! This heavily lab-based book will include multiple Virtual Machines, testing environments, and custom THP tools. So grab your helmet and let's go break things! For more information, visit

Genres: Hackers, Technology, Computer Science, Nonfiction, Programming, Technical, Coding

398 pages, Kindle Edition

Published May 1, 2018

Reviews

[Darren Thomas]

Unless you have read the previous book, this can be a difficult read. It does, however, provide wonderful references and sources to seek further information.

[Omar Darwish · Rating 2 out of 5]

This is a tapas sampler of security topics and should not be considered an independent text. It is an entertaining read, but it is poorly formatted with many grammatical and spelling mistakes.

[F · Rating 4 out of 5]

The 3rd addition to the Hacker Playbook series did not disappoint! There was plenty of new material from the last book making the new addition definitely worth the purchase. Most useful chapters are on phishing methods, AV bypass through meterpreter/payload recompilation and encoding, and some OSINT data collection. Attacks against NodeJS templating, NoSQL Injection, more advanced XSS, XXE, deserialization and more..

not organized as well as it could be; example is that you find out half-way through the book that there is a linux distro made for the book, one of the chapters has a link to a zip file with code samples for THP3. Lots of references to THP2 book and why they did and didn't include content, wasted space in some cases.

would highly recommend this book for new and experienced penetration testers and red teamers looking to add to their arsenal.

[Ahmed Sultan · Rating 3 out of 5]

Well ,
Not as much as expected compared to the previous 2 editions
the attacks were very limited , felt like the author was in a rush or something
still useful , but not alone , strongly advised to put it together along with the 2nd edition

[عَبدُالكَرِيمْ · Rating 5 out of 5]

def a goodread. I learned few new tricks on this book.
I found this book the most interesting of the THP series.

[Sergey Machulskis · Rating 4 out of 5]

Messy writing, superb content and references. I didn't expect pentesting to be so developed topic. It shows how to use existing instruments (they are powerful) and how to choose a vector of attack.

[Jovany Agathe · Rating 4 out of 5]

Great. To continued

[Leonel David de Leon Juarez · Rating 5 out of 5]

Basic book for RT foundations, need to read before switching to RT