The Hacker Playbook 3: Practical Guide To Penetration Testing

null
289
English
1980901759
9781980901754
01 May
Peter Kim

Back for the third season, The Hacker Playbook 3 (THP3) takes your offensive game to the pro tier. With a combination of new strategies, attacks, exploits, tips and tricks, you will be able to put yourself in the center of the action toward victory.

The main purpose of this book is to answer questions as to why things are still broken. For instance, with all the different security products, secure code reviews, defense in depth, and penetration testing requirements, how are we still seeing massive security breaches happening to major corporations and governments? The real question we need to ask ourselves is, are all the safeguards we are putting in place working? This is what The Hacker Playbook 3 - Red Team Edition is all about.

By now, we are all familiar with penetration testing, but what exactly is a Red Team? Red Teams simulate real-world, advanced attacks to test how well your organization's defensive teams respond if you were breached. They find the answers to questions like: Do your incident response teams have the right tools, skill sets, and people to detect and mitigate these attacks? How long would it take them to perform these tasks and is it adequate? This is where you, as a Red Teamer, come in to accurately test and validate the overall security program.

THP3 will take your offensive hacking skills, thought processes, and attack paths to the next level. This book focuses on real-world campaigns and attacks, exposing you to different initial entry points, exploitation, custom malware, persistence, and lateral movement--all without getting caught! This heavily lab-based book will include multiple Virtual Machines, testing environments, and custom THP tools.

So grab your helmet and let's go break things! For more information, visit http://thehackerplaybook.com/about/.

Reviews (114)

A must have for every security professional. Packed with cutting edge techniques that will give YOU the upper hand.

There are many cybersecurity books out there, however The Hacker Playbook is different than the rest. A lot of books go over theory, but few actually walk the walk and detail how to pull off the techniques. The author explains techniques in simple-to-understand concepts while backing them up with real-life code. You can choose to read with broad strokes to understand the techniques, and/or get granular with the code to execute the techniques. I stopped wasting my time with other "theory" books and have increased my knowledge and skill with this series. You won't be disappointed!

No coding, just a bunch of tools.

I do not have any experience with cyber security, information technology, linux, or even github. So the first thing that stuck out to me with this book was how things aren't really motivated. As I kept reading I understood why that is. It's because the book is meant to give you all the tools and nothing more. The book does an excellent job at this and there are A LOT of tools given to you throughout this book. The problem is, I was looking for a good deal of coding and a deep understanding. This book doesn't provide either of those. I guess I should've taken the title of the book 100% literally and not assume there would be any more to it. I had assumed it would be kind of like a Thomas or Stewart calculus textbook with a combination of rigor and practicality. This book is more like a life sciences calculus textbook.

Great addition to the series, plenty of new material including VMs to practice!

The 3rd addition to the Hacker Playbook series did not disappoint! There was plenty of new material from the last book making the new addition definitely worth the purchase. The author included VMs to actually practice some of the techniques and exploitation methods discussed in the book. My favorite part was a vulnerable web application (included with book) that allows you to put into practice some of the newer web attacks seen today. Attacks against NodeJS templating, NoSQL Injection, more advanced XSS, XXE, deserialization and more.. The author also included some pro tips on how to leverage BugBounties in the real world to up your game and make some cash. I would highly recommend this book for new and experienced penetration testers and red teamers looking to add to their arsenal.

Great hacks and up-to-date info for 2018

Good information, not organized as well as it could be; example is that you find out half-way through the book that there is a linux distro made for the book, one of the chapters has a link to a zip file with code samples for THP3. Lots of references to THP2 book and why they did and didn't include content, wasted space in some cases. Most useful chapters are on phishing methods, AV bypass through meterpreter/payload recompilation and encoding, and some OSINT data collection.

PoC-focused Red Team Resource

As a red team lead, it is often challenging to find quality technical literature focused on managing and executing red team operations. Other books focus on theory or provide too high-level guidance that is not actionable (i.e. ensure you red team your cloud environment), whereas Peter Kim provides direct proof of concepts and technical guidance. This book isn't intended to cover every possible red team attack scenario, but it is an excellent resource and overview of some of the must-have tactics, tools and procedures any red team who is aiming to get to the next level of sophistication should incorporate into their baseline. Peter does an excellent job breaking down each phase of an engagement into it's own contained section. This makes it easy for red team operators to go back and reference a particular tool, as there are dedicated sections for initial setup, reconnaissance, web app, etc. Lastly, I have to compliment Peter's ability to engage his audience. The book incorporates internet-accessible web/network challenges. This is great if you don't have a handy lab to test the discovery tools and attacks out against. This extra attention to detail further enables readers to grasp concepts by actually executing a simulated attack.

The Master Magician's Guide to Pen Testing! Notebook style...hands-on strategies, tools, labs and instructions! Tips & Tricks!

Need a hands-on practical step-by-step strategies...tools...labs...instructions...Tips & Tricks?! Well, this series of books has it all and is for YOU! Version 3 has arrived...so, roll up your sleeves and get ready to dive right into the depths and heart of pentesting with Peter Kim as your guide! Each page is packed with references, tools and step by step actionable instructions that open up door after door of knowledge to widen your perspective and deepen your knowledge. After reading just a few pages...I spent another several hours going through the links provided, installing tools, exploring the tools, and understanding lab setups. Then, on to the next set of few pages. This book is densely packed and small doses will take you a long way. However, the notebook style material is very clearly organized in specific phases so you don't got lost down the rabbit hole of Pentesting Wonderland. The explanations are well-written and straight to the point. So get busy and enjoy this book! Thank you, Peter! Excellent work!

Great book filled with useful pen testing TTPs

This is a great book. I've spent quite a bit of time methodically working through it, keeping notes, and appreciating the Github repos that extend the value of it. Do note, this edition is more red-team oriented. With that, the focus is less on compromising a Windows domain and more so persistence and capturing/exfiltrating information. I think this is the general direction of the pen testing profession as we know it today. You could say, this book is ahead of its time in that regard.

Five Stars. Fantastic resource.

The Hacker Playbook 3 is a fantastic resource for those looking to step up their penetration testing game or understand how advanced adversaries think and act. From setting up your hacking environment to creating custom malware and payloads, this book shows you the tools, tips, and tricks that are being used today. The book also contains links to free labs to give you hands-on experience with the material. While this book is not necessarily for a beginner, it should be on the shelf of every professional Pen Tester. The format makes the book easy to read, and the logical order of the book makes it a great reference material. A must-read for security professionals on both sides.

Interesting so far :) !..

I'm not really a computer whiz, but I found this book pop up on amazon and showed some interest...I guess I've just got interest in the "bad-boys gone good" in life :) I can read a page at a time, and get general information, though he does go into some detail, I think. He claims to not be a writer, but its produced in such a way that's fine to read. Its not all "algorithms" or "numbers", its paragraph format with some examples thrown about. This book is as the disclaimer author says (paraphrased), good-guy-hackers. Don't do this illegally, or you'll get in trouble...but if your helping your own company out, here's how to do it...gosh I hope I'm remembering the authors note right XD

Lack of Credibility

The author starts out by stating that he has no experience and is relying on experts? I know I would prefer to read from someone that has real world and programming experience. That admission kind of floored me, so much for credibility...

A must have for every security professional. Packed with cutting edge techniques that will give YOU the upper hand.

There are many cybersecurity books out there, however The Hacker Playbook is different than the rest. A lot of books go over theory, but few actually walk the walk and detail how to pull off the techniques. The author explains techniques in simple-to-understand concepts while backing them up with real-life code. You can choose to read with broad strokes to understand the techniques, and/or get granular with the code to execute the techniques. I stopped wasting my time with other "theory" books and have increased my knowledge and skill with this series. You won't be disappointed!

No coding, just a bunch of tools.

I do not have any experience with cyber security, information technology, linux, or even github. So the first thing that stuck out to me with this book was how things aren't really motivated. As I kept reading I understood why that is. It's because the book is meant to give you all the tools and nothing more. The book does an excellent job at this and there are A LOT of tools given to you throughout this book. The problem is, I was looking for a good deal of coding and a deep understanding. This book doesn't provide either of those. I guess I should've taken the title of the book 100% literally and not assume there would be any more to it. I had assumed it would be kind of like a Thomas or Stewart calculus textbook with a combination of rigor and practicality. This book is more like a life sciences calculus textbook.

Great addition to the series, plenty of new material including VMs to practice!

The 3rd addition to the Hacker Playbook series did not disappoint! There was plenty of new material from the last book making the new addition definitely worth the purchase. The author included VMs to actually practice some of the techniques and exploitation methods discussed in the book. My favorite part was a vulnerable web application (included with book) that allows you to put into practice some of the newer web attacks seen today. Attacks against NodeJS templating, NoSQL Injection, more advanced XSS, XXE, deserialization and more.. The author also included some pro tips on how to leverage BugBounties in the real world to up your game and make some cash. I would highly recommend this book for new and experienced penetration testers and red teamers looking to add to their arsenal.

Great hacks and up-to-date info for 2018

Good information, not organized as well as it could be; example is that you find out half-way through the book that there is a linux distro made for the book, one of the chapters has a link to a zip file with code samples for THP3. Lots of references to THP2 book and why they did and didn't include content, wasted space in some cases. Most useful chapters are on phishing methods, AV bypass through meterpreter/payload recompilation and encoding, and some OSINT data collection.

PoC-focused Red Team Resource

As a red team lead, it is often challenging to find quality technical literature focused on managing and executing red team operations. Other books focus on theory or provide too high-level guidance that is not actionable (i.e. ensure you red team your cloud environment), whereas Peter Kim provides direct proof of concepts and technical guidance. This book isn't intended to cover every possible red team attack scenario, but it is an excellent resource and overview of some of the must-have tactics, tools and procedures any red team who is aiming to get to the next level of sophistication should incorporate into their baseline. Peter does an excellent job breaking down each phase of an engagement into it's own contained section. This makes it easy for red team operators to go back and reference a particular tool, as there are dedicated sections for initial setup, reconnaissance, web app, etc. Lastly, I have to compliment Peter's ability to engage his audience. The book incorporates internet-accessible web/network challenges. This is great if you don't have a handy lab to test the discovery tools and attacks out against. This extra attention to detail further enables readers to grasp concepts by actually executing a simulated attack.

The Master Magician's Guide to Pen Testing! Notebook style...hands-on strategies, tools, labs and instructions! Tips & Tricks!

Need a hands-on practical step-by-step strategies...tools...labs...instructions...Tips & Tricks?! Well, this series of books has it all and is for YOU! Version 3 has arrived...so, roll up your sleeves and get ready to dive right into the depths and heart of pentesting with Peter Kim as your guide! Each page is packed with references, tools and step by step actionable instructions that open up door after door of knowledge to widen your perspective and deepen your knowledge. After reading just a few pages...I spent another several hours going through the links provided, installing tools, exploring the tools, and understanding lab setups. Then, on to the next set of few pages. This book is densely packed and small doses will take you a long way. However, the notebook style material is very clearly organized in specific phases so you don't got lost down the rabbit hole of Pentesting Wonderland. The explanations are well-written and straight to the point. So get busy and enjoy this book! Thank you, Peter! Excellent work!

Great book filled with useful pen testing TTPs

This is a great book. I've spent quite a bit of time methodically working through it, keeping notes, and appreciating the Github repos that extend the value of it. Do note, this edition is more red-team oriented. With that, the focus is less on compromising a Windows domain and more so persistence and capturing/exfiltrating information. I think this is the general direction of the pen testing profession as we know it today. You could say, this book is ahead of its time in that regard.

Five Stars. Fantastic resource.

The Hacker Playbook 3 is a fantastic resource for those looking to step up their penetration testing game or understand how advanced adversaries think and act. From setting up your hacking environment to creating custom malware and payloads, this book shows you the tools, tips, and tricks that are being used today. The book also contains links to free labs to give you hands-on experience with the material. While this book is not necessarily for a beginner, it should be on the shelf of every professional Pen Tester. The format makes the book easy to read, and the logical order of the book makes it a great reference material. A must-read for security professionals on both sides.

Interesting so far :) !..

I'm not really a computer whiz, but I found this book pop up on amazon and showed some interest...I guess I've just got interest in the "bad-boys gone good" in life :) I can read a page at a time, and get general information, though he does go into some detail, I think. He claims to not be a writer, but its produced in such a way that's fine to read. Its not all "algorithms" or "numbers", its paragraph format with some examples thrown about. This book is as the disclaimer author says (paraphrased), good-guy-hackers. Don't do this illegally, or you'll get in trouble...but if your helping your own company out, here's how to do it...gosh I hope I'm remembering the authors note right XD

Lack of Credibility

The author starts out by stating that he has no experience and is relying on experts? I know I would prefer to read from someone that has real world and programming experience. That admission kind of floored me, so much for credibility...

Physical Book Was Poor Quality

The bindings of the book began falling apart the moment I opened it. Many of the pages are stuck together with what looks like glue.

10/10

The book was fantastically written with clear concise directions for most, if not all, steps included. If you are coming from THP2, you'll find this as a great way to get an even better idea on some topics. The topics, tools, and tips were/are perfect for use in the common, everyday pentest situations that one might face. The author is also very quick to questions one might give. 10/10 would read again.

The Hacker Playbook 3 is a fantastic addition to the series

The Hacker Playbook 3 is a fantastic addition to the series, and illustrates the latest methods and techniques used by red teamers in a practical and easy-to-read manner. Using trusted Windows utilities to execute code and bypass application whitelisting, dumping NTLM hashes from Windows 10 without touching LSASS, and "living off the land" are just a few of the topics covered in this book that can provide readers of varying skill levels the ability to perform modern attacks against modern environments. I highly recommend picking up a copy!

Fun Reading Material

This was a fun book to read. I have read the second version as well. Unfortunately, the security tools evolve so quickly that this book will be partially irrelevant in a few years. Don't expect to be a professional after reading this book, but at least you will have some insight into how attack workflows look.

Great book for Both Side”BTM and RTM”

A lot of good information on this book but it doesn’t have clear step by step information if you want to install the toolset individually.Great for Security Analysts understandings what is dark sides trying to do to your system.

A very fun read with lots of great information.

This is another great book that can save people that are new to ethical hacking a ton of time getting up to speed. I highly recommend it.

A peek behind the curtain

Bought it mainly for exposure to the element but it seems to be very interesting if you have the time.

Great read

As good if not better tha. The first two in this series. I definitely recommend this book to anyone getting into penetration testing.

Peter does not disappoint with updated material and more hands on labs

Huge fan of the hacker playbook series, been reading it since I've got my start in pentesting. Once again, Peter does not disappoint with updated material and more hands on labs. Highly recommend for the "Web App Exploitation" section which comes with its own vulnerable VM to practice on and the "Evading AV and Network Detection" chapter which discusses novel techniques in AV bypass.

HP3

Good, useful information, well formulated and presented. But some of the links included are not functional.

Fantastic Book: Recommended at any level.

This book is fantastic. Recommended to everyone at all levels wanting to learn more about pen-testing. The book is well written and guided to get you more in depth and in line with the tools and methodologies. Peter Kim is a well known security industry expert and researcher. Very talented in his work. Definitely recommended.

Everything too generalized, no depth and full coverage of topic

The book has everything but only scratches all on the surface. Everything is explained in basic general steps, no precise penetration testing. And many times author says the topic is detailed in the 2nd edition of the book, so you have to buy the 2nd edition of the book. Useless.

Good book

Good book. Read it while I was studying in college.

Great book! The real deal

Great book! I got it today and I’m very excited!

Great book

Love this book and great resource

Four Stars

Getting better. Red team specific. Mostly windows but worth the purchase if you can glean 25% or more.

Great book with LOTS of information

This is a foundation for any person in the security field that needs to know how to defend against cyper attacks. This doesn't cover everything, but gives a great foundation of information to follow.

Excellent A+++ Buy It!

The hacker playbooks are all worth having, buy them now! i have read all three of these and i have gained so much valuable knowledge, i highly recommend investing in all 3 if you can.

Calendar

Outstanding!

Informative

Book is very informative

Excellent

Excellent

Well, it's a book chalk full of greatness...

So, buy it. Read it. Love it. Enjoy.

Amazing easy to read content

This book is full of easy to understand methods to strengthen your security game whatever your reasons may be. I highly recommend this book to everyone interested in IT.

Great book

This book is the best yet. Great content and next level labs. Do yourself a favor and buy it.

All ok

All ok

I’ve learned a lot!!

Great book. Wow! If you are into Pentesting, you will definitely enjoy this!!

A Must Read!!!

Whoa! If you're just starting out or a season Pro this is a must read! Amazing book/labs; wish I would of found this series sooner!

A great book for beginners to intermediate

As the title says, this book, much like the two before it, is a tremendous up-to-date tool for hackers and would be penetration testers, that covers the basics and slightly dabbles into intermediate topics.

Four Stars

Great book, I just ordered #3

awesome product

awesome product

Great book, just wish they put more effort into ...

Great book, just wish they put more effort into how to setup a VM environment properly for those who want to learn but do not. I am an IT guy but not a network admin, so NAT an bridging and which to use to stay safe when you PC is connected to the network and internet, but your vm's are not. I don't want to mistakenly open my OS's in my VM to outside internet.

Great

Great read

Every IT person Should buy this book

There are many great practical labs and cases that will help you to understand the security and fundamentals of security in Linux I highly recommend this book.

Well organized and flows well. Step-by-step breakdowns are valuable ...

Well organized and flows well. Step-by-step breakdowns are valuable to me and helps me comprehend the entire process much easier.

Just what my it director told me to get!! A+++

Thanks, just what my it director told me to get! Would buy again.. A++++

Great book

I did not read all the other hacker playbooks but I loved this book. Have not finished it yet but recommended to all information security professionals!

I love the way this guy writes

I love the way this guy writes, the content is current, usable, and I always walk away with something new to add to my bag of tricks.

Useful book for hacker

Interesting book for those who want to understand the hide side of security and how to manage your environment against penetration attemps

Great informations for penetration testing

Perfect book for every penetration tester and IT security professionals. It is whole new book, so it is recommended even for The Hacker Playbook 2 owners.

Five Stars

Absolutely amazing!!

Awesome book on red team techniques!

Another great book by Peter Kim. I have the first two books as well. I like that this book goes into red teaming and it's not just an update of the previous books. I recommend this book and especially for those wanting to learn red teaming. This would be useful for transitioning from pentesting to red teaming.

Five Stars

Yep

Five Stars

Great book as always, good for people from all experience levels.

Needed for Ethical Hacking class

Perfect! This book was required for my Ethical Hacking class and I’m really glad I bought it, a great book

Alex

cool one

Five Stars

Great coverage of the latest penetration testing techniques.

Good for all skill levels.

Excellent read! Good range of techniques and knowledge base. Even has humor sprinkled throughout!

Great hacking book for beginners red teamers.

It is an excellent book, with a great deal of information.

ilustrativo

sigo la saga de este libro y me parece facil para practicar

Nice one

Good book to read

Great info

Great information! Covers a wide variety. Up to date.

BUY THIS BOOK. JUST DO IT!

As good a primary resource and supplemental field book on offensive security as exists. The information is presented in as plain English as is possible and it's clear the author actually wants you to know and learn what he has in his wealth of experience. Real, hands on experience with practical examples that currently work, not just resume fluff. No cryptic talk and/or generic, old examples while withholding the good stuff, no useless buzzwords or self aggrandizement, just the good stuff, pure and simple with as little frills and distraction as possible. For the cost of a delivery pizza, you'll get a book with twice the useful content and none of the page count padding filler that you'll find with almost any of the ~$50 alternatives out there.

Great

Awesome book

Four Stars

It's an amazing book

Great book current concepts

Loved it great author

Five Stars

Good Book

Five Stars

Another great book in the series!

Five Stars

Must have for any pentester/bug bounty hunter.

Very good book for starters and mid levels

Very good book for starters and mid levels. If you know more than that, you won't learn too much things from this book. There is only one thing that I don't like with this book. Author shares too much link -which is good- however, he should put a TLDR summary at least. I type the URL by hand and it appears that information is not interesting for me. Overall, it's a very good book. Thanks for writing this.

Three Stars

First two were outstanding, this was blah

Fantastic Resource!

The Hacker Playbook 3 is another great entry to the series, and the labs provide tons of cool information and real world experience. It goes step by step, showing you how all of the common attacks work, and the many facets Red Teams look at while planning. The font and art makes reading it a breeze, keeping you reading. If you're looking to get into Red Teaming, this will be a great tool!

not for a novice, but packed with information

The Hacker Playbook: Practical Guide to Penetration Testing 2014 By Peter Kim Before the one entry semester I spent in a Computer Science curriculum, I have had no thorough experience with a computer except for the GUI. Years of using the GUI. These, coupled with the one semester were not enough to prepare me for this book. That being said I would have been able to read the book completely and understand the jist, looked up major vocab words, interconnect these, etc… and would have learned a lot still. However my time is being spent on a more ground-up hacking book. What I can offer through this review is a closer look through the chapters I took notes on, and a general format of Kim’s organizational approach. The chapter topics follow: 1. Setup Kim outlines the programs to download in order to follow the book’s examples. Some cost, others don’t. 2. Scanning the Network External, Internal, and Web Application Scanning. The chapter ending summarizes “using specialized or customized port scans, web scraping, ‘smart brute forcing,’ and automated tools” are crucial for a successful exploitation. 3. Exploiting Scanner Findings 4. Manual Web Application Findings Here I found a lot of web attack types to add to my vocab, including SQLi, XSS, CSRF, Session Token Entropy, etc… Again, Kim goes through these words in full expectation that the reader will have previous knowledge of them. 5. Moving Through the Network This chapter I found particularly neat. It talks about working your way through a network via “privilege escalation.” Kim explains methods to get from being on the network: without any credentials, with domain credentials, and finally with a Local Admin or Domain Admin account. This is the point I found greener pastures (for now). Following chapters include: 6. Social Engineering 7. Attacks that Require Physical Access 8. Evading AV (anti-virus) 9. Cracking, Exploits, Tricks 10. Reporting 11. Continuing Education Having gone through about half the chapters, the general format I was outlining notes in follows: A. Main chapter topics (tasks to accomplish for preparation and attacks) B. Tools used (from 1. Setup) to accomplish tasks. a. Tool attributes and functions. C. Examples that execute tasks using tools. A general note for Kim: higher picture resolution, or save the ink. Summary: Above my level, but clearly packed with information and bookmarked for down the road.

Must read for security enthusiasts. Great reference for professionals.

Loved. Great read for those with a solid understanding of the fundamentals and could be easily used as a reference for more seasoned folks. Felt like it did a great job of outlining strategies and exploits and is a great update since new approaches have become commonplace since the last 2 books in the series. Must read for security enthusiasts. Great reference for professionals. Also author is very sexy in his CNBC interviews.

GREAT RESOURCE FOR THE PEN TESTER

A great wealth of supplementary information for the computer penetration tester. It introduces a number of interesting concepts and will be of great interest to people working in this area. You need also to refer to Playbook 2 as this contains a great deal of useful information which is not covered in Playbook 3. You will get the most enjoyment out of this book if you also read it in conjunction with other scholarly texts to ensure that you understand the concepts covered.

This is a must have for anyone interested in technology.

If the first two books in this series were amazing, the third edition is a master piece. Imagine having a legend in the industry taking his notes and breaking them down step by step, then providing labs and exact examples for you to practice on. It's like having Bill Belichick or Phil Jackson (any legendary coach) not only coach you through the plays they are running but providing the arena/gym as well as the players you need to get your reps in. If you have any interest in the industry, this is a must have resource.

New Up to Date Attacks and great VM to practice. Easy to start learning right away.

This book is awesome. It is up to date with the current attacks and "plays" that are working in the field today. The Vm's help you get up and running quickly. No matter what your level, or what your goals are with the book it has something for you, from the most hardened red Teamer to the person just starting out. This is a great addition to the Hacker Playbook series. It is full of new information, and labs. Highly recommend. If you have the first two books or not this is a great addition to any library.

Excellent book and Real World tested!

The text is written very well...builds nicely off of the previous editions as well. I had the opportunity to take a course by Peter Kim through LETHAL Security training where we cover a lot of these concepts as well in a nice hands on environment. Done very well and made me a lifetime fan of his work! Highly recommended!

current and realistic hacking techniques and methodologies

I have read the previous editions and have acquired excellent knowledge from them. I am not diving into the 3rd edition of this book series and I have already found some useful tips and current techniques. The world of security is ever-evolving and one of my issues with books is that a lot of them become outdated due to changes in technology and authors do not release updated versions. The Hacker Playbook series of books tackle that problem. get it? anyway I love these books mostly due to the dive into current and realistic hacking techniques and methodologies. Overall this is an excellent book from a very knowledgeable author. Happy hacking.

Great general guide to pen testing

I liked that this book uses Kali as the main focus because it's the perfect OS for pentesting. The book gave good, "safe" knowledge, but it did not show too many advanced techniques which is where all the fun is. I thought it was a good buy for the price.

One Star

Really waste to buy.

👍🏼

Arrived early and as described. No complaints.

Arrived on time and is what I expected

Arrived on time and is what I expected

Good read but the internet is available

Good book but definitely not for beginners. The concept is good focusing around a scenario makes it a bit easier to follow . Prerequisites for the book is a basic Linux understanding and alot of patience , for myself I found myself re reading alot of it . This book is good for learning a process and procedure to look at a problem. But Futher research is needed with this book from the user

Nicht schlecht, aber auch nicht toll

Das Buch ist grundsätzlich nicht schlecht - wer aber tiefer als "Security-Prozesse" von der Materie etwas verstehen möchte, findet es hier sicher nicht. Der Autor schreibt ja ehrlich über sich selber, dass er kein Developer oder Reverse-Engineer sei - und ohne selber im Assembler schreiben zu können, kann man lange über die Security anhand von Tools und Prozessen diskutieren: es ist dann so, als ob jemand über die Pianos den Profis berichtet möchte und selber nie nach Noten spielen konnte. Was ziemlich auch nervt, sind die viele unsinnige Abkürzungen (VUA) in diesem Hacker Playbook Buch (HPB) - dann kann man sehr klug-aussehende Sätze schreiben: HPB ist voll von VUA :-). Das macht dann echt keinen Spass, nach wild-definierten Abkürzungen im ganzen Buch zu suchen, damit man den danach folgenden Text dechiffrieren kann. Somit überspringt man solche Sätze nach gewisser Weile einfach: und kombiniert mit dem fehlendem Low-Level Knowhow des Autors leidet die Qualität entsprechend. Desweiteren wird man das Gefühl nicht los, dass der Autor die überteuerte "Hacker-Tools" immer wieder empfiehlt, nur weil er davon etwas selber hat: ich kann mir ehrlich nicht vorstellen, wie ein echter Underground-Hacker am Ende der Welt 3.5kEUR jährlich für solche Monster-Bloatware zahlt. Die Vorstellung des Autors, dass man in der Cloud bei Amazon AWS eine Hacker-Farm anlegt und dann mit tausenden fremden Scripten und jährlichen Lizenz-Kosten die Welt hackt, ist kindisch. Das ist doch keine Photoshop Subscription; ein Hacker hat viel einfachere Tools, zahlt auch keine Lizenzen für Bloatware, benutzt keine selber erfundene Abkürzungen, kümmert sich nicht um die Blue-Team Reaktionszeit und kann Assembler lesen. Na ja, aber aus der Sicht einer Firma, die die Security-Problematik irgendwie greifbar verstehen möchte, ist es nicht schlecht, eine Übersicht der Prozessen und kommerziellen Tools zu kennen.

present

Xmas present but totally lost on me

Great book

This is good but a little more advanced for absolute beginners.

it is what it says it is

Great book, to my ever exspanding Libary, i prefer hard copies over electric copys.

Good for beginners

Very detailed

Great book

Husband loves it

Gute Übersicht..

Haufen Beispiele und Links zum Download. Für die jenigen die gerade erst mit der Thematik anfangen ganz gut. Der Kauf der Vorgänger lohnt sich m.M.n trotzdem. In Jeder Ausgabe werden verschiedene Herangehensweisen behandelt. (z.b Keylogger in THPB2 mit Python und in THPB3 mit C) Darüber hinaus bekommt man als Neuling die richtigen Quellen und Möglichkeiten gezeigt. (GitHub, VM's in der Cloud etc.) Was ich aber Schade fand ist die Tatsache daß die ganzen überteuerten Hak5 Produkte vorgestellt wurden, die OpenSource alternativen wie WHID oder P4wnP1 aber nicht einmal erwähnt wurden!

A very nice and original addition to the series

As the subtitle of the book itself says, this new edition of THP focuses more on red team attacks, thus distinguishing itself from the two predecessors by introducing new tools, new techniques, and a lot of interesting material to learn from for your everyday pentesting jobs or just out of curiosity. Recommended for every security enthusiast out there.

Fantastic Book. Tips & Tricks. VM for practice.

At the time I bought THP2 and I loved it. A friend who bought THP3 left it to me and seeing all the new material that it incorporates, I also bought it. Although I have already read it, it is just to buy my copy of the book ;-) I recommend it for everyone who starts or even has some experience and if you like this series of books, I would also recommend the Sparc Flow books. I hope there is a THP4 and that it was focused on how to defend our Microsoft infrastructure, what events to monitor, solutions to take into account to fight against redteam, etc. (Okay, there is a lot of information on Google but ... what would Peter Kim do? ) This book, unlike the rest I have read, includes virtual machines to do the practices and is a great success.

Totally freakin' awesome!!!

I already know the first two books of "The Hacker Playbook". They were already very good. But the third one tops them all. The Author really knows his stuff and you can see that he worked in this line of work a long time. It is very structured & easy to follow and it is fun to try the attacks with the provided material (VMs, Links to explore a topic further) . If there'll be a fourth edition, I'll buy that too.

Too little explanations behind, more of a howto than a course

The book presents many exploits and techniques but without describing them deeply enough to open the mind of the reader to further development, but mostly just to execute them, indeed it's a "playbook". This is my opinion is a negative point as it limits the scope of the book, which still delivers some interesting information especially for beginners (or just above that). Also I find the usage of commercial tools for the demonstrations not very good, sounds like the author is doing a commercial indeed.

So far so good

I've been reading the book for a while and just finished the discovery section. So far I'm pleased with the content of the book, it can sometimes be a little light on description and instructions, but overall it's very informative and the tools that are described within are very useful. It's one of the better books I've read about pen testing, I'd give it a 4.5/5 and definitely recommend it to people who have a decent understanding of computers and security but are light on practical knowledge and experience of pen testing.

Sehr gut

Das Buch ist fuer die Menschen die ihre Kenntnisse verschaerfen wollen. Es wird auf der Uni auf dem Masterstudium IT Security unterrichtet und ihr wisst es dann schon um welche Kenntnisse es handelt.

Not Useful and No coding or concept detail

This book give overview of other tools available on internet... there is no code or concept to hack anything or secure anything..... waste of money

very interesting

bought this as a gift for a student very much appreciated

Bel libro

Interessante e stimolante, illustra vari percorsi e strategie per questo affascinante mondo.

Excellent

Sent on time. Brand new as described.

Better quality

Book is great knowledge ! . Good customer support ! .

Good content but poor quality book.

Technically a good book, but poor binding and blurry and pixelated images. I could print better with my cheap Canon printer. Too expensive for the book quality.

New techniques and tools

A great book with new techniques. I'd say must know a bit about pen-testing before hand as this isn't an intro book to hacking.

Trending Books