The Hacker Playbook 2: Practical Guide To Penetration Testing
- Downloads:9324
- Type:Epub+TxT+PDF+Mobi
- Create Date:2021-05-03 11:54:03
- Update Date:2025-09-06
- Status:finish
- Author:Peter Kim
- ISBN:1512214566
- Environment:PC/Android/iPhone/iPad/Kindle
- Download
Summary
Just as a professional athlete doesn't show up without a solid game plan, ethical hackers, IT professionals, and security researchers should not be unprepared, either。 The Hacker Playbook provides them their own game plans。 Written by a longtime security professional and CEO of Secure Planet, LLC, this step-by-step guide to the "game" of penetration hacking features hands-on examples and helpful advice from the top of the field。
Through a series of football-style "plays," this straightforward guide gets to the root of many of the roadblocks people may face while penetration testing-including attacking different types of networks, pivoting through security controls, privilege escalation, and evading antivirus software。
From "Pregame" research to "The Drive" and "The Lateral Pass," the practical plays listed can be read in order or referenced as needed。 Either way, the valuable advice within will put you in the mindset of a penetration tester of a Fortune 500 company, regardless of your career or level of experience。
This second version of The Hacker Playbook takes all the best "plays" from the original book and incorporates the latest attacks, tools, and lessons learned。 Double the content compared to its predecessor, this guide further outlines building a lab, walks through test cases for attacks, and provides more customized code。
Whether you're downing energy drinks while desperately looking for an exploit, or preparing for an exciting new job in IT security, this guide is an essential part of any ethical hacker's library-so there's no reason not to get in the game。
Through a series of football-style "plays," this straightforward guide gets to the root of many of the roadblocks people may face while penetration testing-including attacking different types of networks, pivoting through security controls, privilege escalation, and evading antivirus software。
From "Pregame" research to "The Drive" and "The Lateral Pass," the practical plays listed can be read in order or referenced as needed。 Either way, the valuable advice within will put you in the mindset of a penetration tester of a Fortune 500 company, regardless of your career or level of experience。
This second version of The Hacker Playbook takes all the best "plays" from the original book and incorporates the latest attacks, tools, and lessons learned。 Double the content compared to its predecessor, this guide further outlines building a lab, walks through test cases for attacks, and provides more customized code。
Whether you're downing energy drinks while desperately looking for an exploit, or preparing for an exciting new job in IT security, this guide is an essential part of any ethical hacker's library-so there's no reason not to get in the game。
Reviews
Denis
,
Not my type of book。I haven't finished it yet but so far it only shows how to use tools, some of them are very intuitive and don't need a tutorial i。e book。 There was a section on ElasticSearch, it didn't explain what it is and the author just ran some script from Github which was exploiting CVE-2015-1427。 That "same thing" could be done in a single line with cUrl。I'm not really feeling like I'm learning anything but at least I get to see some new tools, perhaps some of them are useful。 Not my type of book。I haven't finished it yet but so far it only shows how to use tools, some of them are very intuitive and don't need a tutorial i。e book。 There was a section on ElasticSearch, it didn't explain what it is and the author just ran some script from Github which was exploiting CVE-2015-1427。 That "same thing" could be done in a single line with cUrl。I'm not really feeling like I'm learning anything but at least I get to see some new tools, perhaps some of them are useful。 。。。more
Daniel Barenboim
,
Extremely thorough in terms of the subject and material it covers。Provides extra resources (quality resources) and helps you get an idea of how attacks work。In terms of practicality, I would treat it more as a reference guide。 This book gets you in the hacker mindset and makes you realize that being an Ethical Hacker is all about finding problems, exploiting them, and fixing them。 A problem-solving mentality is a must。Coding skills : optional。
coolwind
,
A very comprehensive introduction to the hacker’s world。
Jovany Agathe
,
AWESOME
F
,
This book offers general tricks and theory on how to improve your skills of being a pen-tester "hacker" Security Professional。 Its not going to make you l337 overnight。 Mr Kim does a great job showing how he exploits systems and networks and easy to use tricks on how to do the same。but has tons of pictures and not a lot of depth into any one topic。 Good reference to give you ideas on tools so you can go look elsewhere to get the indepth knowledge about it This book offers general tricks and theory on how to improve your skills of being a pen-tester "hacker" Security Professional。 Its not going to make you l337 overnight。 Mr Kim does a great job showing how he exploits systems and networks and easy to use tricks on how to do the same。but has tons of pictures and not a lot of depth into any one topic。 Good reference to give you ideas on tools so you can go look elsewhere to get the indepth knowledge about it 。。。more
Lucas Truax
,
I dare you to find a better book on penetration testing。 You won't and my assertion is based on two points: 1) the breadth of topics covered here from initial network recon and entry to web application attacks and privilege escalation and 2) the fact that the book provides a great step-through (more than an overview) of hacking tools while still forcing the reader to learn principles behind technologies and exploits。 I dare you to find a better book on penetration testing。 You won't and my assertion is based on two points: 1) the breadth of topics covered here from initial network recon and entry to web application attacks and privilege escalation and 2) the fact that the book provides a great step-through (more than an overview) of hacking tools while still forcing the reader to learn principles behind technologies and exploits。 。。。more
Ayoub
,
till now, the pen testing methodology is not perfectly experiential either with those playbooks or textbooks。 You've got to improvise a lot in order to produce systematic results with flawless report, the usual reconnaissance exploitation framework shall be revamped and enhanced accordingly 。。。 till now, the pen testing methodology is not perfectly experiential either with those playbooks or textbooks。 You've got to improvise a lot in order to produce systematic results with flawless report, the usual reconnaissance exploitation framework shall be revamped and enhanced accordingly 。。。 。。。more
Ahmed Sultan
,
One of the best reallyRead 1st edition long time ago , no big differences between both editions Just the same problem , focusing too much on windows platform , ignoring a lot about NX and also not going deep in the technical detailsI mean in a part like the windows escalation the book directly assumed that the reader already know a lot about Active directory and so giving some tricks that normal used can just apply without knowing the secret behind itBut still I consider this book one of the bes One of the best reallyRead 1st edition long time ago , no big differences between both editions Just the same problem , focusing too much on windows platform , ignoring a lot about NX and also not going deep in the technical detailsI mean in a part like the windows escalation the book directly assumed that the reader already know a lot about Active directory and so giving some tricks that normal used can just apply without knowing the secret behind itBut still I consider this book one of the best books regarding penetration testingHopefully in 3rd edition there will be more about NX stuff 。。。more
Rogan
,