The Hacker Playbook 3: Practical Guide To Penetration Testing

Need a hands-on practical step-by-step strategies...tools...labs...instructions...Tips & Tricks?! Well, this series of books has it all and is for YOU! Version 3 has arrived...so, roll up your sleeves and get ready to dive right into the depths and heart of pentesting with Peter Kim as your guide! Each page is packed with references, tools and step by step actionable instructions that open up door after door of knowledge to widen your perspective and deepen your knowledge. After reading just a few pages...I spent another several hours going through the links provided, installing tools, exploring the tools, and understanding lab setups. Then, on to the next set of few pages. This book is densely packed and small doses will take you a long way. However, the notebook style material is very clearly organized in specific phases so you don't got lost down the rabbit hole of Pentesting Wonderland. The explanations are well-written and straight to the point. So get busy and enjoy this book! Thank you, Peter! Excellent work!

As a red team lead, it is often challenging to find quality technical literature focused on managing and executing red team operations. Other books focus on theory or provide too high-level guidance that is not actionable (i.e. ensure you red team your cloud environment), whereas Peter Kim provides direct proof of concepts and technical guidance. This book isn't intended to cover every possible red team attack scenario, but it is an excellent resource and overview of some of the must-have tactics, tools and procedures any red team who is aiming to get to the next level of sophistication should incorporate into their baseline.Peter does an excellent job breaking down each phase of an engagement into it's own contained section. This makes it easy for red team operators to go back and reference a particular tool, as there are dedicated sections for initial setup, reconnaissance, web app, etc.Lastly, I have to compliment Peter's ability to engage his audience. The book incorporates internet-accessible web/network challenges. This is great if you don't have a handy lab to test the discovery tools and attacks out against. This extra attention to detail further enables readers to grasp concepts by actually executing a simulated attack.

As good a primary resource and supplemental field book on offensive security as exists. The information is presented in as plain English as is possible and it's clear the author actually wants you to know and learn what he has in his wealth of experience. Real, hands on experience with practical examples that currently work, not just resume fluff. No cryptic talk and/or generic, old examples while withholding the good stuff, no useless buzzwords or self aggrandizement, just the good stuff, pure and simple with as little frills and distraction as possible. For the cost of a delivery pizza, you'll get a book with twice the useful content and none of the page count padding filler that you'll find with almost any of the ~$50 alternatives out there.

Good information, not organized as well as it could be; example is that you find out half-way through the book that there is a linux distro made for the book, one of the chapters has a link to a zip file with code samples for THP3. Lots of references to THP2 book and why they did and didn't include content, wasted space in some cases.Most useful chapters are on phishing methods, AV bypass through meterpreter/payload recompilation and encoding, and some OSINT data collection.

Thanks!

I'm not really a computer whiz, but I found this book pop up on amazon and showed some interest...I guess I've just got interest in the "bad-boys gone good" in life :)I can read a page at a time, and get general information, though he does go into some detail, I think. He claims to not be a writer, but its produced in such a way that's fine to read. Its not all "algorithms" or "numbers", its paragraph format with some examples thrown about.This book is as the disclaimer author says (paraphrased), good-guy-hackers. Don't do this illegally, or you'll get in trouble...but if your helping your own company out, here's how to do it...gosh I hope I'm remembering the authors note right XD

The Hacker Playbook 3 is a fantastic addition to the series, and illustrates the latest methods and techniques used by red teamers in a practical and easy-to-read manner. Using trusted Windows utilities to execute code and bypass application whitelisting, dumping NTLM hashes from Windows 10 without touching LSASS, and "living off the land" are just a few of the topics covered in this book that can provide readers of varying skill levels the ability to perform modern attacks against modern environments. I highly recommend picking up a copy!

The 3rd addition to the Hacker Playbook series did not disappoint! There was plenty of new material from the last book making the new addition definitely worth the purchase. The author included VMs to actually practice some of the techniques and exploitation methods discussed in the book. My favorite part was a vulnerable web application (included with book) that allows you to put into practice some of the newer web attacks seen today. Attacks against NodeJS templating, NoSQL Injection, more advanced XSS, XXE, deserialization and more.. The author also included some pro tips on how to leverage BugBounties in the real world to up your game and make some cash. I would highly recommend this book for new and experienced penetration testers and red teamers looking to add to their arsenal.