What do you think?
Rate this book
The Hacker Playbook 2: Practical Guide To Penetration Testing
Just as a professional athlete doesn’t show up without a solid game plan, ethical hackers, IT professionals, and security researchers should not be unprepared, either. The Hacker Playbook provides them their own game plans. Written by a longtime security professional and CEO of Secure Planet, LLC, this step-by-step guide to the “game” of penetration hacking features hands-on examples and helpful advice from the top of the field.
Through a series of football-style “plays,” this straightforward guide gets to the root of many of the roadblocks people may face while penetration testing—including attacking different types of networks, pivoting through security controls, privilege escalation, and evading antivirus software.
From “Pregame” research to “The Drive” and “The Lateral Pass,” the practical plays listed can be read in order or referenced as needed. Either way, the valuable advice within will put you in the mindset of a penetration tester of a Fortune 500 company, regardless of your career or level of experience.
This second version of The Hacker Playbook takes all the best "plays" from the original book and incorporates the latest attacks, tools, and lessons learned. Double the content compared to its predecessor, this guide further outlines building a lab, walks through test cases for attacks, and provides more customized code.
Whether you’re downing energy drinks while desperately looking for an exploit, or preparing for an exciting new job in IT security, this guide is an essential part of any ethical hacker’s library—so there’s no reason not to get in the game.
Through a series of football-style “plays,” this straightforward guide gets to the root of many of the roadblocks people may face while penetration testing—including attacking different types of networks, pivoting through security controls, privilege escalation, and evading antivirus software.
From “Pregame” research to “The Drive” and “The Lateral Pass,” the practical plays listed can be read in order or referenced as needed. Either way, the valuable advice within will put you in the mindset of a penetration tester of a Fortune 500 company, regardless of your career or level of experience.
This second version of The Hacker Playbook takes all the best "plays" from the original book and incorporates the latest attacks, tools, and lessons learned. Double the content compared to its predecessor, this guide further outlines building a lab, walks through test cases for attacks, and provides more customized code.
Whether you’re downing energy drinks while desperately looking for an exploit, or preparing for an exciting new job in IT security, this guide is an essential part of any ethical hacker’s library—so there’s no reason not to get in the game.
359 pages, Kindle Edition
First published June 20, 2015
242 people are currently reading
1203 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 12 of 12 reviews
January 12, 2016
Every hacker should go through this book at some point in their career. It leads the reader through examples that helps them learn through experience. It has a ton of today's popular exploit tools and even helps beginners set up their own lab. Great buy worth every penny.
October 24, 2016
One of the best really
Read 1st edition long time ago , no big differences between both editions
Just the same problem , focusing too much on windows platform , ignoring a lot about NX and also not going deep in the technical details
I mean in a part like the windows escalation the book directly assumed that the reader already know a lot about Active directory and so giving some tricks that normal used can just apply without knowing the secret behind it
But still I consider this book one of the best books regarding penetration testing
Hopefully in 3rd edition there will be more about NX stuff
Read 1st edition long time ago , no big differences between both editions
Just the same problem , focusing too much on windows platform , ignoring a lot about NX and also not going deep in the technical details
I mean in a part like the windows escalation the book directly assumed that the reader already know a lot about Active directory and so giving some tricks that normal used can just apply without knowing the secret behind it
But still I consider this book one of the best books regarding penetration testing
Hopefully in 3rd edition there will be more about NX stuff
April 4, 2017
I dare you to find a better book on penetration testing. You won't and my assertion is based on two points: 1) the breadth of topics covered here from initial network recon and entry to web application attacks and privilege escalation and 2) the fact that the book provides a great step-through (more than an overview) of hacking tools while still forcing the reader to learn principles behind technologies and exploits.
June 20, 2018
Extremely thorough in terms of the subject and material it covers.
Provides extra resources (quality resources) and helps you get an idea of how attacks work.
In terms of practicality, I would treat it more as a reference guide.
This book gets you in the hacker mindset and makes you realize that being an Ethical Hacker is all about finding problems, exploiting them, and fixing them.
A problem-solving mentality is a must.
Coding skills : optional.
Provides extra resources (quality resources) and helps you get an idea of how attacks work.
In terms of practicality, I would treat it more as a reference guide.
This book gets you in the hacker mindset and makes you realize that being an Ethical Hacker is all about finding problems, exploiting them, and fixing them.
A problem-solving mentality is a must.
Coding skills : optional.
February 29, 2020
Not my type of book.
I haven't finished it yet but so far it only shows how to use tools, some of them are very intuitive and don't need a tutorial i.e book. There was a section on ElasticSearch, it didn't explain what it is and the author just ran some script from Github which was exploiting CVE-2015-1427. That "same thing" could be done in a single line with cUrl.
I'm not really feeling like I'm learning anything but at least I get to see some new tools, perhaps some of them are useful.
I haven't finished it yet but so far it only shows how to use tools, some of them are very intuitive and don't need a tutorial i.e book. There was a section on ElasticSearch, it didn't explain what it is and the author just ran some script from Github which was exploiting CVE-2015-1427. That "same thing" could be done in a single line with cUrl.
I'm not really feeling like I'm learning anything but at least I get to see some new tools, perhaps some of them are useful.
June 19, 2021
A bit outdated but still an awesome overview! Gonna have to check out 3 now!
October 29, 2021
very useful;
some of this stuff is dated and/or not for a noob like me so I can't appreciate it fully, sorry;
but there is a list of things I have to lookup after this book is over for me;
the backdoorfactory was a revelation
some of this stuff is dated and/or not for a noob like me so I can't appreciate it fully, sorry;
but there is a list of things I have to lookup after this book is over for me;
the backdoorfactory was a revelation
May 23, 2018
A very comprehensive introduction to the hacker’s world.
July 25, 2018
This book offers general tricks and theory on how to improve your skills of being a pen-tester "hacker" Security Professional. Its not going to make you l337 overnight.
Mr Kim does a great job showing how he exploits systems and networks and easy to use tricks on how to do the same.
but has tons of pictures and not a lot of depth into any one topic. Good reference to give you ideas on tools so you can go look elsewhere to get the indepth knowledge about it
Mr Kim does a great job showing how he exploits systems and networks and easy to use tricks on how to do the same.
but has tons of pictures and not a lot of depth into any one topic. Good reference to give you ideas on tools so you can go look elsewhere to get the indepth knowledge about it
January 29, 2017
till now, the pen testing methodology is not perfectly experiential either with those playbooks or textbooks. You've got to improvise a lot in order to produce systematic results with flawless report, the usual reconnaissance exploitation framework shall be revamped and enhanced accordingly ...
November 17, 2022
Need some work 😫
This book need some work this would need to work on some vertical ass mind and contest so I help this person right better belt buck
This book need some work this would need to work on some vertical ass mind and contest so I help this person right better belt buck
Displaying 1 - 12 of 12 reviews