Book review The Hacker Playbook 3

The Hacker Playbook 3
Authors: Peter Kim
Content: Main focus is on Red Teaming
Career: Penetration Tester
Level: Intermediate, Expert
Buy at Amazon U.S.
Buy at Amazon Germany

This week I did read the great book The Hacker Playbook 3 by Peter Kim. The focus of the book lies on Red Teaming, it makes sense to read also the first two books if you do not have prior knowledge to penetration testing.


Content:

  • Difference between pentesting and red teaming
  • MITRE ATT&CK framework
  • Tools setup
  • Reconnaissance phase
  • optional lab setup & exercises
  • about web attacks like node.js, nosql injections, deserializiation attacks and more
  • hacking the (windows) network for example with responder, password spraying
  • privilege escalation with misconfigured services, exploit suggester and more
  • mimikatz magic of course
  • attacks on macs with empire
  • bloodhound and sharphound
  • lateral movement using different techniques
  • pivoting
  • social engineering campaings & physical attacks
  • recompile meterpreter dlls for avoiding detection
  • password cracking
  • write your own droppers

I highly recommend this book, especially if you are into Red Teaming it is a good resource. Maybe a report about owing the Cyber Space Kittens lab would have been nice, since reporting in Red Teaming is a non trivial task.