The Hacker Playbook 3
Authors: Peter Kim
Content: Main focus is on Red Teaming
Career: Penetration Tester
Level: Intermediate, Expert
This week I did read the great book The Hacker Playbook 3 by Peter Kim. The focus of the book lies on Red Teaming, it makes sense to read also the first two books if you do not have prior knowledge to penetration testing.
- Difference between pentesting and red teaming
- MITRE ATT&CK framework
- Tools setup
- Reconnaissance phase
- optional lab setup & exercises
- about web attacks like node.js, nosql injections, deserializiation attacks and more
- hacking the (windows) network for example with responder, password spraying
- privilege escalation with misconfigured services, exploit suggester and more
- mimikatz magic of course
- attacks on macs with empire
- bloodhound and sharphound
- lateral movement using different techniques
- social engineering campaings & physical attacks
- recompile meterpreter dlls for avoiding detection
- password cracking
- write your own droppers
I highly recommend this book, especially if you are into Red Teaming it is a good resource. Maybe a report about owing the Cyber Space Kittens lab would have been nice, since reporting in Red Teaming is a non trivial task.
x33fcon is a nice & small conference in Poland, Gdynia near to Gdansk.
“Welcome to x33fcon, a new gathering for IT security professionals and enthusiasts. It’s a new event where blue and red teams meet to exchange views and ideas, share experiences, and discuss the latest security challenges in the industry.”
The ticket price is low (also if you plan to travel there privately), the content was really professional and interesting, a bit more than someone might expect when you see the size of the con. Kudos to the organizers for getting so many interesting speakers and talks. Besides the talks there is also a CTF and workshops, after the conference trainings take place. There is also some great food for lunch, in the breakes there is coffee and small snacks. The breakes are long, so you have some time to talk with speakers and other folks around. Seems to be that ATT&CK is the hot topic currently, at x33fcon alone they had three talks about that.
From my point of view as a Red Teamer some more talks about breaking stuff on exploitation level would have been great. x33fcon is a great conference, the only critics from my side is that the attendees are being filmed in every talk from any perspective possible. At other conferences they ask when making photos or filming, maybe that might be an idea when not filming the whole audience.
Besides the conference Gdynia, Gdansk and the beaches around are really nice:
Conclusion: Highly recommended.