The purpose of the Hacker Playbook 2 is a guide you through the process of performing a penetration test as a hands-on tutorial, which means that it’s easy in theory and hard in screenshots, tips and tricks.
It’s a simple book for those who have a solid understanding of the basics and can easily be used as a reference guide when reviewing a tool that is rarely selected.
If the book contains no technical details and the theory is linked to other resources to fill in the gaps.
Hacker Playbook 2 is organized in the steps of a good penetration test and is read as a solid guide for these relatively new penetration tests.
Unfortunately, general guidelines are not created for each zone, but specific “games” are described for each zone. Once these techniques become superficial, you will not have much depth.
Hacker Playbook 2 Books Inside: Full Chapter
Introduction of Hacker Playbook 2
Hacker Playbook 2 is surprisingly boring start, since it only describes the flow of the book and the benefits that the author feels when he thinks about the penetration test as a series of football matches.
The configuration consists in allowing yourself to perform your test, including the detection, the scope and all the previous preparation necessary for the test.
Before Quick Snap
The network will be familiar to anyone who has used Nmap before, but will explore and explore other scanning tools such as the Nexpose / Nessus vulnerability scanners and how to get the most out of them. Use your scanners (and how the scans are hidden).
Taking advantage of the results of the analysis describes a step that many penetrators do not follow.
In general, too many “penetration testers” provide a report that is little more than a simple result of a web security scanner.
When customers want a Nexpose report, they simply buy a license from Nexpose and ignore the Pentester markup.
The value of a bias lies in the review of the results, the evaluation of the real risk to the organization and the provision of corrective or mitigation advice.
This chapter covers in a practical way how you can not only verify the results of the scanner, but also rotate and degenerate.
The results of manual web applications only scratch the surface of the web.
There are so many things that should be covered on the Internet that you should go further and consult.
The Tangled Web for an overview of the problems of modern web applications and the Web Application Hacker’s Handbook for a more practical approach to the Web.
Discovery and Exploitation.
However, if you want to focus on internal corporate networks, Playbook provides practical approaches to analyze the internal web applications that you can find in a corporate network.
The Latter Pass
Bypass the network includes the basic approaches to pass the hash and others to take advantage of the access you already have for better access. It is important to see to what extent an attacker can take things, so pivoting and scaling is crucial, and this chapter offers a handful of games that could fit into the bill.
The Social Engineering Screen, In Turn,
Hacker Playbook 2 is just a look at a topic that is too deep to adequately address it in such a comprehensive book.
The games here are quite simple and focus on phishing-type social engineering, apart from the many ways in which social engineering can be used in recognition, physical dimensioning and other scenarios.
Kicking attacks that require physical access were a bit disappointing.
Although there are good parts (like the Odroid U2 as a Dropbox), nothing was particularly revolutionary and I expected a slightly more unique aspect of the body.
(On the other hand, maybe I just want to live indirectly through this book, I do not do a lot of physical examination).
Cracking, Exploits, Tricks
The reports provide good advice for creating the report that will allow you to collect.
Since I am working on a red internal team, I do not have to write the type of reports described here, but if you can write reports, it will really be useful to write a clear and concise report.
The most important thing is that he never sends a nessus scan to a client and expects to be paid.
Continuing Education Is Surprisingly Thorough
Hacker Playbook 2 is primarily a list of resources that will help you find more things to try, such as lectures, vulnerable practice goals, and more.
There have been some vulnerable targets that I do not know yet, but I will definitely try to do so in the near future.
In general, Hacker Playbook 2 is an interesting book and it would definitely be good for someone who is not very impressive, but ultimately it is just a collection of specific tasks (“games” in the jargon of the book) that you can do.
I did not expect much more and playing is solid, but eventually you’ll have to learn how to make your own pieces, and I think the book is not there.
This is 294 pages and it tries to cover an entire field while still being practical.
Of course, it is very difficult, and although there are some gaps, Peter Kim manages to provide some useful games, but probably the best one for those who have not yet developed their own game book.
The Advantage of Hacker Playbook 2
The first page of the second issue starts with a list of additions from the previous edition, which means that people reading the first issue can quickly focus on new content.
In addition, the author maintains a website with changes since the book’s publication and “bug fixes” for places where errors and omissions were discovered.
If the book contains a commercial tool, the author will include a description of a free alternative.
The Hacker Playbook 2 book does not have to be read in any order (though it is read when read sequentially) and therefore serves well as a reference book that a tester can use to update his memory or quickly check the alternatives to his usual tools.
The Disadvantages of Hacker Playbook 2
This Hacker Playbook 2 is very good the book of games that announces itself and therefore lacks real technical details about the vulnerabilities. Do a list of tools instead of identifying the issues to solve.
This may limit the reader to the execution of the tools and not fully understand the underlying problem. Although the book is associated with a large amount of resources to fill in gaps, the reader must read the book with a tablet to access additional resources.