The Hacker Playbook 3 – Review
Introduction
This is the third iteration of the Hacker Playbook series, it teaches various penetration testing techniques such as web application exploitation, active directory, lateral movement, privilege escalation, and much more. This book helped me greatly when I began my OSCP journey and I could recommend this enough.
The Author & The Books
The author of all of the books in the Hacker Playbook series is Peter Kim, he has worked in cybersecurity and penetration testing for multiple utility companies, fortune 1000 entertainment companies, government agencies, and large financial organizations.
The first book was a bit of an introduction to ethical hacking, with some basic and/or commonly used techniques such as web shells or antivirus evasion, it had a lot of reference to external resources as well, which made it really easy for students to do their own research, personally, the content of this book wasn’t mature enough.
The second book is where things get serious, as it was about twice the size compared to the first one in terms of content, this not only contained a lot more penetration testing techniques, but it also came with a practical lab that could be used to put what you learned into practice, and it also explains how to setup your own lab environment.
Finally, The Hacker Playbook 3 stepped up the game even further, as it covers an enormous amount of techniques across different areas of penetration testing, such as social engineering, physical attacks, password cracking, attack automation through scripting and third-party tools, and much more, which will take your ethical hacking skills, methodology and penetration tester mindset to the next level. Unlike the previous books, this one takes an even more practical approach, simulating real-world engagements and attacks.
Learning Material
This is a great reference book which covers all materials in a logical order. The contents of this book make it different from all other cybersecurity books. This book includes Virtual Machines to practice some of the techniques and exploitation methods. There is a vulnerable web application in where you can practice some of the newer web attacks. Each page contains reference and the Red Team flavor describes attacks which make this book a very unique one.
It covers following important topics so that you can utilize the latest tools and labs:
- Advanced web attacks
- Creative social engineering tactics
- Evading AV
- Effective lateral movement
- Multiple Linux VMs for lateral movement lab
- Custom THP kali image with all the tools for the labs
- New recon tools and tactics
- Cloud vulnerabilities and attacks
- Compromising the network, Red Team style
- Building reusable C2 environments
- Password spraying and finding credentials
- Lateral movement tips and tricks
- Privilege escalation tactics
- Pulling passwords in memory with or without Mimikatz
- Finding passwords without local admin access
- Bypassing AV by writing custom malware and droppers for campaigns
- Bloodhound and mapping out active directory environments
- Social engineering tips and tricks
- Custom THP Jenkins XSS payload
If you want to know the latest updates of hacker playbook 3, you can check this Github repo. Also, you can follow their twitter account. If you would like to get in touch with the author or have general inquiries about the book book@thehackerplaybook.com
The first chapter starts with a series of reference links to every tool required to build a red team infrastructure, which was incredibly useful.
Shortly after, the book covers the initial reconnaissance phase of a red team operation through open-source intelligence tools such as EyeWitness, Discover, Bucket Finder, and more
The book next covers the basics of web application attacks that can be exploited to gain initial access, such as cross-site scripting or SQL injection.
The “Compromising the Network” chapter goes over the tools used to fully compromise a network, such as Living Off The Land Binaries and Scripts (especially when it comes to active directory enumeration) and useful modules in known C2 frameworks. It also references the Red Team Field Manual, which contains a ton of useful commands that can be used in red team engagements and can sometimes be hard to remember.
Unlike many other penetration testing courses or books, this also covers social engineering attacks (such as malicious Office macros and phishing) and physical attacks (such as bypassing locked doors or locks or compromising machines and establishing persistence once physical access to the device is obtained and extract sensitive information from them).
The material also teaches basic techniques for evading Antivirus and Intrusion Detection/Prevention system, such as obfuscation, encoding and custom shellcode compilation. These techniques are mainly applicable in red team engagements and less in penetration testing.
The book next talks about the post-exploitation steps such as automating Command and Control frameworks, obtain further credentials by dumping local databases or through password cracking, and how employees may change their passwords in a predictable way to meet certain password complexity requirements.
Once all of the phases above are explained, the book does a fairly quick overview of the whole process from start to finish, assuming it is part of a time-limited engagement, through what it calls the “Two-Minute Drill”.
Finally, the book talks about reporting, which is definitely one of the most important phases of any engagement, as it is crucial to make an effort to best communicate the impact that certain findings might have on an organization, and in a way that a non-technical audience can understand. It includes some really good report templates that are worth looking at to get an idea of what a report should look like.
Conclusion
This book is great for students that are approaching the world of penetration testing or IT professionals that are looking to get into cybersecurity.Overall, this is a very interesting book for new and experienced penetration testers that provide the links to free labs to give you hands-on experience with the material, references, tools, and step by step actionable instructions to widen their perspective and deepen your knowledge and tons of information with real-world experience.