About

About the Book

Back for the third season, The Hacker Playbook 3 (THP3) takes your offensive game to the pro tier. With a combination of new strategies, attacks, exploits, tips and tricks, you will be able to put yourself in the center of the action toward victory.

The main purpose of this book is to answer questions as to why things are still broken. For instance, with all the different security products, secure code reviews, defense in depth, and penetration testing requirements, how are we still seeing massive security breaches happening to major corporations and governments? The real question we need to ask ourselves is, are all the safeguards we are putting in place working? This is what The Hacker Playbook 3 - Red Team Edition is all about.

By now, we are all familiar with penetration testing, but what exactly is a Red Team? Red Teams simulate real-world, advanced attacks to test how well your organization's defensive teams respond if you were breached. They find the answers to questions like: Do your incident response teams have the right tools, skill sets, and people to detect and mitigate these attacks? How long would it take them to perform these tasks and is it adequate? This is where you, as a Red Teamer, come in to accurately test and validate the overall security program.

THP3 will take your offensive hacking skills, thought processes, and attack paths to the next level. This book focuses on real-world campaigns and attacks, exposing you to different initial entry points, exploitation, custom malware, persistence, and lateral movement--all without getting caught! This heavily lab-based book will include multiple Virtual Machines, testing environments, and custom THP tools.

So, what’s new? Some of the updated attacks and labs include:

  • A fully-vulnerable NodeJS Web Application for hand-on labs on blind-XSS, deserialization, OOB-XXE, template injection, NodeJS specific attacks, and more
  • Multiple Linux VMs for lateral movement labs
  • Custom THP Kali Image with all the tools for the labs
  • New recon tools and tactics
  • Cloud vulnerabilities and attacks
  • Compromising the network, Red Team style
  • Building reusable C2 environments
  • Password spraying and finding credentials
  • Lateral movement tips and tricks
  • Privilege escalation tactics
  • Pulling passwords in memory with or without Mimikatz
  • Finding passwords without local admin access
  • Bypassing AV by writing custom malware and droppers for campaigns
  • Bloodhound and mapping out Active Directory environments
  • Social Engineering tips and tricks
  • Custom THP Jenkins XSS payload
  • Physical attacks
  • Password cracking
  • Attack automation
  • Red Team reporting
  • And much, much more

Purchase The Hacker Playbook 3: Practical Guide to Penetration Testing RED TEAM EDITION on Amazon today! Buy on Amazon Here!