• Complain

Peter Kim - The Hacker Playbook 2: Practical Guide To Penetration Testing

Here you can read online Peter Kim - The Hacker Playbook 2: Practical Guide To Penetration Testing full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2015, publisher: CreateSpace Independent Publishing Platform, genre: Home and family. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Peter Kim The Hacker Playbook 2: Practical Guide To Penetration Testing
  • Book:
    The Hacker Playbook 2: Practical Guide To Penetration Testing
  • Author:
  • Publisher:
    CreateSpace Independent Publishing Platform
  • Genre:
  • Year:
    2015
  • Rating:
    3 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 60
    • 1
    • 2
    • 3
    • 4
    • 5

The Hacker Playbook 2: Practical Guide To Penetration Testing: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "The Hacker Playbook 2: Practical Guide To Penetration Testing" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Just as a professional athlete doesnt show up without a solid game plan, ethical hackers, IT professionals, and security researchers should not be unprepared, either. The Hacker Playbook provides them their own game plans. Written by a longtime security professional and CEO of Secure Planet, LLC, this step-by-step guide to the game of penetration hacking features hands-on examples and helpful advice from the top of the field.

Through a series of football-style plays, this straightforward guide gets to the root of many of the roadblocks people may face while penetration testingincluding attacking different types of networks, pivoting through security controls, privilege escalation, and evading antivirus software.

From Pregame research to The Drive and The Lateral Pass, the practical plays listed can be read in order or referenced as needed. Either way, the valuable advice within will put you in the mindset of a penetration tester of a Fortune 500 company, regardless of your career or level of experience.

This second version of The Hacker Playbook takes all the best plays from the original book and incorporates the latest attacks, tools, and lessons learned. Double the content compared to its predecessor, this guide further outlines building a lab, walks through test cases for attacks, and provides more customized code.

Whether youre downing energy drinks while desperately looking for an exploit, or preparing for an exciting new job in IT security, this guide is an essential part of any ethical hackers libraryso theres no reason not to get in the game.

Peter Kim: author's other books


Who wrote The Hacker Playbook 2: Practical Guide To Penetration Testing? Find out the surname, the name of the author of the book and a list of all author's works by series.

The Hacker Playbook 2: Practical Guide To Penetration Testing — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "The Hacker Playbook 2: Practical Guide To Penetration Testing" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make

THE

HACKER

PLAYBOOK

Practical Guide To

Penetration Testing

Peter Kim

Copyright 2015 by Secure Planet LLC. All rights reserved. Except as permitted under United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the author.

ISBN-13: 978-1512214567

ISBN-10: 1512214566

Library of Congress Control Number: 2015908471

CreateSpace Independent Publishing Platform

North Charleston, South Carolina

MHID:

Book design and production by Peter Kim, Secure Planet LLC

Cover design by Dit Vannouvong

Publisher: Secure Planet LLC

Published: 1st July 2015

Dedication

To Kristen, our dog Dexter, and my family.
Thank you for all of your support,
even when you had no clue what I was talking about.

Contents

Preface

This is the second iteration of The Hacker Playbook (THP). For those that read the first book, this is an extension of that book. Below is an overview of all of the new vulnerabilities and attacks that will be discussed. In addition to the new content, attacks and techniques from the first book, which are still relevant today, are included to eliminate the need to refer back to the first book. So, whats new? Some of the updated attacks from the last year and a half include:

Heartbleed ShellShock Kerberos issues (Golden Ticket/Skeleton Key) PTH Postgres New Spear Phishing Better/Cheaper Dropboxes Faster/Smarter Password Cracking New WIFI attacks Tons of PowerShell scripts Privilege Escalation Attacks Mass network compromises Moving laterally smarter Burp Modules Printer Exploits Backdoor Factory ZAP Proxy Sticky Keys NoSQL Injection Commercial Tools (Cobalt Strike, Canvas, Core Impact) Lab sections And so much more

In addition to describing the attacks that have changed in the last couple years, I have attempted to incorporate all of the comments and recommendations received from readers of the first book into this second book. A more in-depth look into how to set up a lab environment in which to test your attacks is also given, along with the newest tips and tricks of penetration testing. Lastly, I tried to make this version easier to follow since many schools have incorporated my book into their curricula. Whenever possible, I have added lab sections that help provide a way to test a vulnerability or exploit.

Whats not different? One of my goals from the first book was to make this as real world as possible. I really tried to stay away from theoretical attacks and focused on what I have seen from personal experience and what actually worked. The second goal was to strengthen your core understanding as a penetration tester. In other words, I wanted to encourage you to use different methods to boost your value to your current or future company or client. Just running a vulnerability scanner and submitting that as your report provides no real benefit to a company. Also, penetration tests with an extremely limited scope will give a false sense of security. To THP1 readers, rest assured that although you may find some familiar information, there is a great deal of new information in THP2, which has double the content compared to its predecessor. Additionally, by popular demand, I have created a slew of scripts and tools to help you in your hacking adventure. This was probably one of the top requests by readers, so I have included a ton of scripts located in my Github ( https://github.com/cheetz ) and tried to make it easier to follow.

For those who did not read the first book, you might be wondering what experience I have as a penetration tester. My background comes from eight years of penetration testing for major financial institutions, large utility companies, Fortune 500 entertainment companies, and government organizations. I have also spent years teaching offensive network security, spoken at Toorcon/Derbycon/BayThreat, been referenced in many security publications, and currently run a security community of over 300 members in Southern California. My hope is that you will be able to take what I have learned and incorporate it into your own security lifestyle.

From a technical standpoint, many tools and attacks have changed in the past couple years. With attacks like pass-the-hash, and with Group Policy Preferences getting patched, the process and methods of attackers have changed.

One important note is that I am using both commercial tools and open source. For every commercial tool, I try to give an open source counterpart. I occasionally run into some pentesters that say they only use open source tools. As a penetration tester, I find this a hard statement to take. If you are supposed to emulate a real world attack, the bad guys do not have these restrictions, then you need to use any tool that works to get the job done.

Who is this book intended for? You need to have some experience with Microsoft Active Directory, a solid understanding of Linux, some networking background, some coding experience (Bash, Python, Perl, Ruby, PHP, C, or anything along that line), and using security tools like vulnerability scanners and exploit tools (i.e. Metasploit). If you dont have the background, but are interested in getting into security, I would suggest making sure you have the basics down. You cant just jump into security without the basic knowledge of how things work first.

This book is not just for those looking to get into or who currently are in the offensive fields. This book provides valuable information and insight for incident responders as well, as they need to know how attackers think and what methods they use.

Lastly, I want to discuss a bit about the difference between researchers and penetration testers. Many times, these two professions blend together, as both need to be knowledgeable in both areas. However, in this book, I separate the two areas slightly and focus on penetration testing. To clarify, in this book, a researcher is one who focuses on a single or limited scope and spends more time reversing the application/protocol/OS. Their goal is to discover an unknown exploit for that particular vulnerability. On the other hand (and remember this is a generalization), a penetration tester takes what is already known to compromise systems and applications. There will always be some overlapa pentester will still fuzz vulnerabilities (for example, web parameters) and find zero-daysbut he/she might not spend as much time finding all the issues as a researcher might.

Last Notes and Disclaimer

This book is not going to turn you into some sort of super hacker. It takes a lot of practice, research, and a love for the game. This book will hopefully make you think outside the box, become more creative, and help grow your understanding of flaws that occur in systems.

Just remember, ONLY test systems on which you have written permission. Just Google the term hacker jailed and you will see plenty of different examples where young teens have been sentenced to years in prison for what they thought was a fun time. There are many free platforms where legal hacking is allowed and will help you further educate yourself.

Introduction

You have been hired as a penetration tester for a large industrial company called Secure Universal Cyber Kittens, Inc. or SUCK, for short. They are developing future weapons to be used by the highest bidder and you have been given the license to killokay, maybe not kill, but the license to hack. This authorization gives you full approval to use any tactic in your arsenal to try to break into and steal the companys trade secrets.

As you pack your laptop, drop boxes, rubber duckies, Proxmarks, and cables, you almost forget the most important thingThe Hacker Playbook 2 (THP). You know that THP will help get you out of some of the stickiest situations. Your mind begins hazing back to your last engagement

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «The Hacker Playbook 2: Practical Guide To Penetration Testing»

Look at similar books to The Hacker Playbook 2: Practical Guide To Penetration Testing. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «The Hacker Playbook 2: Practical Guide To Penetration Testing»

Discussion, reviews of the book The Hacker Playbook 2: Practical Guide To Penetration Testing and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.