The Hacker Playbook

Wednesday, March 26th, 2014 @ 12:20 pm | Security

[SecurePlanet Wiki][SecurePlanet RSS Feed][SecurePlanet RSS Vulnerabilities]
cover2
I am proud to present the book that I’ve been working on… (drum roll)… The Hacker Playbook: Practical Guide To Penetration Testing.  Feel free to grab your copy here:

http://www.amazon.com/dp/1494932636/

To give you a little insight, the book is really a compilation of everything I’ve learned in my pentesting career. You might ask how is this any different… and I thought a lot about that when I was writing the book.

Instead of focusing on a lot of the basic features of tools, I focused on different methodologies I’ve learned and used in my past. I found that most books only focused on open source tools, but commercial tools, such as Burp Suite Professional, are so beneficial to a tester. In addition, in the reporting sections, I try to get the reader to really produce Customer Reports that are valuable. For example, don’t report a Secure Flag/HTTPOnly Cookie issue as a High if those cookies aren’t being used for the session state. I try to go into more detail about rating your vulnerabilities properly and what I really feel is most beneficial to the client. Lastly, you’ll find the whole book pretty easy to read and I try to give all my little secrets away (and my passion for PowerShell).

Here are the chapter breakdowns (Like a Football Playbook):

  • Pregame: This is all about how to set up your attacking machines and the tools we’ll use throughout the book.
  • Before the Snap: Before you can run any plays, you need to scan your environment and understand what you are up against. We’ll dive into discovery and smart scanning.
  • The Drive: Take those vulnerabilities which you identified from the scans, and exploiting those systems. This is where we get our hands a little dirty and start exploiting boxes.
  • The Throw: Sometimes you need to get creative and look for the open target. We’ll take a look at how to find and exploit manual Web Application findings.
  • The Lateral Pass – After you have compromised a system, how to move laterally through the network.
  • The Screen – A play usually used to trick the enemy. This chapter will explain some social engineering tactics.
  • The Onside Kick – A deliberately short kick that requires close distance. Here I will describe attacks that require physical access.
  • The Quarterback Sneak – When you only need a couple of yards a quarterback sneak is perfect. Sometimes you get stuck with antivirus (AV); this chapter describes how to get over those small hurdles by evading AV.
  • Special Teams – Cracking passwords, exploits, and some tricks
  • Post-Game Analysis – Reporting your findings

Thanks for the Support,
Peter

 

Recently

  • The Hacker Playbook 2!
  • Password Cracking for Fun and Profit
  • The Hacker Playbook
  • Drop Box on the Cheap
  • Adventures in IOSland – Analyzing IOS Apps
  • Hiding Your Shells
  • DEFCON XX
  • AntiVirus – Now You See Me, Now You Don’t
  • Don’t Stick That in There – HID (Human Interface Device)
  • Doppelganging Your SSH Server
  •  

    Comments are closed.