The Hacker Playbook 2: Practical Guide To Penetration Testing

This book was a great sequel to the first Hacker Playbook. I've always enjoyed how the methods that are presented in this book stray away from simple penetration testing methodology into more targeted and smart hacking, with varying emphasis on how loud or silent to be in an engagement. Furthermore, the tools presented in this book as alternatives to the industry standard (e.x, Masscan as opposed to Nmap), are all tools I now include in my arsenal for engagements. Plus, instead of just looking at the same methods of attacking machines and different computing technologies, there are relevant vulnerabilities that are illustrated from an entire year of security research from various hackers (Heartbleed, Shellshock, etc.), making the skills you can acquire from this book relevant to the things you would normally see deployed in today's environment. Most noticeably, the practical approach to this book, the setup of a legitimate testing environment, and illustrated examples of techniques that are based off of real engagements make this book a must have for beginners and experts alike. All in all, 10 out of 10. I highly recommend purchasing this book if you are a penetration tester or looking to get into the security field.

Security professional with 5-6 years of high level incident response and threat intel work here. These (THPB 1 and 2) are my go to books for pen testing / offsec. I like Kim's writing style and approach to covering the topics so I always pick up these books at some point. It's a nice and easy light read but has enough technical info and insight by the author to be useful to any information security professional from day onward. It's also worth noting that the author is actively engaged in the security community and working as a very successful penetration tester. Between that and updating the corresponding website ([...]) it's a good value. At the price of less than a pizza delivery and generally in the list of my top 10 security books/series, it's an easy choice to pick these up.

TL;DR: Excellent book for infosec practitioners, and a good read for application developers, system and network admins. The book tries to cover many of the tools which could be used during a technical assessment "pentest or vulnerability assessment"; what makes this book stand out from other similar books is that every single tool listed and explained in the book actually work and are relevant in modern environments, with excellent coverage of powershell as an offensive platform. The book explains how to achieve pentesting tasks in a very straight forward way, along with a brief part about setting up a test environment; It explains many of tools available in kali, passive discovery, creating password lists, scraping open source information, brief web application pentesting class, sqlmap and touches on more advanced topics, like evading AV and executing payloads remotely from memory, just to name few. This is, hands-down, one of the most useful technical assessment books I’ve purchased to date.

I'm torn on how to rate this book. I've only had it for a day, but I think the content is awesome. There is a ton of information to learn from, and I especially like the info on how to set up pentest boxes. However, I'm very disappointed in the physical book itself. It looks like it was printed in someone's basement, on a low end laser printer that was running out of toner! Many of the section headers have lots of white running through the black text - not sure if that is intentionally done or not, but it's not a good look. I also have to say that the binding and gluing is poorly done - glue oozing out and making it hard to turn the pages. So, 5 stars for content, 1 star for the physical presentation of the book. Edit: After seeing my review, the author contacted me and offered to send me a new copy of the book. The new book arrived and is in much better physical condition. The gluing is much better - no glue oozing out, making it easy to actually turn the pages. The print is similar to my original copy, so I'm assuming that it's supposed to be that way. I'm not crazy about the font, but I can deal with it. Now, 5 stars for content, 4 stars for the physical presentation of the book.

I gave to my son this book because he will study in the university informatics with option in cybersecurity. It has a good approach and simple explanations to use with Kali Linux and It got the interest of my son. I think that it has a good written with compact explanations for security IT terms and if you do a lab with equipments in a small LAN this will be a good book for everyone that feels passion for cybersecurity. Only a bad situation is the paper that it is similar to a copy in low resolution but I think this one is about the low price. The author has good approach for a young student.

I was surprised to see that a second volume of THP came out considering the vast amount of useful tips and tricks in the first book. To say the least, I was not dissapointed with the content that was in THP2. The author details exploitation methods of vulnerabilities not covered in THP1 such as Heartbleed, Shellshock, Kerberos attacks, in depth Powershell, to name a few. Additionally, the authors very own scripts and tools he's developed over the years are explained and shared with the reader--this was a huge bonus. I found this book to be a more comprehensive version of the first book with the author elaborating in greater detail the topics covered in the last book, while adding much more newer content on old/recent attack vectors out in the wild today. Definitely recommended for beginners and experts alike!

Initially started reading the 3rd book (playbook 3) in this series and quickly found him referring to things discussed in this book ( playbook 2) so I decided to read this book first before getting too deep into playbook 3. This is a good read for people wanting to get into hacking/pen testing. This will give you a good baseline to start with if you are just getting started in the field.

Les trois sont font parti celui là sont incroyables !

Delivery was before the date.. Book condition is good.. Go for it if you want to do pentration testing basics

I haven't readed yet, but I do know it's an old I.T book.

A lot of detail, and depth. Still have this book 5 years later

The book itself is a good informative read for the budding PenTester, and/or as a reference guide to dust away any cobwebs for out of touch PenTester. The let down for this is the purchase from Amazon - Their printout is of poor quality. The illustrations should be in colour but the book is entirely in black and white. Also note that some of the print (at least, my copy) is poor in places and is equivalent to the old dot-matrix print-out. In some area's the text is washed out and can be hard to read. I will be complaining to Amazon about this shortly.