28 March 2016

The Hacker's Playbook

When reading technical books I mainly find three kind of books: those that don't teach anything new, those that are gold mine of knowledge and those that only scratchs the surfaces of topics but give you interesting links to investigate further on. I think that "The Hacker's Playbook: Practical Guide to Penetration Testing" by Peter Kim is placed in the third category: just reading it you won't be a master pentester but if you really investigate the links and resources the author points you'll definitely get the mastery.

The book deals with many topics but not profoundly: scanning (network and web), exploiting, privilege elevation, networks attacks (wired and wireless), social engineering, AV-evasion, password cracking, etc. I think that as an introductory text is right and it's well focused because it explains things using tools "open source" or freely available, but where this books excels is pointing at public resources to go deeper in your learning. There are a wealth of links along the book all all of them points to really interesting web resources with tools, courses, tutorials and, and this is very important, places to train your skills without end with SWAP knocking your door.

Text is well written and explanations are concise and easy to understand. Content is cleverly structured and covers almost every field in penetration testing.

Taking in count it's not an expensive book I've found worth buying and reading it and I recommend it for introductory levels or for mediums levels who want a quick state-of-the-art review.