The Hacker Playbook 3: Practical Guide To Penetration Ing 3
The%20Hacker%20Playbook%20-%20Practical%20Guide%20To%20Penetration%20ing
User Manual:
Open the PDF directly: View PDF
Page Count: 264 [warning: Documents this large are best viewed by clicking the View PDF Link!]
- Preface
- Introduction
- 1 Pregame - The Setup
- 2 Before the Snap - Red Team Recon
- 3 The Throw - Web Application Exploitation
- Bug Bounty Programs:
- Web Attacks Introduction - Cyber Space Kittens
- Cyber Space Kittens: Chat Support Systems
- Setting Up Your Web Application Hacking Machine
- Analyzing a Web Application
- Web Discovery
- Cross-Site Scripting XSS
- Blind XSS
- DOM Based XSS
- Advanced XSS in NodeJS
- XSS to Compromise
- NoSQL Injections
- Deserialization Attacks
- Template Engine Attacks - Template Injections
- JavaScript and Remote Code Execution
- Server Side Request Forgery (SSRF)
- XML eXternal Entities (XXE)
- Advanced XXE - Out Of Band (XXE-OOB)
- Conclusion
- 4 The Drive - Compromising the Network
- Finding Credentials from Outside the Network
- Moving Through the Network
- On the Network with No Credentials
- User Enumeration Without Credentials
- Scanning the Network with CrackMapExec (CME)
- After Compromising Your Initial Host
- Privilege Escalation
- Living Off of the Land in a Windows Domain Environment
- Dumping the Domain Controller Hashes
- Lateral Movement via RDP over the VPS
- Pivoting in Linux
- Privilege Escalation
- Linux Lateral Movement Lab
- Conclusion
- 5 The Screen - Social Engineering
- 6 The Onside Kick - Physical Attacks
- 7 The Quarterback Sneak - Evading AV and Network Detection
- 8 Special Teams - Cracking, Exploits, and Tricks
- Automation
- Password Cracking
- Gotta Crack Em All - Quickly Cracking as Many as You Can
- Creative Campaigns
- Disabling PS Logging
- Windows Download File from Internet Command Line
- Getting System from Local Admin
- Retrieving NTLM Hashes without Touching LSASS
- Building Training Labs and Monitor with Defensive Tools
- Conclusion
- 9 Two-Minute Drill - From Zero to Hero
- 10 Post Game Analysis - Reporting
- Continuing Education
- About the Author
- Special Thanks