To give you a little insight, the book is the second version of "The Hackers Playbook: Practical Guide to Penetration Testing" and it really is a compilation of everything I've learned in my pentesting career. You might ask how is this any different... and I thought a lot about that when I was writing the book.
Instead of focusing on a lot of the basic features of tools, I focused on different methodologies I've learned and used in my past. Another example is that some of the tools that I do use in the book are commercial tools, such as Burp Suite Professional. In addition, in the reporting sections, I try to get the reader to really produce Customer Reports that are valuable. For example, don't report a Secure Flag/HTTPOnly Cookie issue as a High if those cookies aren't being used for the session. I go into more detail about rating your vulnerabilities properly and what really I feel the client is looking for.
This second version of The Hacker Playbook takes all the best "plays" from the original book and incorporates the latest attacks, tools, and lessons learned. Double the content compared to its predecessor, this guide further outlines building a lab, walks through test cases for attacks, and provides more customized code.
So, what’s new? Some of the updated attacks from the last year and a half include:
In addition to describing the attacks that have changed in the last couple years, I have attempted to incorporate all of the comments and recommendations received from readers of the first book into this second book. A more in-depth look into how to set up a lab environment in which to test your attacks is also given, along with the newest tips and tricks of penetration testing. Lastly, I tried to make this version easier to follow since many schools have incorporated my book into their curricula. Whenever possible, I have added lab sections that help provide a way to test a vulnerability or exploit.
Here are the chapter breakdowns (Like a Football Playbook):