Main Content

Book Review: The Hacker Playbook 2

The cover image of The Hacker Playbook 2
Title: The Hacker Playbook 2
Author: Peter Kim
In short, a book I recommend for the developing intermediate hacker. A no-nonsense guide to using Penetration Testing tools but with frustratingly little in the way of explanation of the technical details behind a vulnerability. Often appears as simply a catalogue of tools to investigate as opposed to an explanation of a problem or vulnerability the tool is intended to solve, followed by an example of a suitable tool to solve the problem. A definite “playbook” and not a complete guide, but worth a read if you already know the technical details and simply want to expand your knowledge of available tools.


The hacker’s Playbook aims to take you through the process of conducting a penetration test as a practical guide, meaning it’s light on theory and heavy on screenshots, tips and tricks. It’s a simple book to read for those with a solid understanding of the fundamentals and could be easily used as a reference guide when revisiting a rarely chosen tool. Where the book lacks technical details and theory is does link to other resources to fill in the gaps.


The first page of the second edition starts with a list of additions from the previous edition, meaning that people who have read the first can quickly zero in on new content. Additionally the author keeps a website updated with changes since the book was released and “bug fixes” for where mistakes and omissions have been discovered. Wherever the book details a commercial tool the author has included a description of a free alternative. The book doesn’t require to be read in any order (although it does read well when read sequentially) and therefore works well as a reference book that a tester can pick up to refresh their memory or quickly check to find out about alternatives to their usual tools.


This book is very much the playbook that it advertises itself as and therefore it lacks any real technical details about vulnerabilities. It leads with a list of tools as opposed to identifying problems to be solved which may limit readers to running tools and not thoroughly understanding the underlying issue. Although the book does link to a large number of resources to fill in the gaps this leaves the reader requiring to read the book with a tablet to hand to access all of the additional resources.


Overall I would recommend this book, especially to intermediate penetration testers who understand the majority of the underlying technologies and issues but simply want a catalogue of tools that can assist automate many of the tasks. Also worth the purchase for more seasoned attacks to keep in their kit-bag, should their usual tool or technique fail and they need a quick plan B! Although I believe that a tool-first, theory-later approach is bad for true beginners.