The Hacker Playbook 3
Practical Guide to Penetration Testing — Red Team Edition
Peter Kim's hands-on red-team field manual: assumed-breach scenarios, lateral movement, AV/EDR evasion, and the operational rhythm of a real engagement rather than a checklist of CVEs.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Peter Kim
- Published
- 2018
- Publisher
- Independently published
- Pages
- 290
- Language
- English
Read this if
Junior-to-mid red teamers and pentesters moving past CTFs into corporate engagements who want a coherent narrative of how an op flows. The strongest part is the assumed-breach mindset — the assumption that you start from a foothold and have to make it count.
Skip this if
Readers expecting 2024-current tradecraft. Cobalt Strike, Sliver, EDR-bypass research, and modern identity attacks (AAD, conditional access, OAuth abuse) have all moved on since 2018. Treat the techniques as concepts, not commands.
Key takeaways
- Assumed breach is the right starting frame for almost any modern engagement; perimeter-to-DA scenarios are increasingly fiction.
- The book's value is the workflow — recon, foothold, escalate, persist, exfil — not the specific tools used to demonstrate it.
- Pair every chapter with a current blog source; the toolchain rotates faster than print can track.
Notes
Best used as a structural map — read each chapter, then look up the 2024-current equivalent of every tool it names. THP2 is more dated; THP4 has been rumored but not shipped. Pair with Red Team Field Manual for the cheat-sheet companion and with the Mandiant / CrowdStrike threat reports for the real-world tradecraft baseline. The audience for this book today is people who haven't yet internalized the operational arc; once you have, you graduate to ATT&CK and primary research.
What to read before
What to read before The Hacker Playbook 3 →Beginner · 2014
Penetration Testing
Georgia Weidman's lab-driven introduction to pentesting, walking the reader from setting up a target environment through scanning, exploitation, post-exploitation, and reporting.
Intermediate · 2025
Metasploit
The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.
Intermediate · 2018
Pentesting Azure Applications
Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.
What to read next
What to read after The Hacker Playbook 3 →Intermediate · 2025
Metasploit
The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.
Intermediate · 2018
Pentesting Azure Applications
Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.
Advanced · 2017
Attacking Network Protocols
James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.
Explore similar books
Alternatives to The Hacker Playbook 3 →Intermediate · 2025
Metasploit
The second edition of the definitive No Starch guide to the Metasploit Framework, updated by the project's original maintainers and newer contributors for the modern Framework.
Intermediate · 2018
Pentesting Azure Applications
Matt Burrough on attacker behaviour against Azure tenants: identity, storage, VMs, key material handling, and the recon paths that work against real subscriptions.
Beginner · 2014
Penetration Testing
Georgia Weidman's lab-driven introduction to pentesting, walking the reader from setting up a target environment through scanning, exploitation, post-exploitation, and reporting.