Book Review: "How to Hack Like a GOD"

"How to Hack Like a GOD: Master the secrets of hacking through real life scenarios" by Sparc Flow was another great, unique, and masterful penetration testing book, and a really quick read. The book is short but conveys tons of awesome techniques in the form of a story while hacking the company GibsonBird, from end to end. I purchased it off of Amazon for ~$16 and read the ~100 page hardcopy in about two sittings. Overall, I give this book 7 / 10 stars, for very similar reasons to Hack Like a Pornstar. I recommend the book to pentesters looking for more tricks or methods to breach and persist. The book executes it's attacks from the perspective of a black hat hacker, or unlawful attacker, yet despite this perspective Sparc includes a stark reminder of illegal hacking activities right at the beginning. After reading three of these Sparc books, I noticed a good deal of overlap between them, such as the majority of the anonymity tips and the MainFrame hacks. Despite that, these are legitimately advanced and practical texts on penetration testing; aka this book is far from your typical Metasploit guide. There was also no table of contents, so I documented the following and made it available in my typical fashion:

Chapter 1: Prep and pep talk
1.1: $30,000 for that coat, you said?
1.2: Holy grail
1.3: Treasure Map
Chapter 2: Gearing up
2.1: Multi-layered approach
2.2: The magical berry
2.2.1: Shopping for success
2.2.2: Ready to boot
2.2.3: Bridges in the sky
2.3: Breaking in
Chapter 3: Awareness
3.1: Sniffing around
3.2: The S in IoT stands for Security
3.3: Better than Netflix
3.4: First credz - Welcome to the team
Chapter 4: Domain apotheosis
4.1: Active Directory
4.2: Hit replay!
4.3: Empire to the rescue
4.4: Breaking free
4.5: Windows El Dorado
Chapter 5: Abusing trust
5.1: Gaming the network
5.2: Sales domain
5.2.1: Getting to know each other
5.2.2: Exploiting trust
5.2.3: Beyond that FTP service
5.3: HR domain
5.3.1: Getting to know each other - again
5.3.2: Hunting for data
5.3.3: Board meetings
5.4: Data exfiltration
Chapter 6: Summary

Overall, this was an exceptional book on penetration testing and I recommend it to anyone doing pentesting professionally, as it may spark some new ideas or reinforce good techniques. Most of the techniques I was familiar with, however I did learn about some cool hacker gear, like this BLEKey device which intercepts unencrypted Wiegand communications and replays them on the wire. I also enjoyed the bit on The Golden Ticket technique, I thought that was awesome. That said, I didn't like some of the high level descriptions of things, such as RSA cryptography, I felt these should have just been skipped or linked to a more authoritative source rather than attempt to explain them in one or two paragraphs. I also didn't like how the hardcopy of the book didn't have any page numbers, this made it harder to reference things or know exactly where I was in my progress through the book. I always enjoy all of the links and how Sparc would reference tons of community tools and pentester write-ups, these references allow readers to branch into more in-depth articles on specific topics. I also liked all of the Windows domain pentesting, such as using Empire or PowerView to navigate around a Windows domain. Finally, their companion site is now fully running (as opposed to last time when it was still a place holder). The companion site now includes tons of code, neat hacker-gadgets, blog posts, and even a training program! Bottom line, check out these new, excellent, hacking resources, I guarantee they won't disappoint.