Hacking Books

I just could not believe the content of this book. It blows you aware to think that Imtiaz Malik and Richard Scott published the underground material. I especially liked the BT hacking and the phone tricks that they describe. By all means they gave the areana a book that has exploded a new generation of exploit books. Currently, it's material is a little old, though it;s guiding priniciples are up there. May be a few demo exploits would be nice. I hear they are to release a new book, can;t wait.

BTW - Looking at the contributors, it seems a lot of people helped but this book together, well done to everyone.

I met with the authors at a book signing at Access All Areas II, and they quite a laugh too. I'm just glad that my book was signed by them!!!

Get it before it vanishes like the old Hugo Cornwall books!

Forget all these books with http links in them and very little content. This book will always be helpful. It's a book that details specific of computer security. The book introduces the basic aspeccts of computer security, without bending the mind of the reader!

I liked how the details were presented and how THIS book included UK phone phreaking.

I wait for a new edition from Malik and the other contributors to this book. I am sure a new edition would blow away the other "http" link books by far.

This is the worst book on security I have seen in a long time. The information on hacking and phreaking has been put together by cut and pasting from the net. I'm certain this book didn't have a technical editor, if it did, it wouldn't have been published.

None of the information here could help you break into or secure a machine that has been turned on in the last 10 years.

Save your money, buy another book. My guess is the former reviewers are about 12 years old.

I wanted a book that could get me started in Computer Security. not just the usual things like encryption, but a real insight in to hacking and hackers. The Telecomunications ection is quite useful, and very interesting.

Although slighty old now, it's still good as a reference, and it isn't packed with http:// links like most books.

I also like the interview with a ahcker, although short, but to the point, was entertaining! I would love to see this book updated with new things, yet keep the style of the book. It was easy to read and gave me great advice on to where to go to next for ideas.

If you want to start somewhere, begin here.

I found this book to be fantastic. Whether you are an experienced investigator of computer network security incidents (as I am for government/military/commercial organizations) or a neophyte just getting into the field of computer forensics, this book takes you through everything you need to know. The chapter on how the author handles an investigation in detail from start to finish is great. I'm applying what I learned there already. The coverage of forensic tools such as EnCase and tools from NTI is great. He gives me step by step information on how to use these tools, which I really need because you can't remember everything to do with all the tools I am involved with. The various reference sections on web sites, tool sites, attack signatures, etc. has been extremly useful for me and various organizations I work with. It's great to have the DOJ Search & Seizure Guidelines in the book. Sure, I can go out to the DOJ website and after some searching find them, but it is difficult to work through all the various links, I can't take notes there, make underlines, etc. It's really nice to have these and other guidelines in a handy written reference. This is one book that goes with me and my team members whenever we leave for a client site. It has just about everything we need for reference purposes. The author calls it a field guide and that is just what it is. I highly recommend this book. Very practical. I just hope the author is going to write another book...no doubt we will pick it up.

I've definately read better computer forensics books. 90% of the applications that the author recommends and describes how to use are not downloadable and cannot be purchased in a software store! All the links point to a 'contact a sales agent today!' This makes me ask, "Is Bruce a paid spokesperson for Forensics-Intl.com"
Additionally the author goes from very basic information to very complex information, leaving out very important middle information. I've been working with computers for more than 17 years and if I found this book to be somewhat cryptic, a newbie isn't going to understand any of the critical information that he/she should know before attempting to perform any kind of computer forensics.

I was disappointed with the Cyber Crime Investigator's Field Guide. Half of the book (Appendix G) is simply a printout of the US Department of Justice Search and Seizure Guidelines. Although the guidelines are required reading, one should not have to pay for information that is available for free on the Department of Justice Web site. Chapter 6 of the book is a series of questions and answers on various subjects. The questions and answers are valuable, but the overly brief answers do not provide readers with the rationale behind the answers.

The book is not without merit, though; Chapter 9, "Case Study," describes the general course of action a forensic examiner should take when involved in a computer investigation. The author details what he does in the course of a general forensic investigation -- from the time he gets the call, to his ride from the airport to the client site, to the on-site pre-briefing, and beyond.

I've heard Bruce Middleton speak at international security conferences before and followed some of the articles he has written in the past on information security so when I noticed that he had written a book on investigating computer security incidents (CyberForensics), I knew it would be a great book to have. I was not disappointed. This is definitely a book for professionals in this field (like he says...it's a field book...something you take to the field with you for reference). Someone new to the field would also get alot out of the book if they have access to the professional level software he uses throughout the book (outstanding software from Guidance Software [EnCase], NTI [their computer forensics tool suite] and AccessData [their FTK = Forensics ToolKit] ). Even if you don't have the software currently and you want to break into this field, it's a great book to buy due to the fact that he goes into detail explaing various process, procedures, methodologies, etc that firmly relate to solving computer related crimes. I also understand that he is holding hands-on training classes with this software and using this book as the foundation. Bottom line...this book is an excellent "must have" for a CyberForensics professional working in the field and a great read for those wishing to break into this field.

I read Extreme Exploits because the content looked intriguing and I am familiar with applications written by lead author Victor Oppleman. The back cover states the book is "packed with never-before-published advanced security techniques," but I disagree with that assessment. While I found all of the content helpful, between 1/3 and 1/2 of it is probably available in older books -- including several by publisher McGraw-Hill/Osborne. Nevertheless, I find the strength of the network infrastructure security sections powerful enough to recommend Extreme Exploits.

I found Extreme Exploit's most innovative material in chapter 1 (Internet Infrastructure), 2 (ISP Security Practices), 4 (Reliable Connectivity), 8 (Email Gateways, Filtering, and Redundancy), 10 (Sinkholes and Backscatter, and 14 (Performing the Assessment, Part 1). These chapters introduced projects like RADB, IRRd, INOC-DBA (a VoIP "hotline" for ISPs), the Distributed Checksum Clearinghouse (an anti-spam system), and Hashcash (to consume CPU cycles and frustrate spammers). Subjects like questions to ask ISPs, ways to multi-home, and using anycast to improve redundancy were also welcome. A comment that spammers are using people who register with porn sites to pass CAPTCHA tests really surprised me! Ch 10's coverage of ISP sinkholes was clear, and I learned about triggered blackhole routing. Advice on checking publicly announced routes was cool, especially the reference to the author's Pwhois system.

Although the vulnerability and patch management information in ch 12 was fairly routine, I also liked the author's mention of recent industry projects like the NIAC vulnerability lifecycle and Common Vulnerability and Scoring System.

Other chapters mainly covered topics found in other books, like Hacking Exposed, Gray Hat Hacking, or Hardening Network Security (all Osborne titles). Most of the book contains sound advice, but I must disagree with several assertions made in ch 7 (Intrusion Detection and Prevention). These include the "rejection" of the value of passive detection (p 116), the "logical transition" where detection and prevention converges into firewalls (p 116), the idea that intrusion prevention systems are "less prone to insertion and evasion attacks" (p 120), and "signature-based IDS normally do not have an understanding of the underlying protocol that they are examining and simply perform byte-by-byte pattern matching" (p 121).

Almost all of the vulnerability assessment material could have been cut, aside from the BGP query and network infrastructure advice in ch 14. The misnamed "exploiting digital forensics" chapter (16) tempts the reader into thinking it will cover anti-forensics, but really it's an overview of network-, host-, and memory forensics in 26 pages. An excerpt from p 332 summarizes the problem with the chapter: "At this point, you might be asking, what do I do with the data?" Still, ch 16 deserves an honorable mention for describing multiple tools with which I was not familiar or had only passing familiarity. These included Foremost by Jesse Kornblum and Kris Kendall, Disktype, and Memdump.

In terms of structure, I liked the fact that every chapter concluded with a "checklist for developing defenses" summarizing important points in an actionable format. The writing is always clear, and the diagrams are excellent. Many of the network infrastructure suggestions are supported by command-line syntax and examples, consistent with Osborne's Hacking Exposed style.

Overall, I think most everyone will learn something by reading Extreme Exploits. Those with a decent amount of experience or who have read books already mentioned might find some of the book repetitive. Despite this, I learned a lot about network infrastructure and I look forward to reading Victor's upcoming book on "Carrier Class Network Security."

The book has two major sections: (a) configuration and maintenance practices, and (b) techniques for vulnerability assessment. The breadth of coverage of many modern techniques and terminology is very good; they go in-depth on a few topics here and there.

The basic assumption of section (a) is that you're trying to defend against unknown/unfixable threats. This is basically the current (2001-2005-) school of thought on security and leads to default-deny policies. This book has lots of good information on how to implement default-deny. The book convinced me that it's much more difficult than a default-deny firewall rule.

The book has many contributing authors; this probably contributes to its strength.
Many books are focused on ISPs, or on enterprises (read: "windows clients and servers with a firewall"), or on software developers, or VoIP carriers. This book has some good material for all of those types.

It's written from a Unix perspective. It does have some coverage of analyzing threats to Windows-based systems, but you'll get the most value from the book as an analyst/administrator if you use some sort of Unix. They have a BSD bias.

The authors also have an bias towards open-source software.

But it's not perfectly integrated, and the organization isn't ideal everywhere. For example, there are two sections of the book that discuss buffer overflows, apparently contributed by two different authors.

The index is only minimal; it only covers one of the sections on stack overflows. Bad indexes are a common problem in technical books from some publishers.

Regardless of how many steps you take to secure your organizational computing environment, there's always some new exploit waiting to nail you. The best you can do is to understand your network and stay on top of the technology. Extreme Exploits - Advanced Defenses Against Hardcore Hacks by Victor Oppleman, Oliver Friedrichs, and Brett Watson can help you in that pursuit, especially in the networking realm...

Contents:
Part 1 - Core Internet Infrastructure for Security Professionals: Internet Infrastructure for Security Professionals; ISP Security Practices - Separating Fact from Fiction; Securing the Domain Name System
Part 2 - Defending Your Perimeter and Critical Internet Infrastructure: Reliable Connectivity; Securing the Perimeter; Redefining the DMZ - Securing Critical Systems; Intrusion Detection and Prevention; E-mail Gateways, Filtering, and Redundancy; Data Leaks - Exploiting Egress; Sinkholes and Backscatter; Securing Wireless Networks
Part 3 - Network Vulnerability Assessments: Vulnerability and Patch Management; A Winning Methodology for Vulnerability Assessments; Performing the Assessment - Part 1, Performing the Assessment - Part 2
Part 4 - Designing Countermeasures for Tomorrow's Threats: Exploiting Digital Forensics; Viruses, Worms, Trojans, and Other Malicious Code; Exploiting Software
Index

The authors of this book are real gurus when it comes to networking technology. I worked with Brett Watson at a prior place of employment, and I can attest to the fact that he really knows his trade. In the first part of this book, they go into networking and security probably deeper than any other book I've had the opportunity to review. To get the most out of the material, it helps to be firmly grounded in networking technology. If you're not a network administrator or if you're just starting out, you'll probably struggle to keep up. Parts 2 and 3 are also valuable sections. Part 2 continues the in-depth analysis of how best to protect your network from attack, along with software recommendations to implement your security plans. And if you aren't already using a formal methodology to continuously review your network security, Part 3 will help you set up the necessary framework to implement a solid security review. Part 4 probably is the weakest part of the book, in that most of the material is available from multiple other sources, and doesn't necessarily fit into the "extreme exploits" flavor of the rest of the book. It's good information, to be sure... Just not all that unique or special if you've read more than one other security book.

One feature at the end of each chapter stood out and works well... It's a "Checklist for Developing Defenses" along with a recommended reading list. Using the checklist allows you to make sure you understood what each chapter was getting at, as well as giving you a roadmap for implementing security in the particular area that was just discussed. And if a particular chapter was really applicable to your organization, the follow-up reading can help you get even deeper into the material. Good practical technique for helping the reader move from theory to application...

If you have the basics of network security down, it's time to pick up a copy of this book. While you may have to work at understanding the material, it will pay off in a system network that is much more secure than most...

Here is the thing - I am giving this book a high score (4) since it contains unique and fun content related to network infrastructure attacks and defenses, which I have not seen anywhere else. In my view, the good stuff justifies such score, although I suspect that some other reviewers will sledgehammer the book for having too much of routine material covered in other previous books, including the venerable Hacking Exposed.

While I had a general idea of how providers mitigate DDoS attacks, I did not know the specifics of unicast reverse-path forwarding method, described in the book. Similarly, I picked up a lot of material of setting up sinkholes for dropping traffic (and, more specifically, how they are better than ACLs in many cases).

From other topics, I liked their coverage on the evolution of DMZ from simple designs of years past to current security zone design.

The book also presents a lot of up-to-date material, such as the coverage of security information management (SIM), vulnerability management and recent security standards, such as CVSS. It doesn't go into details in some places where I'd wanted it to, but still is interesting to read.

On the other hand, some chapters are disappointing and seem to be in the book for it to appear "comprehensive". Forensics chapter is one of those (it is also mistakenly called "Exploiting Forensics", while no exploitation is taking place)

I recommend the book for most people, from beginners to advanced, since the former will enjoy the breadth of coverage while the latter will likely benefit from the network infrastructure protection (and devastation, of course!) tips. In addition, defense checklists in the end of each chapter are useful for those who do not have time to go and study the material in-depth. The book is slightly biased towards the defense side, with good coverage of the attacking side as well.

Dr Anton Chuvakin, GCIA, GCIH, GCFA is a recognized security expert and book author. In his current role as a Security Strategist with netForensics, a security information management company, he is involved with defining future features and conducting security research. A frequent conference speaker, he also represents the company at various security meetings and standard organizations. He is an author of a book "Security Warrior" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and the upcoming "Hacker's Challenge 3". Anton also published numerous papers on a broad range of security subjects. In his spare time he maintains his security portal at info-secure.org and a blog at O'Reilly"

This particular book by Britz, is but one more example of her commitment to detail in all of her works. Like her previous books, this book is both readable and comprehensive. It is one that I myself have adopted in my computer crime course, and I am anxiously awaiting the second edition. The chapters on the legal issues and the history of computer crime are unparalleled in the extant literature. More succinctly, the greatest strength of the book is its' sheer readibility. Designed for undergraduates, this particular text is a must read for any beginner interested in computer crime and computer investigations. Unlike other books in the field which prove to be far too advanced for novices, Britz's book allows even the most unsophisticated reader to appreciate and understand the problems associated with the investigation of computer crime, as well as recognize emerging trends in this area. Please, please, provide a second edition as soon as possible!!

"Computer Forensics and Cyber Crime," written by Marjie T. Britz and, publish by Pearson Education Inc., seems to be a very well balance book, why? It just took me few minutes, between reading the introductory notes and "browsing" to its chapters, to understand that this book is well sequenced and organized.

This author explains in rather a pleasant way this subject and gradually internalizes the students by attracting them to a more extensive regions of Computer forensics, as it is data analysis, reporting or computer investigations.

This is an important and interesting field, that is capturing the
attention of many professionals and envolves many disciplines, I just read the other day in one of those infamous blogs, "Computer Archeologists are using new and powerful computer forensics tools to examine and gain understanding of 'lifted data' that apparently was written 25 years ago." Nevertheless, this author seems to have made all the efforts to bring comprehensiveness by illuminating fundamental relationships,** not only between computer history and cyber crime, if not among many issues surrounding the applications of the fourth amendment and the understanding of the limits of government decency.

The management of these seemingly intricate relationships is crucial for our immediate future, as a nation, experiencing a yet unexplored global economy which is using extensively and intensively the eCommerce over intranets, internets and the Internet, and as a nation, which some how needs to preserve the individual freedoms and leadership that rightly so, has been acquired through all its years of existence, with hard work, determination and within the framework of its fundamental democratic values.

The author closes this book by looking at the world's future issues with respect to cyber crime and even gives us routes by which we could answers most of the urgent and pressing dilemmas of our digital epoch. Do you want to know the answer, well read the book yourself and find out what this book offers.

In conclusion, this book is readable, manages and balances many aspects of this new subject, besides it seems as a good starting point and a splendid reference, from which any student can continue to build their expertise on computer forensics and Cyber crime.

** [even the use of technology to commit crimes is well referenced by this book, I observed a photograph of Bonnie and Clyde, who used then the recently invented automobile for outsmart the police of their times, p.
31]

This would have been a superb book if it had been published in 2001 or so. Coverage is wide and quite detailed -- unfortunately, it appears the research for the book was done in 2000 (that's the publication date of the msot recent references in the bibliography)and a lot of things have changed since then.
The chapters on case law and the actual process of collecting and analyzing evidence are excellent and serve to whet our appetite for an up-to-date book with that kind of detailed coverage.
Insofar as many of the best principles in evidence collection and anlysis are the old ones, this book is quite useful but it is certainly not a state of current practice presentation.

This is far the greatest linux book that I have read. I used this book for 4 yrs, eventhough i spill water on it, i did recover it and still used it. I hope GM can create a new book for the new linux distros like this.

The great content is marred by countless grammatical foibles which make the book nearly unreadable. Here's an example: "By default denying access to every one, is the first step of a reliable security policy. In this way we eliminate the possibility of forgetting someone or to making a mistake."

This is the GREATEST LINUX book I ever known. A must have book for every linux geek!

Thanks Gerhard for the great masterpiece, keep the good job on and you have my support.

I was looking for a book that would teach me how to do things. I can find lots of information on the internet, but I wanted techniques collaborated in one book by a professional. What I found was a lot of legal background, and historical background. I am not starting a computer forensics firm, but I do want to be able to track down, if some sort of mishap occurs. This book provides low level information, like dissecting Netscape, and going through and showing you how to track someone's steps through Netscape Navigator. I wanted some more practical knowledge that I could use to fight spammers, or to show me how to deal with intrusions on my system. I was disappointed with this book, but I hope that you won't be.

This book is an excellent follow-on book to Computer Forensics: Incident Response Essentials by Kruse and Heiser, which introduces the fundamentals. This book goes much deeper and is more technical than the Kruse and Heise, therefore the ideal audience is practicing professionals who have prior experience in forensics and a wide range of hardware, software and network knowledge.

Tools and techniques are presented in painstaking detail. I was unable to find a single gap or omission, which speaks highly of the editorial and review process behind this book's 464 pages. While most technical disciplines can dispense with finer details, the nature of forensics is to overlook nothing. If you find the step-by-step thoroughness boring that is an indication that forensics may not be your forte; if you're an experienced professional you'll appreciate the coverage of every technique or use of tools.

While the discussion of tools and techniques will satisfy even the most experienced practitioner, I found the detailed discussion of legal aspects, HR considerations and overall security and incident response processes to be the book's strongest points. This area is what sets forensics experts apart from technicians, and it is here that the book (in my opinion) adds the most value. Procedures ranging from how to properly gather, preserve and control evidence, to legal considerations for designing processes are covered in clear language, as are US and international legal guidelines.

Parts that I especially like include: intrusion management and profiling, up-to-date information on electronic commerce legal issues, the numerous checklists and cited resources, and the clearly delineated process for dealing with incidents.

If you're new to forensics you will probably get more from this book by first reading Computer Forensics: Incident Response Essentials by Kruse and Heiser. If, however, you have previous computer forensics experience or are currently serving in that role this book is probably one of the best investments you can make.

That's what we say in Texas about someone who is full of flash and style, while light on the substance. An apt description of this edoc.

The book has an attractive design and the layout is interesting. The content, however, leaves something to be desired. The text is a self-congratulatory rant about how this ad agency (excuse me, provider of "high performance cross-media marketing service programs")opted to sell their white papers as Amazon edocs. Then, they chose to create this edoc in the hope of reaching the #1 spot on the edoc bestseller list. Their strategy was to give it a provocative title and price it low.

There is no how-to here, even to be forcibly extracted from the telling of their experiences. I'm giving three stars to this edoc for the design. All hat, no cattle.

Great read!
Tom Simons has too much time on his hands.
Bravo.

This was used as the textbook for the ethical hacking class I took last fall. It was a great intro book although some of the links are outdated and the CD did not work (the CD did not work for anyone regardless of the source - including the campus bookstore)

I kept the book for reference.

I purchased this book new from Amazon. I just recentley found out that the software disk provided no longer works and that there should have been a new version disk included with the book. You must have the correct disk to complete the labs. So basicly I have a new door stop!
Buyer Beware!

Under the covers of one book, the authors present a coherent view of the various network security packages freely available. The bias is in favour of open source tools, if only because these are free. The book goes deeper than just explaining how to run Nessus or Ettercap or... [etc] Most chapters involve the writing of plug-ins or extensions to those tools. Actually, another criterion for a tool to be covered in this book seems to be if it has precisely this ability to be extended by any competent person (like you).

Thus, the book is directed slightly more towards the network programmer than the network sysadmin. Though this is by no means a sharp demarcation, I hasten to add. In fact, you might be a sysadmin dissatisfied with running your current Intrusion Detection System package simply just out of the box. If so, try actively programming plug-ins using this book, to adapt the IDS to your actual network situation.

In recent years the proliferation of open source network security tools has been a boon to all aspects of the IT industry. This era was given more significance with the release of the tool SATAN, which easily enabled administrators to scan their networks for vulnerabilities. Since then, many of the most favored tools in the infosec industry are open source. This means that users can extend them as they see fit, but often this is a difficult task. Dhanjani and Clarke's book Network Security Tools is there to assist you in modifying existing tools and even writing your own.

The book is divided into two main sections, modifying several popular tools like Nessus and Metasploit, and writing new tools for the Linux kernel and the network using libpcap and libnet. Written for the intermediate-level user, NST gets right to it in Chapter 1, diving right into writing plug-ins for Nessus. Because vulnerabilities appear every day and may differ on the network you're examining, you may have to write your own plug-in that someone else hasn't. Or you may want the fame and notoriety of writing these plug-ins quickly and accurately. Whatever your motivation, you'll learn how to use NASL to write your extension. While the license has recently changed for Nessus, the version that this book targets, 2.x, will always be GPL and available for you to use.

The existing tools covered in the book - Nessus, Ethereal, Ettercap, Metasploit, Nikto, Hydra. and PMD - are designed to be extended. They have a framework and often a rich API (or, in the case of Nessus, their own language) to allow you to write those extensions. Each of the chapters on these frameworks covers some of the same basic format, namely an overview of the tools, the framework, and then an example plug-in or extension. The quality of the chapters varies, presumably due to the natural differences in the authors' experiences. However, you'll learn something in each of them.

The second half of the book covers writing your own tools against four or five different landscapes. These are Linux kernel modules and kernel-level rootkits, web assessment tools (in Perl), an automated exploit tool, and sniffers and packet injection tools (using libpcap and libnet). The authors wisely show how to take a small tool, a recon scanner from Chapter 8, and extend it in Chapter 9 to make it an automated exploit tool. Pretty cool, and you wind up with a neat web-testing tool out of it. With some more work, you can make it a framework for any sort of web-based attack methodology. The authors use clear examples and a decent presentation style to deliver a quality set of chapters.

The same can be said for the two chapters on network tools, the sniffer and the packet injector. You'll build a simple ARP sniffer with pcap and libnet, and then move on to a simple SYN scanner and then a tool called 'Airjack', which i designed for a Linux environment. Again, clear code, and the authors do an effective tour of the process by which they build some simple, but representative, tools.

Overall I'm quite pleased with NST, I think the authors have delivered a concise, practical and valuable book on the subject. While there are several frameworks available for security tools, this the first single book on the subject of writing plug-ins and extensions for most of the main tools out there. While the authors are a bit skimpish at times on the material, due to space constraints or matters of expertise, they do a good job of showing clear examples that anyone can use. If you've been curious about extending existing security tools with your own code, this is probably the best single place to start.

This book serves as a good introduction to the main seven areas of information technology reguiring ethical considerations. It is suitable for anyone who is new to computing with a social concience.