Feeds

Anti-Hacker’s Toolkit

How they do it, so you can stop them

  • alert
  • submit to reddit

SANS - Survey on application security programs

Book review Sometimes it just pays to think bad thoughts. And, sometimes, it might even be a good idea to act on those bad thoughts. No, that doesn't mean you go out and shoot your boss. It does mean thinking bad thoughts about security. It means thinking like a hacker (no, not that sort of hacker, the sort that attacks your software/server/system).

We all know that security shouldn't be an afterthought when it comes to system design and development, but unless you know how a hacker attempts to crack a system how can you code for it?

The Anti-Hacker Toolkit isn't really designed for developers as such. It's a book that's aimed at those who need to defend rather than offend, which in practice means system admins, security personnel, web developers and so on. It takes the view that the best way of defending against attacks is to understand how attacks take place - what tools and techniques are likely to be used to launch attacks? And just what are the different types of attacks?

As suggested by the title, the book is a complete toolkit (with the individual tools included on the attached CD). It covers in some detail a very wide range of tools and utilities, with detailed instructions on how to use them, what the different options are and common usage scenarios.

The tools are organised by type: multi-function tools (including complete environments, such as VMware); server audit tools (from basic port scanners through to brute force password cracking, server hardening, backdoors and root kits); network auditing and defence (starting at the firewall and moving on to network reconnaissance, port redirectors, sniffers, wireless tools etc) and, finally, a section on incident response and computer forensics.

As you would expect from a book devoted to tools, the focus on the book is decidedly practical. That's not to say that it's just a glorified all-in-one manual for the tools that are covered. It's the material on usage that makes the book valuable, it shows how the tools can be used to attack (or seek out vulnerabilities in) networks and servers.

The book is fairly agnostic as to operating system, and there's coverage of Unix, Linux and Windows tools and systems. A willingness to dive to the command line is pretty much compulsory for all systems, however. Given the cross-platform nature of the beast, the authors recommend cygwin as a way of getting a Linux-like environment under Windows. The attached CD also includes a copy of Gnoppix, which is a CD-bootable Linux distribution that uses the Gnome desktop. It enables a Windows user to reboot into Linux and to access the security tools that come as standard with that operating system.

To be clear, this isn't a book about IT security as an abstract concept - and there are no chapters devoted to attempting to understand what drives hacking as a subculture, for example - it's a book devoted to the most useful of the tools and utilities used by hackers.

Title: Anti-Hacker Toolkit, 3rd edition

Anti-Hacker ToolkitVerdict: If you want to get to grips with the tools of the hacking trade, then this is a great place to do it.

Author: Mike Shema, Chris Davis, Aaron Philipp, David Cowen

Publisher: Osborne McGraw-Hill

ISBN: 0072262877

Media: Book

Buy this book at Cash 'n' Carrion. ®

3 Big data security analytics techniques

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.