Ninja Hacking, 1st Edition

Unconventional Penetration Testing Tactics and Techniques

 
Ninja Hacking, 1st Edition,Thomas Wilhelm,Jason Andress,ISBN9781597495882
 
 
Up to
25%
off
 

  &      

Syngress

9781597495882

9781597495899

336

235 X 191

Think like a ninja and discover new ways to execute internal and external penetration tests!

Print Book + eBook

USD 59.94
USD 99.90

Buy both together and save 40%

Print Book

Paperback

In Stock

Estimated Delivery Time
USD 37.46
USD 49.95

eBook
eBook Overview

VST format:

DRM Free included formats: EPub, Mobi, PDF

USD 37.46
USD 49.95
Add to Cart
 
 

Key Features

  • Discusses techniques used by malicious attackers in real-world situations
  • Details unorthodox penetration testing techniques by getting inside the mind of a ninja
  • Expands upon current penetration testing methodologies including new tactics for hardware and physical attacks

Description

Ninja Hacking offers insight on how to conduct unorthodox attacks on computing networks, using disguise, espionage, stealth, and concealment. This book blends the ancient practices of Japanese ninjas, the historical Ninjutsu techniques in particular, with the present hacking methodologies. The first two chapters incorporate the historical ninja into the modern hackers. The white-hat hackers are differentiated from the black-hat hackers. The function gaps between them are identified. The next chapters explore strategies and tactics using knowledge acquired from Sun Tzus The Art of War applied to a ninja hacking project. The use of disguise, impersonation, and infiltration in hacking is then discussed. Other chapters cover stealth, entering methods, espionage using concealment devices, covert listening devices, intelligence gathering and interrogation, surveillance, and sabotage. The book concludes by presenting ways to hide the attack locations and activities. This book will be of great value not only to penetration testers and security professionals, but also to network and system administrators.

Readership

Penetration testers; Security consultants; IT security professionals including system / network administrators; hackers

Thomas Wilhelm

Thomas Wilhelm has been involved in Information Security since 1990, where he served in the U.S. Army for 8 years as a Signals Intelligence Analyst / Russian Linguist / Cryptanalyst. A speaker at security conferences across the United States, including DefCon, HOPE, and CSI, he has been employed by Fortune 100 companies to conduct risk assessments, participate and lead in external and internal penetration testing efforts, and manage Information Systems Security projects.Thomas is also an Information Technology Doctoral student who holds Masters degrees in both Computer Science and Management. Additionally, he dedicates some of his time as an Associate Professor at Colorado Technical University and has contributed to multiple publications, including both magazines and books. Thomas currently performs security training courses for both civilian and government personnel through Heorot.net, and maintains the following security certifications: ISSMP, CISSP, SCSECA, and SCNA.

Affiliations and Expertise

ISSMP, CISSP, SCSECA, and SCNA, Associate Professor at Colorado Technical University

View additional works by Thomas Wilhelm

Jason Andress

Jason Andress (ISSAP, CISSP, GPEN, CEH) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.

Affiliations and Expertise

(ISSAP, CISSP, GPEN, CEH) is a seasoned security professional with a depth of experience in both the academic and business worlds.

View additional works by Jason Andress

Ninja Hacking, 1st Edition


About the Authors

About the Ninjutsu Consultant

About the Technical Editor

Introduction

Chapter 1 The Historical Ninja

    The Historical Samurai

         Bushido

         Samurai Weapons

    The Historical Ninja

         Origins of the Ninja

         Stories of Ninja

         Ninja Code of Ethics

         Ninja Weapons

    Samurai Versus Ninja

         Ethical Differences

         Battlefield Use

         Weapons

    Summary

    Endnotes

Chapter 2 The Modern Ninja

    Modern-Day Ninjutsu

    White Hats versus Black Hats

         Black Hat Hackers

         White Hat Hackers

         Ninja Hackers - or Zukin

    Ethics of a Modern-Day Ninja

         Modern Ninja Ethics - Family

         Modern Ninja Ethics - Community

         Modern Ninja Ethics - Homeland

         Modern Ninja Ethics - Appropriateness

    Summary

    Endnotes

Chapter 3 Strategies and Tactics

    The Art of War - Breaking the Rules

    Laying Plans

         Five Constant Factors

         Warfare Is Based on Deception

    Waging War

         No Cleverness in Long Delays

         Rousing Anger

         Victory - Not Lengthy Campaigns

    Maneuvering

         Practice Dissimulation

         Strike Fast - Strike Wisely

         Studying Moods

    The Use of Spies

         Five Classes of Spies

         Rewards for Spying

    Preconceived Notions

         Psychological Warfare

         Manipulating the Enemy’s Perception

    Summary

    Endnotes

    Acknowledgment

Chapter 4 Exploitation of Current Events

    Playing on People’s Fears and Curiosity

         E-mail Attacks

         Search Engines

    Exploiting Patch Windows and Processes

         Patch Windows

         Patch Processes

    Summary

    Endnotes

Chapter 5 Disguise

    Hensojutsu (Disguise)

         Impersonating People

    The Modern “Seven Ways of Going”

          mployees

         Badges and Uniforms

         Vendors

    Virtual Disguises

         Anonymous Relays

    Summary

    Endnotes

Chapter 6 Impersonation

    Pretexting

         Scholastic

         Business

         Rural

         Religious

         Public Figures

         Labor

         Uniformed

    Phishing

         The Sender

         The E-mail

         The Web Site

         Fraudulent Certificates

    Summary

    Endnotes

Chapter 7 Infiltration

    Lock Picking and Safe Cracking

         Avoiding the Lock

         Subverting Locks without Leaving Evidence

         Opening Safes

         Compromising Proximity Card Systems

         Defeating Biometric Systems

    Alarm System Evasion

         Creating False Positives

         Alarm Sensors

    Trusted Networks

         Employee or Contractor Home Networks

         Vendor or Partner Networks

         Nonstandard Internal Networks

         Legacy Networks

    Summary

    Endnotes

Chapter 8 Use of Timing to Enter an Area

    Tailgating

         Physical Tailgating

         Network and System Tailgating

    Intrusion Detection System Avoidance

         Physical Intrusion Detection Systems

         Logical Intrusion Detection Systems

         Administrative IDS

         Out-of-Band Attacks

         Honeypots

    Summary

    Endnotes

Chapter 9 Discovering Weak Points in Area Defenses

    Traffic Patterns

         Physical Traffic

         Logical Traffic

    Gates, Guns, and Guards

         Gates

         Guns

         Guards

    Information Diving

         Physical Information Diving

         Logical Information Diving

    Summary

    Endnotes

Chapter 10 Psychological Weaknesses

    Baiting

         The Modern Trojan Horse

         The Con

    Social Engineering

         The Five Elements

         The Five Weaknesses

         The Five Needs

         Social Engineering and the Kunoichi

    Summary

    Endnotes

Chapter 11 Distraction

    Use of Big Events

         Holidays

         Sporting Events

         Company Events

         Environmental Events

    Shill Web Sites

         Spurious Company Data

         Social Networking

         False Search Engine Results

    Multipronged Attacks

         Distractors

         Attacking on Multiple Fronts

         Attack Timing

    Summary

    Endnotes

Chapter 12 Concealment Devices

    Mobile Devices

         Detection Methods

         Mobile Device Trends

    Data Smuggling

         Encryption

         Concealment

    Summary

    Endnotes

Chapter 13 Covert Listening Devices

    Radio Frequency Scanners

         Bluetooth

         Cellular

    Key Logging

         Software Key Loggers

         Hardware Key Loggers

         Placing Key Loggers

         Retrieving the Data

         Not Getting Caught

    Spyware

         Stealing Personal Information

         Stealing Credentials

         Modifying Configurations

         Installing Spyware

         Using Spyware Quietly

    Clandestinely Placed Sensors

         Audio

         Video

         Other Electromagnetic Radiation

    Summary

    Endnotes

Chapter 14 Intelligence

    Human Intelligence

         Sources of Human Intelligence

         Relationship Analysis

         Debriefing and Interrogation

    Interrogation Techniques

         Deception

         Good Cop/Bad Cop

         Suggestion

         Drugs

         Torture

    Clandestine Human Intelligence

         Penetrating Organizations

         Clandestine Reporting

         Resources

    Summary

    Endnotes

Chapter 15 Surveillance

    Gathering Intelligence

         Resumes and Job Postings

         Blogs and Social Networks

         Credit Reports

         Public Records

    Location Tracking

         GPS Tracking Devices

         Other Devices that Provide Location Information

    Detecting Surveillance

         Technical Surveillance Countermeasures

         RF Devices and Wiretapping

         Detecting Laser-Listening Devices

         Detecting Hidden Cameras

         Physical Surveillance

    Antisurveillance Devices

         RF Jammers

         Defeating Laser-Listening Devices

         Blinding Cameras

         Tempest

    Summary

    Endnotes

Chapter 16 Sabotage

    Logical Sabotage

         Malware

         Data Manipulation

    Physical Sabotage

         Network and Communications Infrastructure

         Counterfeit Hardware

         Access Controls

    Sources of Sabotage

         Internal

         External

    Summary

    Endnotes

Chapter 17 Hiding and Silent Movement

    Attack Location Obfuscation

         Protocol-Specific Anonymizers

         Filtered Protocol Tunneling

    Compromised Hardware

         Memory Sticks

         Hard Drives

         Cell Phones

         Network Devices

    Log Manipulation

         User Log Files

         Application Log Files

    Summary

    Endnotes

Index




Quotes and reviews

"The hacking community is fraught with Eastern military comparisons. Like the ninja, we are continuing to come out of the shadows of our communal origins and grow into respected members of a larger society. As our industry matures, it demands more formal education, strict regulations and an adherence to a code of ethics. Therefore it becomes increasingly difficult to incorporate the culture of the unconventional warrior into our new world. Enter Wilhelm and Andress, who make it safe to show off your fu again. By the end of this book, the security professional is given the philosophical foundation along with a practical framework from which to leverage the way of the ninja. What could be cooler?"--Overall, Ninja Hacking has excellent relevant material and a significant amount of Ninja lore and history. While this book is not a technical reference, it is an excellent choice for someone who has an interest in Ninjas or someone who is looking for inspiration to think differently about penetration testing and security concepts. The mappings for traditional Ninja skills to the skills of today are mostly well-coupled and are always relevant to how the leaders in the field are addressing security today."----Donald C. Donzal, Editor-in-Chief, The Ethical Hacker Network

"When they put "unconventional" in the title, the authors weren't exaggerating. Perhaps the most unusual book written on computer security, this volume centers around detailed descriptions of the ethics, mindset, and tactics used in the Japanese martial arts commonly called ninja. The history of ninja fighting arts and the samurai warriors who practiced them are described in the first chapter. Each subsequent chapter presents specific ninja tactics, including intelligence, use of weapons, surveillance, and sabotage, then applies them to effective computer security management. Both authors are computer security specialists. The book also benefits from a Ninjutsu consultant, Bryan R. Garner, and a technical editor, Joshua Abraham."--SciTechBookNews

"With the good blend of historical techniques and its modern day application there is something in here for everyone."--Hakin9

"Be in no doubt, credibility is high for this book..All in all, while the writing style is light, the content is, for lack of a better term, meaty. This is definitely not recommended as an entry level book, but it is an excellent resource for penetration testers and those thinking of commissioning pen tests on their systems."--Paul Baccas, NakedSecurity.com, Oct. 25, 2011,

 
 
Save up to 25% on all Books
Shop with Confidence

Free Shipping around the world
▪ Broad range of products
▪ 30 days return policy
FAQ

Contact Us