Ninja Hacking, 1st Edition

Unconventional Penetration Testing Tactics and Techniques

Ninja Hacking, 1st Edition,Thomas Wilhelm,Jason Andress,ISBN9781597495882






235 X 191

Think like a ninja and discover new ways to execute internal and external penetration tests!

Print Book + eBook

USD 59.94
USD 99.90

Buy both together and save 40%

Print Book


In Stock

Estimated Delivery Time
USD 49.95

eBook Overview

VST format:

DRM Free included formats: EPub, Mobi, PDF

USD 49.95
Add to Cart

Key Features

  • Discusses techniques used by malicious attackers in real-world situations
  • Details unorthodox penetration testing techniques by getting inside the mind of a ninja
  • Expands upon current penetration testing methodologies including new tactics for hardware and physical attacks


Ninja Hacking offers insight on how to conduct unorthodox attacks on computing networks, using disguise, espionage, stealth, and concealment. This book blends the ancient practices of Japanese ninjas, the historical Ninjutsu techniques in particular, with the present hacking methodologies. The first two chapters incorporate the historical ninja into the modern hackers. The white-hat hackers are differentiated from the black-hat hackers. The function gaps between them are identified. The next chapters explore strategies and tactics using knowledge acquired from Sun Tzus The Art of War applied to a ninja hacking project. The use of disguise, impersonation, and infiltration in hacking is then discussed. Other chapters cover stealth, entering methods, espionage using concealment devices, covert listening devices, intelligence gathering and interrogation, surveillance, and sabotage. The book concludes by presenting ways to hide the attack locations and activities. This book will be of great value not only to penetration testers and security professionals, but also to network and system administrators.


Penetration testers; Security consultants; IT security professionals including system / network administrators; hackers

Thomas Wilhelm

Thomas Wilhelm has been involved in Information Security since 1990, where he served in the U.S. Army for 8 years as a Signals Intelligence Analyst / Russian Linguist / Cryptanalyst. A speaker at security conferences across the United States, including DefCon, HOPE, and CSI, he has been employed by Fortune 100 companies to conduct risk assessments, participate and lead in external and internal penetration testing efforts, and manage Information Systems Security projects.Thomas is also an Information Technology Doctoral student who holds Masters degrees in both Computer Science and Management. Additionally, he dedicates some of his time as an Associate Professor at Colorado Technical University and has contributed to multiple publications, including both magazines and books. Thomas currently performs security training courses for both civilian and government personnel through, and maintains the following security certifications: ISSMP, CISSP, SCSECA, and SCNA.

Affiliations and Expertise

ISSMP, CISSP, SCSECA, and SCNA, Associate Professor at Colorado Technical University

View additional works by Thomas Wilhelm

Jason Andress

Jason Andress (ISSAP, CISSP, GPEN, CEH) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.

Affiliations and Expertise

(ISSAP, CISSP, GPEN, CEH) is a seasoned security professional with a depth of experience in both the academic and business worlds.

View additional works by Jason Andress

Ninja Hacking, 1st Edition

About the Authors About the Ninjutsu Consultant About the Technical Editor Introduction Chapter 1 The Historical Ninja     The Historical Samurai          Bushido          Samurai Weapons     The Historical Ninja          Origins of the Ninja          Stories of Ninja          Ninja Code of Ethics          Ninja Weapons     Samurai Versus Ninja          Ethical Differences          Battlefield Use          Weapons     Summary     Endnotes Chapter 2 The Modern Ninja     Modern-Day Ninjutsu     White Hats versus Black Hats          Black Hat Hackers          White Hat Hackers          Ninja Hackers - or Zukin     Ethics of a Modern-Day Ninja          Modern Ninja Ethics - Family          Modern Ninja Ethics - Community          Modern Ninja Ethics - Homeland          Modern Ninja Ethics - Appropriateness     Summary     Endnotes Chapter 3 Strategies and Tactics     The Art of War - Breaking the Rules     Laying Plans          Five Constant Factors          Warfare Is Based on Deception     Waging War          No Cleverness in Long Delays          Rousing Anger          Victory - Not Lengthy Campaigns     Maneuvering          Practice Dissimulation          Strike Fast - Strike Wisely          Studying Moods     The Use of Spies          Five Classes of Spies          Rewards for Spying     Preconceived Notions          Psychological Warfare          Manipulating the Enemy’s Perception     Summary     Endnotes     Acknowledgment Chapter 4 Exploitation of Current Events     Playing on People’s Fears and Curiosity          E-mail Attacks          Search Engines     Exploiting Patch Windows and Processes          Patch Windows          Patch Processes     Summary     Endnotes Chapter 5 Disguise     Hensojutsu (Disguise)          Impersonating People     The Modern “Seven Ways of Going”           mployees          Badges and Uniforms          Vendors     Virtual Disguises          Anonymous Relays     Summary     Endnotes Chapter 6 Impersonation     Pretexting          Scholastic          Business          Rural          Religious          Public Figures          Labor          Uniformed     Phishing          The Sender          The E-mail          The Web Site          Fraudulent Certificates     Summary     Endnotes Chapter 7 Infiltration     Lock Picking and Safe Cracking          Avoiding the Lock          Subverting Locks without Leaving Evidence          Opening Safes          Compromising Proximity Card Systems          Defeating Biometric Systems     Alarm System Evasion          Creating False Positives          Alarm Sensors     Trusted Networks          Employee or Contractor Home Networks          Vendor or Partner Networks          Nonstandard Internal Networks          Legacy Networks     Summary     Endnotes Chapter 8 Use of Timing to Enter an Area     Tailgating          Physical Tailgating          Network and System Tailgating     Intrusion Detection System Avoidance          Physical Intrusion Detection Systems          Logical Intrusion Detection Systems          Administrative IDS          Out-of-Band Attacks          Honeypots     Summary     Endnotes Chapter 9 Discovering Weak Points in Area Defenses     Traffic Patterns          Physical Traffic          Logical Traffic     Gates, Guns, and Guards          Gates          Guns          Guards     Information Diving          Physical Information Diving          Logical Information Diving     Summary     Endnotes Chapter 10 Psychological Weaknesses     Baiting          The Modern Trojan Horse          The Con     Social Engineering          The Five Elements          The Five Weaknesses          The Five Needs          Social Engineering and the Kunoichi     Summary     Endnotes Chapter 11 Distraction     Use of Big Events          Holidays          Sporting Events          Company Events          Environmental Events     Shill Web Sites          Spurious Company Data          Social Networking          False Search Engine Results     Multipronged Attacks          Distractors          Attacking on Multiple Fronts          Attack Timing     Summary     Endnotes Chapter 12 Concealment Devices     Mobile Devices          Detection Methods          Mobile Device Trends     Data Smuggling          Encryption          Concealment     Summary     Endnotes Chapter 13 Covert Listening Devices     Radio Frequency Scanners          Bluetooth          Cellular     Key Logging          Software Key Loggers          Hardware Key Loggers          Placing Key Loggers          Retrieving the Data          Not Getting Caught     Spyware          Stealing Personal Information          Stealing Credentials          Modifying Configurations          Installing Spyware          Using Spyware Quietly     Clandestinely Placed Sensors          Audio          Video          Other Electromagnetic Radiation     Summary     Endnotes Chapter 14 Intelligence     Human Intelligence          Sources of Human Intelligence          Relationship Analysis          Debriefing and Interrogation     Interrogation Techniques          Deception          Good Cop/Bad Cop          Suggestion          Drugs          Torture     Clandestine Human Intelligence          Penetrating Organizations          Clandestine Reporting          Resources     Summary     Endnotes Chapter 15 Surveillance     Gathering Intelligence          Resumes and Job Postings          Blogs and Social Networks          Credit Reports          Public Records     Location Tracking          GPS Tracking Devices          Other Devices that Provide Location Information     Detecting Surveillance          Technical Surveillance Countermeasures          RF Devices and Wiretapping          Detecting Laser-Listening Devices          Detecting Hidden Cameras          Physical Surveillance     Antisurveillance Devices          RF Jammers          Defeating Laser-Listening Devices          Blinding Cameras          Tempest     Summary     Endnotes Chapter 16 Sabotage     Logical Sabotage          Malware          Data Manipulation     Physical Sabotage          Network and Communications Infrastructure          Counterfeit Hardware          Access Controls     Sources of Sabotage          Internal          External     Summary     Endnotes Chapter 17 Hiding and Silent Movement     Attack Location Obfuscation          Protocol-Specific Anonymizers          Filtered Protocol Tunneling     Compromised Hardware          Memory Sticks          Hard Drives          Cell Phones          Network Devices     Log Manipulation          User Log Files          Application Log Files     Summary     Endnotes Index

Quotes and reviews

"The hacking community is fraught with Eastern military comparisons. Like the ninja, we are continuing to come out of the shadows of our communal origins and grow into respected members of a larger society. As our industry matures, it demands more formal education, strict regulations and an adherence to a code of ethics. Therefore it becomes increasingly difficult to incorporate the culture of the unconventional warrior into our new world. Enter Wilhelm and Andress, who make it safe to show off your fu again. By the end of this book, the security professional is given the philosophical foundation along with a practical framework from which to leverage the way of the ninja. What could be cooler?"--Overall, Ninja Hacking has excellent relevant material and a significant amount of Ninja lore and history. While this book is not a technical reference, it is an excellent choice for someone who has an interest in Ninjas or someone who is looking for inspiration to think differently about penetration testing and security concepts. The mappings for traditional Ninja skills to the skills of today are mostly well-coupled and are always relevant to how the leaders in the field are addressing security today."----Donald C. Donzal, Editor-in-Chief, The Ethical Hacker Network

"When they put "unconventional" in the title, the authors weren't exaggerating. Perhaps the most unusual book written on computer security, this volume centers around detailed descriptions of the ethics, mindset, and tactics used in the Japanese martial arts commonly called ninja. The history of ninja fighting arts and the samurai warriors who practiced them are described in the first chapter. Each subsequent chapter presents specific ninja tactics, including intelligence, use of weapons, surveillance, and sabotage, then applies them to effective computer security management. Both authors are computer security specialists. The book also benefits from a Ninjutsu consultant, Bryan R. Garner, and a technical editor, Joshua Abraham."--SciTechBookNews

"With the good blend of historical techniques and its modern day application there is something in here for everyone."--Hakin9

"Be in no doubt, credibility is high for this book..All in all, while the writing style is light, the content is, for lack of a better term, meaty. This is definitely not recommended as an entry level book, but it is an excellent resource for penetration testers and those thinking of commissioning pen tests on their systems."--Paul Baccas,, Oct. 25, 2011,

Cyber Monday SALE Upto 50 Percent OFF | Use Code CYBER14
Shop with Confidence

Free Shipping around the world
▪ Broad range of products
▪ 30 days return policy

Contact Us