Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses

I'm well into the book now and can tell you that it definitely lives up to all those 5 star ratings. As others have said, it is an easy, enjoyable, and very informative read. Depending on your ultimate objectives you may eventually want to get even deeper into the technical aspects of security but for starters and for a good long term reference this book is excellent.

Buy it. You won't be disappointed.

Rating:
Summary: Great, if a bit dated in 2003
Review: I got a copy back in November 2001, but the book still deserves all the praise. It simply shows that a well-written infosec book doesn't have to be "fresh" or to be in the umpteenth edition to be fun and useful.

It has all the components of a great book: logical presentation style, wide material coverage from concepts to command line switches, humor, plenty of details on attacks and defenses.

The book presents a typical attack sequence (from recon to maintaining access) and goes into details on all its stages. A distinctive feature of the book is that the security tools descriptions are present not as the "man page rephrase" (a senseless stream of options and parameters), but instead woven into the fabric of the attack flow, thus making it much more interesting.

The book is focused more on the attack side, while containing small tips on protecting and blocking various described attacks. I also liked author's coverage of UNIX rootkits. Another awesome part of the book is three scenarios in the end. I was lucky to be present when then author presented the "Monstrous Software" attack case (#3 in the book) at the seminar and it was just as hilarious as it was enlightening.
Overall, the book is still a very useful addition to any security book library. Perhaps a second edition is in the works, Ed? More web attacks, novel application hacking and wireless stuff will sure come handy.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

Rating:
Summary: Very happy with this book...recommended!
Review: I have to give a security presentation in class soon, and this book has been a tremendous help in my studies. I didn't have any previous skill or knowledge with security/hacking. I've skimmed through a bunch of different books, but I think this book was one of the best ones that I've come across. The book seems very comprehensive, covering the whole spectrum of attacks and defenses. There's a lot of information in this book to absorb. The layout and readability were about as good as you'll find in any computer science related book.

If you're just getting started like me, I think this book would be a great foundation to start with.


Rating:
Summary: Sensational book!
Review: Let me start with a disclaimer. I find network and computer security very interesting, but have never looked into it in-depth before (other than a paper I once wrote on worms and viruses). I have a strong programming background (The usual suspects - C/C++, Perl, Fortran, Pascal, Assembly), but I'd never even HEARD of netcat before, and sure as heck didn't know what a rootkit did. Sure, knowing Assembly I understand how a stack functions, so buffer overflows made sense before Ed's explanation. But the rest of the book was all foreign to me, so keep in mind this a review from a security newbie.

This book was excellent for me. I read it cover to cover, and it was almost like reading a spy and/or detective novel, with details of what the spies and detectives do. The plot was the phases of a network attack, and I could almost hear the Mission Impossible theme in the background at times when I was looking at the output from some of the applications. I don't know if this is normal for a security book (like I said, I'm a newb), but Counter Hack was great to read straight-through, and I have no doubt I'll frequently refer to portions in the future.

I found Ed's overviews of topics that would be used in the rest of the book exceptional - they really were exactly what you needed to know, with no extra fluff. Concisely written and well-explained, but I didn't feel like I was being treated as a three-year-old. I had previous knowledge of OS's and networking, but Counter Hack's first few chapters were excellent refreshers, and in some cases spectacular insight into how things work together (I constantly referred back to OSI's 7-layer model for TCP/IP).

To be honest, I did find some typos and things that were odd (though perhaps I just thought them odd due to lack of knowledge). For example, Ed says a subnet mask is XOR'd with an IP address to determine the network address versus the host address. XOR? If I XOR my address... let's see:
11000000 10101000 00000001 00000001 (192.168.1.1)
11111111 11111111 11111111 00000000 (255.255.255.0)
00111111 01010111 11111110 00000001 (127.87.254.1?!)

This is an obvious typo for someone who has background knowledge of networking... but isn't that my point? Should have been caught before going to press. Still, when I have to pick out a single WORD of an entire book to have something bad to say, you know the book is a great one.

I highly recommend this book, definitely to people new to the field (like me!), but perhaps those of you who have in-depth knowledge will learn some things you didn't know (or fully understand) before. And now, onto Malware!

Rating:
Summary: Excellent Book, Easy to Read, Practical & Resourceful
Review: Overall, highly recommended, it's a no doubt five stars quality book. Even though I borrowed this book from library, I just place an order to purchase my own copy. Excellent reference material!

This book covers two major parts: (1) All-you-need-to-know Overviews, and (2) Hacking Skills. Ed only takes about 20% of his entire book portion for giving readers the overview of all important knowledge such as Networking,Unix & Windows. For those overviews chapters, they are all well-written and extremely easy to follow even for complicated concepts. By themselves, they already worth the book value, and they're excellent for refreshing those key & important knowledge & concepts.

The second part of the book mainly addresses various hacking approaches. The contents are exactly same as Ed's desktop seminar 'The Hack Counter-Hack Training Course', which is a computer-based training video on CD-ROM. However, this book provides much more details and in-depth explanation on how-things-done. Again, it's really well-written to depict the complicated hacking techniques. If you purchase the Ed's The Hack Counter-Hack Training Course, I strongly recommend you to buy this book as your reference material. They should go in pair.

Rating:
Summary: This shows how to avert hacks with a counter hack
Review: Recent security books have dealt exclusively with point security issues such as Windows NT security, Cisco router security, and TCP/IP security. Although point security is necessary, it does not provide the necessary level of security unless the varied points are integrated. This year, a number of security books have bucked the point-security-only trend and have concentrated on security from an integrated architecture perspective. The most noteworthy of these titles has been Ross Anderson's Security Engineering.

Another worthy title is Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses. The self-described Next Generation Hacker Book promises to be "a step-by-step guide to defending against hacker intrusions." Rather than focusing on a single technology to secure, Skoudis shows readers how to design and defend their networks against myriad threats. His step-by-step approach is to partition the hacking process into five phases (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks, and Hiding) and to detail the steps within each phase.

As noted by Anderson in Security Engineering, most systems are designed to keep out the "good guys" --those who follow the rules but may occasionally bypass them. Hackers and other adversaries -- who do not follow the rules -- require a unique set of constraints to keep them out of corporate networks.

The book opens with a crucial topic: knowing your threats and not underestimating your adversary. Although most people may put all adversaries under the blanket class of "hackers," there are a number of antagonistic groups, each of which possesses a unique set of threats. Unless an organization knows who its adversaries are -- whether internal employees (the true cause of most security incidents), organized crime, disgruntled consultants, remote hackers, customers, suppliers, or hactivists -- there is no way its network can be appropriately secured. Counter Hack details what course of action to take in order to protect against attacks, whether they originate from a low-level script kiddy or a world-class hacker.

Skoudis' step-by-step approach to effectively securing a network begins with an introduction to the operations of TCP/IP. Most experienced readers can bypass this section. The next two chapters provide an overview of Unix and Windows NT/2000, which are the most commonly installed operating systems in corporate America. Although most security books address Windows NT/2000 and Windows PPTP (Point-to-Point Tunneling Protocol), Skoudis astutely notes the huge security ramifications of running them.

The following sections detail how hackers perform reconnaissance and scanning attacks against networks in order to penetrate them. Skoudis details the fundamentals of port scanning and the use of scanning tools such as nmap.

Chapter 7 covers applications and operating-system-level attacks. It includes an excellent overview of buffer-overflow attacks and how to obviate them. This is a crucial point for programmers who are often unaware of the specific dangers of buffer overflows.

The book details the dangers of Trojan horses, backdoors, and root kits, which are often difficult to detect once they are installed. Skoudis covers the nastiest backdoor, kernel-level root kits, and execution redirection in particular. The danger of execution redirection is that the hacker can intercept a call to run a certain application and map that call to another application . It is basically a bait-and-switch attack, except that the victims do not know that they are being attacked.

Skoudis has an easy-to-read style. When he mentions a hacking tool, he effectively describes how the tool works and how it can be employed to secure a system. Skoudis also includes a number of stories written in the first-person. It is a pleasure to read a security book written by a professional who has in-the-trenches experience, as opposed to someone who thinks copying RFC's makes for an original book.

If you have a network connected to the Internet, you will inevitably be hacked. This book shows how to avert such attacks with a counter hack. For a wide-ranging overview of how to secure a system against myriad adversaries, do yourself, your employer, and your networks a favor and read Counter Hack.

Rating:
Summary: A true winner !!
Review: There are books, special books and VERY special books.
The STEVENS 'Tcp/Ip Illustrated Vol I', is (as you surely know) a very special book. 'Counter Hack' deserves the same qualification.
Well written and structured, this book covers all classic issues about computer security, as well as very actual and interesting topics like 'IDS Evasion' and 'Rootkits'.
The summary of chapter 4 (Windows NT/2000 Overview) and the whole Chapter 12 (Anatomy of an Attack) are both masterpieces.
Chapter 11 (Covering Tracks and Hiding) is a welcome extra (rarely found in similar books), and in every chapter several useful security tools are discussed in detail (and the related URL shown).
From beginners to experts, this book is a valuable reference for everyone. I own about 30 'computer security' books, and actually could discard 25 with no significant losses (aging and excessive repetition). Of course, if this were the case, 'Counter Hack' would be one of the 5 survivors.

Rating:
Summary: Big Picture Book
Review: This book is great for the security person who only knows one system well and a little about everything else. Get the Big Picture of security throughout your network. Gain the security knowledge required on the systems where your skills may be lacking.

Rating:
Summary: Hacking demystified
Review: This book really exposes what hacking is all about. It takes the mystery out of how attackers actually penetrate systems and the tools that they used. After reading for the first time, I have a good understanding of how attacks work. I plan on reading a second time to put all the pieces together and may delve deeper into the tools that they use. There are so many links that after the first 50 pages I stopped bookmarking and decided to review later. Bottomline, a great book for the money.