Hacker's Challenge 2: Test Your Network Security & Forensic Skills

Aside from that it reads just like the first volume and is just as good in almost every way. But for the fact that in this volume the editors decided not to tell you which author wrote which chapter which I would have like to have known.

Rating:
Summary: Awesome book, great reading
Review: The second "The Hacker's Challenge" brought with it another sleepless night of fun security reading. 19 attack cases with solutions and mitigation and prevention strategies are described by a team of known expert authors led by Mike Schiffman.

Impressive wireless DoS attack, social engineering penetrations (including one case with no technical penetration whatsoever), mysterious web defacements, SQL injection, DNS tunneling case and router attack inform and educate, just as the first book did. Authors' mildly perverse sense of humor keeps the reader in a good mood. The book begs to be read in one helping (and then reread, as needed)! "The Challenge 2" again covers a wide range of victims and attack methods.

An interesting case asks for writing an exploit and provides a walkthrough for a simple local buffer overflow attack, a novel feature of this edition.

At about scenario 12, things start to heat up and solving the case starts to require some thinking. Harder to crack cases and more sophisticated attackers up the fun level and value of information learned. Just as in the first book, solving the case usually takes some log analysis, some security knowledge and careful reading about character actions and observations.

In addition to technology-astute readers, the book will also satisfy the hard-core security policy fans. Some of the questions asked about the cases involve policy decisions.

As for the book minor blemishes, it suffers a bit from a "sequel syndrome". Namely, since the first book was so amazingly good, it is very hard to beat it and most people will compare it to the first one. Let's say that "The Challenge 2" is almost as good as its predecessor. A couple of scenarios sound somewhat ridiculous (e.g. one on "wireless terrorists"). Another couple is painfully obvious (few people are impressed by a /bin/sh bound to a port in inetd.conf or by a default router password nowadays). In addition, the scenario names often give out a hint that spoils the fun of "cracking" the story ("Freeloader" and some others).

Overall, the book is a must have, both for its educational and entertainment value. The Hacker Challenge books fuse fun storyline, mystery and technical information in one great package, that makes for awesome reading for all technical readers, in security field and beyond. It was clearly a great idea to invent such a "security thriller" book.

Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

Rating:
Summary: Slightly better. . .
Review: Yes, Slightly better than the first edition.
However, if you need or like this kind of books give first a try to "Stealing the Network: How to Own the Box" by Ryan Russell, the same idea, but a lot more illustrative and easy to read (still with the same level of very up to date information).
Some extra bucks to spend ?. . . OK, then try both, they complement each other very well.