Hack Attacks Revealed: A Complete Reference with Custom Security Hacking Toolkit

Bud Kading Tech Coordinator

Rating:
Summary: You'll like the book if you think these quotes are correct
Review: Many praise this book but may not recognize its shortcomings. Here is a sampling of specific excerpts of technically incorrect material. Any odd grammar is a result of directly quoting the book.

p. 28: "When a connection is established between two nodes during a TCP session, a three-way handshake is used. The process starts with a one-node TCP request by a SYN/ACK but, and the second node TCP response with a SYN/ACK bit. At this point, as described previously, communication between the two nodes will procede. When there is no more data to send, a TCP node may send a FIN bit, indicating a close control signal. At this intersection, both nodes will close simultaneously."

p. 93: "These first 1,024 ports are reserved for system services; as such, outgoing connections will have port numbers higher than 1023. This means that all incoming packets that communicate via ports higher than 1023 are replies to connections initiated by internal requests."

p. 97: "The crucial issue with port 7's echo service pertains to systems that attempt to process oversized packets... this problem is commonly referred to as the "Ping of Death" attack. Another common deviant to port 7 is known as "Ping Flooding."

p. 19: "Unfortunately, this service [chargen] is vulnerable to a telnet connection that can generate a string of characters with the output redirected to a telnet connection to, for example, port 53 (domain name service (DNS)). In this example, the flood of characters causes an access violation fault in the DNS service, which is then terminated, which, as a result, disrupts name resolution services."

p. 106: "As there are limitations in the development of a standard windows system for UNIX, the word from the Underground indicates that hackers are currently working on exploiting fundamental flaws of this service [news]."

p. 107: "When this port [exec] is active, or listening, more often than not the remote execution server is configured to start automatically. As a rule, this suggests that X-Windows is currently running."

p. 108: "Although this [talk, ntalk] seems harmless, many times it's not. Aside from the obvious -- knowing that this connection establishment sets up a TCP connection via random ports -- exposed these services to a number of remote attacks."

p. 109: "Without the necessary filtration techniques throughout the network span, these ports [klogin, kshell, kerberos] are vulnerable to several remote attacks, including buffer overflows, spoofs, masked sessions, and ticket hijacking."

p. 161: "A stealth scanner never completes the entire SYN/ACK process, therefore bypassing a firewall, and becoming concealed from scan detectors."

The book also offers:

p. 110- 147: 37 pages of trojan tool screenshots

p. 231 - 271: 40 pages on DOS (yes, Disk Operating System) commands

p. 373 - 405: 32 pages on DOS terminate and stay resident (TSR) programming, in case you need your circa 1991 x286 box to run your favorite text-based game

Beyond page 405, at least 250 pages (more than 25% of the book) are nothing more than printouts of C code.

The author says on p. xv: "The difference between this book and other technical manuscripts is that it is written from a hacker's perspective," and on p. xvi: "My goal is to help mold you become a virtuous hacker guru."

If this material is any indication, I have nothing to fear from the legions of "hacker gurus" who will learn from this book. I won't have any trouble weeding them out during technical interviews for job openings, either.

Rating:
Summary: Would not recommend
Review: I would not recommend this series of books. I am the web developer at a major financial institution and I picked them up to gain more insight on web security and hackers. I didn't care for the writing style, nor the sense of humor. All the crud in here that I will never use mades me shake my head. I handed them over to our security engineer for his opinion. His one-sentence analysis was "what a waste of time". Endless useless pieces of information crammed into this book just to fill up the pages and make it look impressive. This 'complete reference' doesn't even include information about XWindows, the default windowing system for Unix. None of the ideas in this book come across clearly. This series of books should be under fiction or humor rather than in the technical section.

Rating:
Summary: One of the Best!
Review: I've read some other Security and Hacker books that are out there and this is the best so far. Authors usually give a quick overview of some of the tools scripts and attacks that are out there but they rarely go into great depth. I like seeing the source code for the tools so you can see what is going on. This book is a must have for anyone into security.

Rating:
Summary: Good book..
Review: This is a good book and i advise anyone who has is a sysadmin to read this. The chapters concerning communication protocols is very deep and it's is a lot better read then the OSI-book.

This book is also nice since it shows you a lot of screenshots from hackingtools which are actually in use, this will stimulate one again to educate the users of a network not to run any emailed attachments.

The list of public portnumbers and their programs is handy since some of the portnumbers are run by programs with a different name.

The tutorials concerning C are a bit light if you are a serious programmer, if you are not a programmer then this is helpfull since it gives you some background one you scan the source code (which is plenty).

The cd-rom is also nice because of the hacker toolkit. I've read some other 'hacker-handbooks' but this one is the best so far. My complaint with the other books is that they frequently referenced the internet. This book packs a lot of usefull and sometimes entertaining information..

Oh yeah, the hacker manifesto is almost poetry ;) really cool.

Rating:
Summary: Best book out there on the topic
Review: ...

Anyone that is worried about securing there information, these books are a must have resource. These two books are essential information for knowing and understanding how a hacker thinks and how hacker gets into your network. I was truly amazed at the information and the way it is presented is where for both types of users, advanced and Novices.

Doesn't matter if you're new to this area of the IT industry or a veteran. These two books are a must have resources. It doesn't matter if you're a small business or a large IT firm. Hackers are trying to get anyone and everyone. It is best to be prepared.

There is a set of utilities that come with the book, which is great. The book has a lot of real life examples and plenty of resources on the CD...

Rating:
Summary: All you need to know about hacking
Review: John Chirillo now a renowed superhacker as well as a security expert has written this book called Hack attacks Revealed.The book itself is a very indepth book containing everthing you need to know about hacking and a understanding of all the the different protocols on the internet. For anybody interested in learning about hacking all the information you need is in this book and is definately worth buying.No more searching through the internet wasting hours to find out little bits of information or going through hacking chat rooms getting told rubbish its all in this book.

Rating:
Summary: Book for Script Kiddies/novices
Review: I'm sorry but 700 pages of paper doesn't make a book. Every chapter goes into little to no detail about any subject. There's lots of rambling code that's not explained. You can get that code off the net with explaination for free. This book does nothing useful except compile printouts of some code. Not only that, but there are hardly any mention of advanced hacking techniques. Who needs explaination of how to code in C. Buy a book on C, don't rehash the whole thing (badly) just to fill pages. I felt like everything in the book was done just to make it bigger.

Everything that is on the CD is printed out in the pages. So you see page after page of code with no comments or explaination other than "this code will do a denial of service attack with some modification". Who cares, there's no explaination of how and why the attack works or how to prevent it!

If you are a novice, perhaps you'll get some information from this book. But at it's price you are better off without it. For anyone more advanced, avoid this book altogether. There is not even a discussion on how to block against these hacks! Believe me, I scanned the book looking for anything worthwhile. I couldn't beleive it, there was nothing! He lists a bunch of unix commands like "cd, awk, etc.." and then says "these commands can be exploited to gain root". Well, how? He doesn't even explain anything at all!!

If you've been around then you will not learn anything new from this book. He doesn't even talk about buffer overflows, come on. I was so disappointed.

I made the mistake of taking all the stars for the book as meaning it's a good book. The index misleads you to think the subjects listed are covered, but they are not. Merely, mentioning something doesn't classify it as being discussed.

I give it one star because I couldn't give less, I'm sorry.

If you want something worhwhile to read then read books by Bruce Shneider. At least he knows a little something about security.

:(

Rating:
Summary: a verry good read :)
Review: have you ever wanted to know about the basics to advanced network securing? Then this book will suite you fine, I found myself studing for a security course from school (microsoft) and was thouroughly disapointed on content, but HACK ATTACKS REVEALED was not like this it startes out simple but soon draws you into a mode of thought that you wont find in most security courses, so if you want a exelent resource for protecting your home pc or your network @ the office give this book a read, the software that comes with it is great and you will learn alot no matter what level you are @......

Rating:
Summary: Opened a new world of knowledge!
Review: I have little knowledge of computer mechanics, but this book taught me with no problem to understand how systems and networks come under fire. It also helped me to see weaknesess in my own system. If you want to understand and learn how to hack, this is the book for you. If you want to protect you're system you have to understand what you're up against and ohboy do you see! The software included opens new doors for understanding and offers alot of scanners, crackers,trojans,bombers,and spoofers that you can use for contests and simulations at [...]! No not only at [...] that is well nevermind. The website also offers quick responses to any technical or mindstumbling questions you might have!!! Their support is the best I seen since microsoft!!!