Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios

For any system administrator this book provides an invaluable way to test your talents and expertise against real-world hacking events in a safe environment using multiple hardware and software products. This book is a must-have for anyone serious about the security of their systems and their ability to recognize and thwart hackers before, during and after an attack. I highly recommend this book for the beginner looking to build their abilities to a veteran looking to confirm or update their skills.

Rating:
Summary: Schiffman = love
Review: Schiffman is the coolest. His tattoos rock, and his judo is like Menudo. I'm gonna use my company's training budget to buy his books just cuz he's cool.

Rating:
Summary: Schiffman = love
Review: Schiffman is the coolest. His tattoos rock, and his judo is like Menudo. I'm gonna use my company's training budget to buy his books just cuz he's cool.

Rating:
Summary: The real thing...
Review: So, you'd like to know more about real security incidents and computer forensics... then this could be your book!
Note however, that for the book being profitable, you should already have a good understanding of the matter.
The presentation is a bit melodramatic trying to sell a 'mystery' image. Twenty cases of security incidents are presented under suggestive names (e.g., 'A Thousand Razors', 'Omerta', and so on..) and of course, twenty separated 'solutions' are proposed as well. Unfortunately, the presentations are quite heterogeneous, ranking from very clever ones to real 'puzzles'.
As for the issues covered, the range is quite broad, including among others:
- Directory traversal attacks
- VPNs attacks
- Wireless attacks
- Buffer overflows
- E-mail sniffing
- Macintosh hacking
- DoS attacks
- Trojan codes
- Forensic analysis

Three or four cases can be easily solved, but some of the challenges are almost impossible to solve due to the weakness of the supplied clues.
At the bottom line, the book is well worth to be purchased. It is original (almost unique) and very useful in expert hands. Once the cases are solved, all the information makes sense, giving you twenty illustrative case studies.

Rating:
Summary: Very nice
Review: The author details exploits for IIS, SQL Server, Solaris and even Macintosh. The book definately makes you think, and will probably remind you of a couple holes you might need to patch. The author even provides URL's to online resources that you can use to protect from these attacks, or learn more. Hard to put the book down! Recommended reading!

Rating:
Summary: Great Book
Review: The best chapter definately was the fifth chapter. So much information. elite!

Rating:
Summary: Good book but light on info
Review: The premise of the book really intrigued me so I picked it up. While the writing is good and there is some really good information, I don't think the information content was quite worth the money. Not to spoil the mystery for you, but several of the hacks described really just boiled down to a particular type of attack (to compromise) followed by something else. Similarly, the logs provided (for publishing purposes) have to be truncated. In essence, the reader is spoon-fed because only relevant logs are shown; quite different than real life where an admin may be facing 20 Mb of logs that they have to sift through.

One last point. The author of one of the sections was Tim Mullen. Had I known that beforehand, I would not have purchased the book. I've read his articles on securityfocus.com and have little respect for his abilities in the security field. Luckily, he only authored one scenario.

Rating:
Summary: Good book but light on info
Review: The premise of the book really intrigued me so I picked it up. While the writing is good and there is some really good information, I don't think the information content was quite worth the money. Not to spoil the mystery for you, but several of the hacks described really just boiled down to a particular type of attack (to compromise) followed by something else. Similarly, the logs provided (for publishing purposes) have to be truncated. In essence, the reader is spoon-fed because only relevant logs are shown; quite different than real life where an admin may be facing 20 Mb of logs that they have to sift through.

One last point. The author of one of the sections was Tim Mullen. Had I known that beforehand, I would not have purchased the book. I've read his articles on securityfocus.com and have little respect for his abilities in the security field. Luckily, he only authored one scenario.

Rating:
Summary: Wow, alot better than I thought!
Review: This book seemed like it might be kinda campy, but when I actually got inside, it was great! I learned alot about how the other side works... Also Mike's obscure references were hilarious!