Anti-Hacker Tool Kit [Paperback]

Keith Jones (Author), Bradley C. Johnson (Author), Mike Shema (Author)

Book Description

ISBN-10: 0072222824 | ISBN-13: 978-0072222821 | Publication Date: June 25, 2002 | Edition: 1

Get in–depth details on the most effective security tools and learn how to use them with this hands-on resource. A must-have companion to the best-selling security book Hacking Exposed, this toolkit includes tips and configuration advice for getting the best results from the creators of the top hacking tools in use today.

Editorial Reviews

Review

"...is an awesome complement to any security professional's reference set. Recommended." -- Computerworld; October 7, 2002

From the Back Cover

"This book continues the best-selling tradition of Hacking Exposed--only by learning the tools and techniques of malicious hackers can you truly reduce security risk. Arm yourself today with the Anti-Hacker Tool Kit." -- Joel Scambray, Co-author of Hacking Exposed, Hacking Exposed Windows 2000, and Hacking Exposed Web Applications

Stay one step ahead of even the most cunning hackers with help from this invaluable resource. Through proper use and configuration of key security tools, you'll be able to investigate and resolve existing problems within your network infrastructure with precision and a minimum of fuss. Written by experienced security professionals, this resource provides you with comprehensive coverage of the most important and up-to-date security tools in use today, explains their function, and shows you how to use each tool effectively through in-depth implementation examples and case studies. Learn to detect and prevent system misconfigurations and Web server hacks plus, discover best practices for protecting both large and small networks.

Includes best practices for use and configuration of these key tools:

• Port scanners--Nmap, NetScan, SuperScan, IpEye
• Enumeration tools--Enum, PSTools, and User2SID
• BackDoors--NetBus, Back Orifice, and SubSeven
• Password crackers--Pwltool, SMBGrind, Jack the Ripper, and LSADump2
• Sniffers--Snort, BUTTSniffer, WinDump, and Dsniff
• System Audit tools --Nessus, STAT, ISS Internet Scanner
• Denial of Service tools--Tribe Flood network, Shaft, and Mstreams
• Wardialers­­THC-scan and ToneLoc
• Incident response and forensic tools--TCT, EnCase, FTK, and other file viewers
• Miscellaneous and multi-purpose tools-- Netcat, Getadmin, Fpipe, Fport, VMWare, and many more

See all Editorial Reviews

Product Details

• Paperback: 711 pages
• Publisher: McGraw-Hill Osborne Media; 1 edition (June 25, 2002)
• Language: English
• ISBN-10: 0072222824
• ISBN-13: 978-0072222821
• Product Dimensions: 9 x 7.3 x 1.7 inches
• Shipping Weight: 3.3 pounds
• Average Customer Review: 4.2 out of 5 stars  See all reviews (11 customer reviews)
• Amazon Best Sellers Rank: #1,546,366 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

17 of 18 people found the following review helpful:

4.0 out of 5 stars A good purchase if you don't have the first edition, June 3, 2004

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Anti-Hacker Tool Kit, Second Edition (Paperback)

I reviewed the first edition "Anti-Hacker Tool Kit" (AHT:1E) in August 2002. This second edition (AHT:2E) follows only 18 months after the original was published. I don't believe enough time has passed to warrant an update, even though tools can evolve quickly. In certain aspects the book suffers from a lack of updates from AHT:1E author Keith Jones, who found the publisher's demands onerous. Nevertheless, AHT:2E is a must-buy if you didn't read AHT:1E.

The major additions to AHT:2E include a new chapter on firewalls, which doesn't really add anything new to the common body of security knowledge. A new chapter on host hardening covers Titan and MSec. Tools like THC-Amap, THC-Hydra, HFNetChk, Ettercap, Wellenreiter, and Kismet make appearances as well. Whereas Trinux was only mentioned in the first edition, it gets welcome coverage in the chapter on building live response bootable CDs. Updated material on Nmap, NetScan Tools, SuperScan, Scanline, and commercial forensic suites is included.

The remainder of the book is largely the same. Particularly, chapters on Netcat, X, VMWare, Cygwin, backdoors, source code auditing, port redirection, war dialers, and open source forensics appear very similar to AHT:1E. Deleted from AHT:2E are Whisker, Twwwscan/Arirang, SMBGrind, and Nbaudit. Comparisons with the first edition are somewhat complicated by the rearrangement of tools and chapters in AHT:2E, but I thought the new organization made sense.

Aside from the information on using Trinux, AHT:2E seemed to lack new contributions from an author with real forensic experience. Keith Jones' original material is still present, but advancements in the forensic arena are not covered. For example, AHT:2E should have addressed Keith's tools in the Odessa project, such as Galleta (cookie parsing), Pasco (IE history recovery), and Rifiuti (Recycle Bin examination).

Overall, AHT:2E is an excellent book, but I don't believe a second edition was needed 18 months after the first was published. The AHT look and feel has spawned the "Anti-Spam Tool Kit," which I plan to read and review shortly. Perhaps future AHT books will split out various sections (assessment, forensics, etc.) into separate volumes, making it easier to manage the series.

11 of 11 people found the following review helpful:

3.0 out of 5 stars OK as reference, May 11, 2004

By 

Dr Anton Chuvakin "Dr. Anton Chuvakin" (CA, USA) - See all my reviews

This review is from: Anti-Hacker Tool Kit, Second Edition (Paperback)

While reviewing the second edition of the AntiHacker Toolkit, I managed to keep my general disdain towards tool books (see my review for a first edition) in check. Thus, I managed to find the book more valuable than the first edition.

I liked that the authors framed the book as being "about tools" and not "about security". The book will not teach you security concepts, but rather what the current tools are and (to some extent) how to use them.

The book offers coverage of Windows and UNIX, attack and defense (and investigation) tools. As the authors state, it does indeed make a good companion for "Incident Response" by providing a bit more details on the tools. Reading up on the methodologies before starting on the tools is a good idea.

I also liked that they highlighted the changes and new material added for the second edition. However, if the book offers to cover a laundry list of tools, some omissions look pretty suspicious. Where is Bastille in "Host Hardening"? Where is "scanrand" in scanners? Some tools (such as Nessus and Snort as well as commercial scanners) would have justified a bit more details (due to their relative complexity and diverse functionality).

The book will make a valuable addition to a library of a security professional. Although most or even all of the information there is available online after some googling, having it in one place is not a bad idea.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

14 of 15 people found the following review helpful:

5.0 out of 5 stars Most practical security tool book on the market, August 22, 2002

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Anti-Hacker Tool Kit (Paperback)

"Anti-Hacker Toolkit" (AHT) is a first-rate, hands-on, learn-by-following-along security book. It's advertised as a complement to Foundstone's "Incident Response" and "Hacking Exposed" titles, but it contains more than enough original material to stand on its own. Even if you've used all of the tools described in AHT, you're sure to gain insight on using many of them in unique and creative ways.

Throughout the book, I was impressed by the authors' attention to detail. They seem to have anticipated the sorts of questions both beginners and experts might have regarding numerous security tools. AHT contains balanced material on both UNIX and Windows applications. It is particularly strong with regard to integration of BSD tools. In a world where many believe "free" and "open source" equal "Linux", attention to BSD was very welcome.

Several chapters were especially useful. These included discussions of netcat, the X Windows System, and Windows enumeration using the PStools. Furthermore, over two hundred pages are devoted to incident response and digital forensics. The authors discuss how to image and investigate systems using commercial and open source solutions. I appreciated their desire to steer clear of theory in favor of providing hands-on examples. AHT continues the recent Osborne McGraw-Hill tradition of including numerous case studies which reinforce the proper use of tools in real-world environments.

AHT is a must-have book for 2002. (Note that it is NOT related in any way to the book "Hackers Beware," as alluded to by a previous reviewer.) Even if you've been using security tools for years, you're sure to find new approaches to better assess or secure your enterprise. This book belongs next to any of Foundstone's other titles on your bookshelf.