Anti-Hacker Tool Kit, Second Edition [Paperback]

Mike Shema (Author), Bradley C. Johnson (Author)

Book Description

ISBN-10: 0072230207 | ISBN-13: 978-0072230208 | Publication Date: December 25, 2003 | Edition: 2

“[This book] continues the best-selling tradition of Hacking Exposed--only by learning the tools and techniques of malicious hackers can you truly reduce security risk. Arm yourself today with The Anti-Hacker Tool Kit.” --Joel Scambray, co-author of Hacking Exposed, Hacking Exposed Windows 2000, and Hacking Exposed Web Applications and Senior Director of Security for Microsoft’s MSN

Editorial Reviews

Review

"...is an awesome complement to any security professional's reference set. Recommended." -- Computerworld; October 7, 2002 --This text refers to an out of print or unavailable edition of this title.

From the Back Cover

“Using these tools yourself during an audit will help you find the weaknesses in your systems. This is an excellent reference book--one I plan to keep handy.” --Simple Nomad, Noted security expert and author of The Hack FAQ and Pandora

Put an End to Hacking. Stop hackers in their tracks using the tools and techniques described in this unique resource. Organized by category, Anti-Hacker Toolkit provides complete details on the latest and most critical security tools, explains their function, and demonstrates how to configure them to get the best results. New and updated case studies in each chapter illustrate how to implement each tool in real-world situations. Protect your network and prevent disasters using the cutting-edge security tools and exclusive information in this completely up-to-date volume.

Explains how to configure and use these and other key tools:

• Port scanners: Nmap, SuperScan, IpEye, Scanline
• Enumeration tools: smbclient, nbtstat, Winfingerprint
• Web vulnerability scanners: Nikto, WebSleuth, Paros, wget
• Password crackers: PAM, John the Ripper, L0phtCrack
• Backdoors: VNC, Sub7, Loki, Knark
• System auditing tools: Nessus, Retina, STAT, Tripwire
• Packet filters and firewalls: IPFW, Netfilter/Iptables, Cisco PIX
• Sniffers: snort, BUTTSniffer, TCPDump/WinDump, Ethereal
• Wireless tools: NetStumbler, Wellenreiter, kismet
• War dialers: ToneLoc, THC-Scan
• Incident response tools: auditpol, Loggedon, NTLast
• Forensics tools: EnCase, Safeback, Ghost, md5sum, FTK
• Miscellaneous tools: Netcat, Fpipe, Fport, Cygwin, and many more

CD-ROM contains all the security tools discussed in the book

About the authors: Mike Shema is the Director of Research for NT Objectives, Inc. He is the author of HackNotes Web Security Pocket Reference and co-author of Hacking Exposed Web Applications, both from McGraw-Hill/Osborne. Bradley C. Johnson is a network security specialist with a great deal of experience designing, implementing, and maintaining secure networks. He is the co-author, with Mike Shema, of the first edition of this book.

See all Editorial Reviews

Product Details

• Paperback: 840 pages
• Publisher: McGraw-Hill Osborne Media; 2 edition (December 25, 2003)
• Language: English
• ISBN-10: 0072230207
• ISBN-13: 978-0072230208
• Product Dimensions: 9.1 x 7.3 x 1.7 inches
• Shipping Weight: 3 pounds
• Average Customer Review: 4.2 out of 5 stars  See all reviews (11 customer reviews)
• Amazon Best Sellers Rank: #1,354,083 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

17 of 18 people found the following review helpful:

4.0 out of 5 stars A good purchase if you don't have the first edition, June 3, 2004

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Anti-Hacker Tool Kit, Second Edition (Paperback)

I reviewed the first edition "Anti-Hacker Tool Kit" (AHT:1E) in August 2002. This second edition (AHT:2E) follows only 18 months after the original was published. I don't believe enough time has passed to warrant an update, even though tools can evolve quickly. In certain aspects the book suffers from a lack of updates from AHT:1E author Keith Jones, who found the publisher's demands onerous. Nevertheless, AHT:2E is a must-buy if you didn't read AHT:1E.

The major additions to AHT:2E include a new chapter on firewalls, which doesn't really add anything new to the common body of security knowledge. A new chapter on host hardening covers Titan and MSec. Tools like THC-Amap, THC-Hydra, HFNetChk, Ettercap, Wellenreiter, and Kismet make appearances as well. Whereas Trinux was only mentioned in the first edition, it gets welcome coverage in the chapter on building live response bootable CDs. Updated material on Nmap, NetScan Tools, SuperScan, Scanline, and commercial forensic suites is included.

The remainder of the book is largely the same. Particularly, chapters on Netcat, X, VMWare, Cygwin, backdoors, source code auditing, port redirection, war dialers, and open source forensics appear very similar to AHT:1E. Deleted from AHT:2E are Whisker, Twwwscan/Arirang, SMBGrind, and Nbaudit. Comparisons with the first edition are somewhat complicated by the rearrangement of tools and chapters in AHT:2E, but I thought the new organization made sense.

Aside from the information on using Trinux, AHT:2E seemed to lack new contributions from an author with real forensic experience. Keith Jones' original material is still present, but advancements in the forensic arena are not covered. For example, AHT:2E should have addressed Keith's tools in the Odessa project, such as Galleta (cookie parsing), Pasco (IE history recovery), and Rifiuti (Recycle Bin examination).

Overall, AHT:2E is an excellent book, but I don't believe a second edition was needed 18 months after the first was published. The AHT look and feel has spawned the "Anti-Spam Tool Kit," which I plan to read and review shortly. Perhaps future AHT books will split out various sections (assessment, forensics, etc.) into separate volumes, making it easier to manage the series.

11 of 11 people found the following review helpful:

3.0 out of 5 stars OK as reference, May 11, 2004

By 

Dr Anton Chuvakin "Dr. Anton Chuvakin" (CA, USA) - See all my reviews

This review is from: Anti-Hacker Tool Kit, Second Edition (Paperback)

While reviewing the second edition of the AntiHacker Toolkit, I managed to keep my general disdain towards tool books (see my review for a first edition) in check. Thus, I managed to find the book more valuable than the first edition.

I liked that the authors framed the book as being "about tools" and not "about security". The book will not teach you security concepts, but rather what the current tools are and (to some extent) how to use them.

The book offers coverage of Windows and UNIX, attack and defense (and investigation) tools. As the authors state, it does indeed make a good companion for "Incident Response" by providing a bit more details on the tools. Reading up on the methodologies before starting on the tools is a good idea.

I also liked that they highlighted the changes and new material added for the second edition. However, if the book offers to cover a laundry list of tools, some omissions look pretty suspicious. Where is Bastille in "Host Hardening"? Where is "scanrand" in scanners? Some tools (such as Nessus and Snort as well as commercial scanners) would have justified a bit more details (due to their relative complexity and diverse functionality).

The book will make a valuable addition to a library of a security professional. Although most or even all of the information there is available online after some googling, having it in one place is not a bad idea.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

14 of 15 people found the following review helpful:

5.0 out of 5 stars Most practical security tool book on the market, August 22, 2002

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Anti-Hacker Tool Kit (Paperback)

"Anti-Hacker Toolkit" (AHT) is a first-rate, hands-on, learn-by-following-along security book. It's advertised as a complement to Foundstone's "Incident Response" and "Hacking Exposed" titles, but it contains more than enough original material to stand on its own. Even if you've used all of the tools described in AHT, you're sure to gain insight on using many of them in unique and creative ways.

Throughout the book, I was impressed by the authors' attention to detail. They seem to have anticipated the sorts of questions both beginners and experts might have regarding numerous security tools. AHT contains balanced material on both UNIX and Windows applications. It is particularly strong with regard to integration of BSD tools. In a world where many believe "free" and "open source" equal "Linux", attention to BSD was very welcome.

Several chapters were especially useful. These included discussions of netcat, the X Windows System, and Windows enumeration using the PStools. Furthermore, over two hundred pages are devoted to incident response and digital forensics. The authors discuss how to image and investigate systems using commercial and open source solutions. I appreciated their desire to steer clear of theory in favor of providing hands-on examples. AHT continues the recent Osborne McGraw-Hill tradition of including numerous case studies which reinforce the proper use of tools in real-world environments.

AHT is a must-have book for 2002. (Note that it is NOT related in any way to the book "Hackers Beware," as alluded to by a previous reviewer.) Even if you've been using security tools for years, you're sure to find new approaches to better assess or secure your enterprise. This book belongs next to any of Foundstone's other titles on your bookshelf.