Customer Reviews

Anti-Hacker Tool Kit, Second Edition

5 star:		(6)
4 star:		(2)
3 star:		(2)
2 star:		(1)
1 star:		(0)

 

 

I reviewed the first edition "Anti-Hacker Tool Kit" (AHT:1E) in August 2002. This second edition (AHT:2E) follows only 18 months after the original was published. I don't believe enough time has passed to warrant an update, even though tools can evolve quickly. In certain aspects the book suffers from a lack of updates from AHT:1E author Keith Jones, who found the publisher's demands onerous. Nevertheless, AHT:2E is a must-buy if you didn't read AHT:1E.

The major additions to AHT:2E include a new chapter on firewalls, which doesn't really add anything new to the common body of security knowledge. A new chapter on host hardening covers Titan and MSec. Tools like THC-Amap, THC-Hydra, HFNetChk, Ettercap, Wellenreiter, and Kismet make appearances as well. Whereas Trinux was only mentioned in the first edition, it gets welcome coverage in the chapter on building live response bootable CDs. Updated material on Nmap, NetScan Tools, SuperScan, Scanline, and commercial forensic suites is included.

The remainder of the book is largely the same. Particularly, chapters on Netcat, X, VMWare, Cygwin, backdoors, source code auditing, port redirection, war dialers, and open source forensics appear very similar to AHT:1E. Deleted from AHT:2E are Whisker, Twwwscan/Arirang, SMBGrind, and Nbaudit. Comparisons with the first edition are somewhat complicated by the rearrangement of tools and chapters in AHT:2E, but I thought the new organization made sense.

Aside from the information on using Trinux, AHT:2E seemed to lack new contributions from an author with real forensic experience. Keith Jones' original material is still present, but advancements in the forensic arena are not covered. For example, AHT:2E should have addressed Keith's tools in the Odessa project, such as Galleta (cookie parsing), Pasco (IE history recovery), and Rifiuti (Recycle Bin examination).

Overall, AHT:2E is an excellent book, but I don't believe a second edition was needed 18 months after the first was published. The AHT look and feel has spawned the "Anti-Spam Tool Kit," which I plan to read and review shortly. Perhaps future AHT books will split out various sections (assessment, forensics, etc.) into separate volumes, making it easier to manage the series.

While reviewing the second edition of the AntiHacker Toolkit, I managed to keep my general disdain towards tool books (see my review for a first edition) in check. Thus, I managed to find the book more valuable than the first edition.

I liked that the authors framed the book as being "about tools" and not "about security". The book will not teach you security concepts, but rather what the current tools are and (to some extent) how to use them.

The book offers coverage of Windows and UNIX, attack and defense (and investigation) tools. As the authors state, it does indeed make a good companion for "Incident Response" by providing a bit more details on the tools. Reading up on the methodologies before starting on the tools is a good idea.

I also liked that they highlighted the changes and new material added for the second edition. However, if the book offers to cover a laundry list of tools, some omissions look pretty suspicious. Where is Bastille in "Host Hardening"? Where is "scanrand" in scanners? Some tools (such as Nessus and Snort as well as commercial scanners) would have justified a bit more details (due to their relative complexity and diverse functionality).

The book will make a valuable addition to a library of a security professional. Although most or even all of the information there is available online after some googling, having it in one place is not a bad idea.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

"Anti-Hacker Toolkit" (AHT) is a first-rate, hands-on, learn-by-following-along security book. It's advertised as a complement to Foundstone's "Incident Response" and "Hacking Exposed" titles, but it contains more than enough original material to stand on its own. Even if you've used all of the tools described in AHT, you're sure to gain insight on using many of them in unique and creative ways.

Throughout the book, I was impressed by the authors' attention to detail. They seem to have anticipated the sorts of questions both beginners and experts might have regarding numerous security tools. AHT contains balanced material on both UNIX and Windows applications. It is particularly strong with regard to integration of BSD tools. In a world where many believe "free" and "open source" equal "Linux", attention to BSD was very welcome.

Several chapters were especially useful. These included discussions of netcat, the X Windows System, and Windows enumeration using the PStools. Furthermore, over two hundred pages are devoted to incident response and digital forensics. The authors discuss how to image and investigate systems using commercial and open source solutions. I appreciated their desire to steer clear of theory in favor of providing hands-on examples. AHT continues the recent Osborne McGraw-Hill tradition of including numerous case studies which reinforce the proper use of tools in real-world environments.

AHT is a must-have book for 2002. (Note that it is NOT related in any way to the book "Hackers Beware," as alluded to by a previous reviewer.) Even if you've been using security tools for years, you're sure to find new approaches to better assess or secure your enterprise. This book belongs next to any of Foundstone's other titles on your bookshelf.

In just the few months since it has been published, I have used The Anti-Hacker Toolkit countless times as a reference...move over Webster! The book has been invaluable as it provides a comprehensive yet concise discussion on each tool. The Anti-Hacker Toolkit covers everything from installation to implementation and everything in between! Section IV on Forensics and Incident Response has been an especially useful guide in reconstructing e-mail and browsing history. It is an un-biased, get "down and dirty" guide to security tools that every computer security professional should read. Jones, Johnson and Shema are to Computer Security what Bob Vila is to Home Improvement.

If you are tired of cloudy, non-specific examples relating to security, this book is great. It details, with examples, exactly how to perform security functions. I use it for a research group I am heading (www.nmt.edu/~ccravens) and it is definitely an incredible find for our purposes.

PS- A Reader, having never read the book, whenever you come out with your next best seller, lemme know, I might be interested! ;)

'Hackers Beware', is a very useful book, no doubts. But its son: 'Anti-Hacker Toolkit' is by far, the most useful 'practical' book in the area of computer security. Tons. (I do mean Tons.) of cases and scenarios are thoroughly reviewed. Any relevant TOOL (offensive or defensive) is explored, lot of case studies are presented (in depth), and as an added bonus, almost every scenario is discussed both for Windows and UNIX.
It is not a theoretical book, it is a real 'learn by understanding how to hack' book. However,even if no too much, you'll need some basic knowledge about the area, to take full advantage of this book.
Needless to say the companion CD is, not only multi platform, but FULL of valuable tools.
I have reviewed a lot of security books (good books), but this one really impressed me very much.The forensic chapters alone, justify buying the book !!

Anti Hacker Toolkit is one of the best security books which i came across.
Being a beginner in the field of computer security, i was a bit apprehensive of goin thru this book.
This is the most comprehensive guide which is worth every cent, if u ever read one of the hacking exposed series.

While I admit that my low grade for this book stems from my prejudice against "tool books" (also known as "rephrase the man page"), the book indeed contains the biggest collection of command line options and screen shots gathered under one cover that ever saw the light of the day. The authors boast an impressive skill using (or, maybe, just describing) tools from Sub7 to snort and all the way to Outlook Express (by the way, featured as a forensic tool).

This book, as other "tool books" currently in publication, is a list of network and system softwares with short (from one to several pages) descriptions. The descriptions provide little insight on how to use the tool BEST and how it compares to other methods of doing the same job. Tool books also get old very fast, thus providing publishers with a steady stream of revenue from selling "new" editions.

The book also has minor problems with presentation style. While Windows email forensics can indeed be done with the help of Outlook, it probably does not earn make it title of a "Internet activity recovery tool". While snort (deemed to be "hard to use" by the authors) is indeed a sniffer, it most common use is for intrusion detection.

Case studies in the book are somewhat fun and strive to illustrate the tool usage. In fact, without them the book will suffer significantly. Another advantage is an amazing breadth of coverage: from wireless tools to phone scanners and web exploit to forensics kits, the book has it all. Be aware, that a large portion of the tools (such as X Window system, VMWare, Midnight Commander and QuickView) are not security tools, but can be used while doing security projects.

Overall, the book will save some time searching the web for the same information and might appeal to those with little or no security experience. It will also be useful for people too lazy to type "toolname -h" (for UNIX tools) or click "Help" (for Windows tools). The book seems to be written by knowledgeable people and the information contained therein is mostly accurate.

...

Very good book with all the essentials integrated into one book and the companion cd adds to it.

This book has helped me out a great deal in understanding how hackers do what they do. Now I more aware of what I can do to prevent being hacked, or is crackd?
This book is not for beginnners in the aspect that alot of it is command line programs, however, it is easy to understand how it works.