Customer Reviews

Anti-Hacker Tool Kit, Third Edition

5 star:		(0)
4 star:		(1)
3 star:		(1)
2 star:		(0)
1 star:		(0)

 

 

I reviewed the first edition "Anti-Hacker Tool Kit" (AHT:1E) in August 2002, and the second edition (AHT:2E) in June 2004. AHT:3E was published in February 2006. I continue to like AHT, because it addresses many of the tools an operational security professional should know how to use. I'll point out the differences between AHT:2E and AHT:3E, then offer some suggestions for AHT:4E.

The introduction lists the same "changes in the third edition" that are listed in AHT:2E. I would expect this part of AHT:3E to be different from AHT:2E! Ch 1 adds Netcat6 and mentions SBD. Ch 3 adds Virtual PC and Gnoppix. Ch 4 drops NetScan Tools, SuperScan, and Udp_scan. Ch 5 is updated to talk about Win XP SP2 and Win 2k3 Server. Ch 6 drops HFNetChk but adds MBSAv2 and updates Winfingerprint to 0.6.2. Ch 7 adds Libwhisker and Burp, while dropping Stealth, Achilles, and WebSleuth. Ch 8 drops PassFilt.dll and adds PWDump3 and PWDump4. Ch 9 adds Clamav. Ch 12 drops STAT, Retina, and Internet Scanner, and adds Cain and Able. Ch 18 adds Shokdial. Ch 21 adds FTK Imager and SMART. Ch 22 adds Dcfldd and Split. Ch 24 adds ReadPST, ReadDBX, Encase Forensic, FTK, NetAnalysis, and Web Historian. Ch 25 drops Xvi32. Ch 26 is entirely new, albeit 8 pages.

The following chapters were largely the same: 2, 10, 11, 13-17, 19, 20, and 23. A few may have had a new case study or a minor tweak. Security pro Mike Shema seems to have done a lot of the work revising old material. You can see his command prompt and tool output timestamps showing references to mid-2005.

However, old material from AHT:1E remains, like talk of FreeBSD 4.3 BETA and Red Hat Linux 6.1 (kernel 2.2.12) in Ch 1. The Vnode discussion on pp 653-4 no longer works on FreeBSD, but I posted a new method to my blog.

I believe AHT:3E would merit a fifth star if it dropped clearly old material and beefed up its newer sections. For example, AHT:3E spends 17 pages explaining Tripwire (free and commercial), despite the use of newer open source alternative like Osiris, AIDE, or Samhain. AHT:3E devotes almost 20 pages to really old back doors and remote access tools like Netbus, Back Orifice, SubSeven, and Loki. The book includes 10 pages on Ipchains, which went out of style years ago. I think sections like those should be cut entirely, or maybe moved onto a CD-ROM or Web site, to make room for more detail on Cain and Able and other newer projects.

Overall, I still like AHT:3E, but I would like to see a more thorough scrub in AHT:4E. If you don't have AHT:2E or AHT:1E, you should buy AHT:3E. If you have either of those books, you might want to wait for AHT:4E.

I have the previous version of the book and enjoyed it. I was hoping for more of an update when I bought this version. There is a lot of the material that is still the same. However, it you don't own a previous copy it's a good security book to check out. 3 to 4 stars.