8 of 8 people found the following review helpful
on July 12, 2009
The concept of the book is decent, albeit quite similar to the Stealing the Network series of books, wrapping theoretical hacking attacks into readable stories. Unfortunately, the execution suffers from several problems.
The narratives are all over the place and rarely bear any resemblance to each other. The stories follow the work of "Phoenix", a hacker who alternates from being someone that dresses poorly enough to be mistaken for a homeless person, performing attacks under duress as a shadowy employer threatens his girlfriend, to someone who has quit his job to live in a 3500 square foot house from the income he gets renting out large botnets.
The book suffers from too-many-authoritis, and each author has a very different writing style that makes each story different from the last. One author is very good at working different tools into his story, while one author feels compelled to list every tool that could possibly be used to pick a lock or sniff wireless traffic.
"Although Phoenix will not be using all these tools in his exploit, he could use:
-Tool A: Long description from the tool's website
-Tool B: Long description from the tool's website
-Tool C: Long description from the tool's website"
A few of the attacks are somewhat clever, while the majority are unneccessarily complex, apparently needing to hit a quota of different tools. In an attempt to find out what websites Phoenix's boss is browsing on a computer a few feet away, he decides to not use ARP Poisoning, MAC spoofing, or MAC flooding (although he discusses how each would work) in favor of using phishing to install a trojan to TFTP over a copy of netcat that he uses to manually install WinPcap so that he can trace a TCP stream in Wireshark in order to cut and paste a dump of the network traffic into a Hex Editor to save out a JPEG file. Apparently Phoenix is not a fan of simplicity.
The usage of tools is also all over the place. Sometimes he jumps right into using complex tools, while one story (the particularly egregious social engineering chapter) walks through Phoenix getting confused by how to choose the keyboard language when booting an Auditor CD.
The book would also benefit from another pass by an editor. One chapter begins with a backstory that clearly presupposes the reader has a clue about some past dealings that Phoenix has had with another character. The next story is where Phoenix is introduced to the character for the first time. Elsewhere, Phoenix decides to use his Vista based laptop, and a few pages later he is using that laptop and booting up into Windows XP. While the introduction includes the standard disclaimer that everything in the book is potentially illegal and should only be done in a lab, some authors throughout the book felt compelled to instert similar disclaimers that were unneccessary and should have been caught by the editor.
All-in-all, the book is okay, especially for someone new to the field of penetration testing who would like a little real-world context around how different tools might be use in conjunction with each other. If a second edition of this book is ever released, it could really use another pass by an editor to fix some silly errors and to help the authors speak in a unified voice. For me, the issues I mentioned above made the book somewhat difficult to read and enjoy.
6 of 6 people found the following review helpful
on May 6, 2009
I agree with some of the commentary by previous reviewers, but I think some of it is unduly harsh. I don't think it's strictly necessary for a book to contain brand new security techniques in order to qualify for publication. Book publishing is not the same as releasing a white paper or briefing at Black Hat. However, books should strive to *not* cover ground published in other books, or even in well-written white papers. In that respect I think Chained Exploits strikes a good balance. The book's novelty relies on presenting complete, technical examples of a variety of "intrusion missions." While not necessarily groundbreaking for experienced offensive security people, Chained Exploits will be informative for broader technical audiences.
On the positive side, I thought the cases were well written. The authors did a good job explaining the entire case, with an introduction, body, and summary. This was helpful when the cases later in the book got more complex. The nature of the cases was interesting, with a good amount of variety. On the negative side, I think Phoenix would have been caught and imprisoned fairly easily for some of his exploits. Anytime he interacted with the physical world, in person, near his home, he became an easy target for law enforcement. His computer tactics weren't too sharp either, as noted by other reviewers. I would have liked seeing the book end with a raid on his house, followed by a list of the ways he exposed his identity to the cops. On a minor note, the authors should have supplied better images to the publisher -- many are fuzzy.
If you liked the Hackers Challenge and Stealing the Network book series, and you want something a little more modern and complicated, you'll like Chained Exploits.
14 of 17 people found the following review helpful
on April 12, 2009
I looked forward to Chained Exploits (CE) by Whitaker, Evans and Voth with much anticipation as the concept is a much needed addition to the lexicon on information security. Often academic fields are severely limited by the vocabulary available to discuss issues and the "chained exploit" is sure to become a mainstay in the discourse of information security. Despite my enthusiasm for the concept, however, I was disappointed by the material presented in CE. The genius of the chained exploit is that it upends the traditional threat matrix, typically presented as:
[value of resource] x [likelihood of exploit] = [risk level]
For example, a high value resource that is unlikely to be exploited should be ranked as a low risk, as should a low value resource that is likely to be exploited. Think of this in terms of a temporary database of publically available information used to populate a user demonstration website that is wiped out every 24 hours. If that information is compromised it has no value, so even if the compromise is likely it is a low risk system. Conversely if a system that contains critical financial information is confined to a single workstation that is removed from any networking and housed in a guarded facility it too is a low risk system (since the likelihood of compromise is low).
Unfortunately many auditors make risk assessments based on circumstances in a vacuum. This is where the concept of "chained exploits" becomes so valuable. For instance, if a vulnerability were discovered in a local binary accessible to users that allows privilege escalation, but the local binary exists on a system that has no users (other than administrators who already have root privileges) it is often considered a low risk. Many times patches for these sorts of vulnerabilities are not installed because the patch could introduce instability and would not be considered worthy of the expense given the low risk. Similarly a vulnerability could be discovered in a web service that when exploited could allow a remote attacker to gain an unprivileged local account that, say, only had access to read and write to the /tmp directory. This could also be considered a low risk since such limited access wouldn't present any threat to the system. However, if you "chained exploits" for the two vulnerabilities you suddenly have a condition where a remote attacker can gain a local account and elevate their privilege! This contravenes the low risk ranking of the individual vulnerabilities. When combined they suddenly become a very high risk to the system.
It was this sort of "chain" that I hoped CE would explore. Instead the material presented in the book consisted of context to several high risk vulnerabilities to explain why they might be used in tandem. For instance, the book would propose a scenario where a remote attacker installed a backdoor rootkit on a corporate network workstation then used that workstation to access the central database using default system administrator credentials. Each of the conditions used in these "chains" are extremely high risk already, and thus the book doesn't present any new material for seasoned information security professionals to consider.
For a novice this book is a great resource. It is full of the sorts of horror stories that professionals are all too familiar with, but could potentially be eye opening for a neophyte or someone unfamiliar with computer security. At the very least it is a page turning exploration of very real and often under appreciated risks to enterprises.
I was disappointed that the book didn't raise the level of discourse in the information security field but I suspect that wasn't the point of Chained Exploits. Instead it reads like a greatest hits sequence prepared by veteran penetration testers. It makes for interesting reading, but it isn't particularly informative. Don't look for any new 0 day exploits (or even a discussion of how to find such flaws). Instead the book contains a litany of well known routes to system compromise and illustrative narratives that tie them together in real world scenarios.
3 of 3 people found the following review helpful
on May 3, 2009
From the Description:
"Nowadays, it's rare for malicious hackers to rely on just one exploit or tool; instead, they use "chained" exploits that integrate multiple forms of attack to achieve their goals. Chained exploits are far more complex and far more difficult to defend. Few security or hacking books cover them well and most don't cover them at all. Now there's a book that brings together start-to-finish information about today's most widespread chained exploits-both how to perform them and how to prevent them.
Chained Exploits demonstrates this advanced hacking attack technique through detailed examples that reflect real-world attack strategies, use today's most common attack tools, and focus on actual high-value targets, including credit card and healthcare data. Relentlessly thorough and realistic, this book covers the full spectrum of attack avenues, from wireless networks to physical access and social engineering."
It took me awhile to decide on a star rating for this book. It had lots of very good pro's and to me several significant cons. So the pro's: I couldn't think of another book that approaches the problem from the "chained exploit" perspective meaning one exploit doesn't give you the keys to the kingdom or your final end state. Now, for the last 10 years we've had the Hacking Exposed Methodology which essentially tells us "how to chain exploits together" but doesn't actually walk you through the process during a chapter of a book or share the process in the "story" format that Chained Exploits does. The Hacker's Challenge series of books is similar but the Chained Exploits book gives you a bit more technical detail (code snippits, metasploit output, etc) than the Hacker's Challenge books. The countermeasures in Chained Exploits are also valuable and usable which is refreshing because they usually seem like an afterthought and less of a major piece of other books.
OK so the cons:
So the "chained exploit" approach is valuable from a teaching point of view but anybody that pentests for a living has been doing this for awhile now, its just part of "the process." Its certainly not new to the security community but maybe new to print. You could also argue that chaining reconnaissance with the sending of our phishing email really isn't "chaining" anything, again its our process of attack or methodology. Our attacker phoenix, for being such an evil black hat, makes some gross errors that go unmentioned in the book. One of the biggest errors was testing code on his home system that actually sends traffic to the later victim. A halfway decent admin with some Law Enforcement help will trace that activity right back to the source...his apartment. That leads me into my final con about the book. The book, while technically correct and well written, was not overly technical or employing many new techniques. I felt like most of the attacks mentioned in the book were pretty old and had been discussed in a lot of other places. I would have liked to have seen much more technical attacks carried out. There was no mention of semi-advanced techniques like IDS evasion, AV evasion and detection, or stealthiness. We don't live in a day and age anymore where i can push netcat to most Windows systems and not expect AV to catch it or IDS to signal on the traffic. The authors were certainly capable of more advanced technical content but did not deliver.
1 of 1 people found the following review helpful
on April 16, 2010
I purchased this book recently at a security conference along with a moderate discount. After reading I'm happy to say that a discount was applied. The book is a set of eight (8) short stories that follows a fictitious character named "Phoenix" as he completes various "Chained Exploits" to take over targets. The book does a great job keeping the reader's attention with the sometimes confusing storyline. The creative thinking the authors used wouldn't be my first choice in the attack scenarios, but it appears to work. The book makes a great reference for security students or novice professional but unfortunately the book falls short on the advanced side and instead should be titled "CHAINED EXPLOITS: Hacking Attacks from Start to Finish.
1 of 1 people found the following review helpful
on July 6, 2014
I'm only the first chapter through the book. What I didn't like was the obvious mistakes of having default settings, plus the fact that the author doesn't explain how he makes it from the dev environment to the production one??? But the default username + password is the real problem here. I will evolve that review when I go deeper into the book, if that's appropriate.
1 of 1 people found the following review helpful
on March 25, 2014
This book is helpful for beginners and more advanced security folks. It is well written and I really like that I don't have to read it from cover to cover. I can simply skip around to the chapters that interest me for attacks I haven't seen in the past or if I need a refresher in some hacking attacks/techniques.
3 of 4 people found the following review helpful
on April 29, 2009
The book fails to push into any new territory. It tells stories that any penetration tester is familiar with, but doesn't exceed in any particular area. It would have been nice if the authors included new or novel attacks and tools to make "chained exploits" their own rather than standard community material.
on May 13, 2015
I haven't come across many books published by Addison Wesley that openly acknowledge the illegal nature of their content. Chained Exploits introduces the reader right from the start to criminal hacking and freely admits this information for what it is: tools to help you secure your network by teaching you advanced attacks. You might shun this approach if you were an ethical hacker or a researcher. For the rest of us, this is a much needed eye opener to the real exploits occurring daily across networks.
The book was written in 2009. The authors managed to do something else that I found very surprising: they use the command line interface (CLI). Instead of teaching tools and scripts, the writers focused on how operating systems allow certain functions to be executed. This isn't basic sql injections either. This book goes into hidden system commands that may have been left on during development, debugging or default.
Each chapter follows the adventures of a criminal hacker named Phoenix (new Linux). This character has plenty of motivation to explain his reasons for his unlawful behavior. The writers do a great job of bringing the hacker to life and entertaining the reader. Most of the time you are cheering for Phoenix as you are shown exactly what he does to penetrate a wireless network, have revenge against his boss, taking down a web server, accessing health records or attacking social network sites.
Each chapter cover the reasons for the attack, how the attack is planned and executed, a few errors along the way, attack success and finally ways to counter attack such an event. There are some far fetched situations but those are thrown in mainly for amusement and not for technical correctness. Kids don't sit around handing strangers WiFi access information. It does move the story along and that is the main point.
For the sake of due diligence certain steps are omitted from some attacks. I have been guilty of doing the same thing to prevent legal ramifications from jaded readers. The reader can easily research the missing steps on their own. It is much cheaper to do this than it would be to have lawyers on retainer all the time.
Chained Exploits may seem thin at 279 pages. This should be taken into consideration when you spend several hours trying to completely understand the first ten pages of each exploit, though. The exploits are a work of art. They are beautiful to look at and should be admired like any masterpiece of artwork. I found myself staring at each page as if I were looking at a supermodel in a bikini. They are brilliant even though some are outdated. The concepts are pure and repeatable, like an elegant math formula or an exotic car.
In many ways this book is a loaded gun. You want to head over to your keyboard and try out these techniques. Be mindful that they are illegal if performed on a system you are not authorized to access. Set up a virtual machine and explore on your own network. It is tempting to repeat the sets you see Phoenix do but don't unless you want someone knocking on your front door. You won't like who is on the other side of that door when they do knock.
The best part of each chapter is the countermeasures. Here the authors cover simple methods to avoid these attacks. Not all of the countermeasures work though because there are so many people involved in a network that anyone of of them could leave an opening unattended. The countermeasures aren't your average change passwords, update software type advice. The authors provide solid responses and preventive techniques to get your network into a more secure state.
The book is fun but filed with amazing material. You will not find this type of information in any certification or training manual. These are advanced methods used by real world threats, not pen testers. If pen testing were a magazine filled with models in swim suits than this book is hard core porn. Cover your eyes or ignore the fact that this information exists.
Either way, this is one hell of a book.
on April 8, 2015
Okay, so I read the whole book. I first started it when I was trying to learn about XSS. At first, I was confused because I had thought everything was vulnerable, so when I tried penetration testing, I thought I was a horrible tester. So, I wanted a book that teaches you, assuming everything is vulnerable.
So, instead of reading the rest of the book hoping to learn how to successfully perform XSS penetration testing, I decided to just learn other hacking techniques. And out of all the books I've read, I can honestly say, this is the best book I've read about hacking. Actually, its supposed to be a security book, but it teaches you a bunch of hacking techniques. Out of all the hacking books I've read, I don't think I've read anything that comes close to this (well, except for Aggressive Network Self Defense by Neil R. Wyler and Bruce Potter). Chained Exploits (as well as Aggressive Network Self Defense, and also numerous others, such as Metasploit: The Penetration Tester's Guide by David Kennedy and Jim O'Gorman, as well as some videos [Learning Advanced White Hat Hacking and Penetration Testing - Training DVD
by Infiniteskills]) is the most informative hacking book you will ever find.
The reason I say that, is because most hacking books tell you about the technologies. But, this book gives you stories, and it shows you the tools as they're being used, not in a general way, but in an explicit way. They actually perform the attacks with the intention of breaking into computers and networks. And each chapter has a story of its own, all with different hacking techniques! Of course its a security book, but if you are trying to learn how to hack and you don't care about jail, this is the best book you can find (Just saying!). If they come out with a volume 2 or a second edition, with modern attacks on Windows 8.1 and raspberry pi and kali, I would be so excited to buy it =)