Customer Reviews

Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)

5 star:		(41)
4 star:		(6)
3 star:		(1)
2 star:		(1)
1 star:		(1)

 

 

I am a senior engineer for network security operations, who has taught SANS, InfraGard, and FIRST audiences. Since late 1998 I've been looking for the one book I could recommend to newcomers to the digital security realm. Ed Skoudis' "Counter Hack" is that book. My previous reviews show I don't shelter weaker books, and I reserve praise for truly deserving titles. "Counter Hack" is a solid, accessible, practical title that merits my highest recommendation.

"Counter Hack" contains all I could ask for in an introductory book. Chapters three (30 pages) and four (40 pages) provide the basics of UNIX and Windows (respectively). For each operating system, one reads about file architecture, accountability, privileges, trust, and services. Armed with this background, "Counter Hack" then explains reconnaissance, scanning, application/OS-based attacks, network-based attacks, denial of service, maintaining access, and covering tracks. Each chapter is thorough and very well written. Chapter twelve's three attack scenarios are a fitting conclusion, showing how the earlier tactics are utilized in realistic network intrusions.

Veterans will find "Counter Hack" useful too. Some of the topics receiving exceptionally good coverage are Route's "Firewalk" tool, IDS evasion techniques, the Achilles web proxy/attack tool, netcat relays, Reverse WWW Shell, and Covert_TCP. "Counter Hack" includes the single clearest, most concise explanation of stack-based buffer overflows I've read. It offers novel material, like a comparison of netcat's superiority to telnet, and implementing source routing attacks. Most of these discussions include excellent diagrams and well-documented command line instructions.

"Counter Hack" is not perfect. I think the mentions of sequence numbers could be more accurate (ACK with ISN B+1 rather than simply ISN B, for example). Also, early in the book MAC addresses are shown with four bytes, when they are actually six bytes. These minor errors were the only ones I found, however.

If you are a new player in the security arena, I highly recommend reading "Counter Hack." I plan to buy several copies for my office. It's the single most useful volume published for entry level security personnel, and it also contains material which veterans will appreciate.

(Disclaimer: I received a free review copy from the publisher.)

This is a "fun to read" book that fully describes the methodology of hacking attacks. It is by far the most enjoyable book I have read on the subject. The book is not a textbook or a reference book, yet I found that I learned a lot while I read it and I have continuously referenced it for specifics of the techniques that are described.
Ed starts by providing short intros to UNIX, NT and IP networking, which provide valuable info to readers who don't have good backgrounds in all three. He then walks the reader through the typical steps of an attack. Each of the sections, Reconnaissance, Scanning, Gaining and Maintaining Access and Covering Your Tracks contain well-written, up-to-the minute descriptions of the current methodologies found in the field as well as descriptions of the tools that are used.
He references the authors of the tools and points to their web-sites. There is great info on Sam Spade, THC-Scan, Cheops, nmap, nessus, IDS evasion techniques, buffer overflows, L0phtCrack, John the Ripper, Dsniff, Hunt, Netcat, TFN2K, BO2K, RootKit and others. Yet this isn't a set of man pages or an attempt to prove that he knows more tools than anyone else does. The usage of each tool is described in the context of the methodology that he is explaining.
My favorite chapter is "Putting it all Together: Anatomy of an Attack", where Ed describes three different "real-life" attack scenarios. In each scenario, fictional hackers use the tools and methodologies described in the earlier chapters to break the security of fictional target companies. This chapter really ties it all together!
Anybody who has heard Ed speak at numerous conferences will recognize his fun, fact-filled, informative style. This book is suitable for system administrators, technical experts, security practioners and business executives. I would recommend this book to everyone interested in the security of their systems and networks.

Please note this review is for the 2nd Edition of this book
While "Counter Hack Reloaded" by Skoudis is an `Updated Edition of the Best-Seller' (per the book's cover), Counter Hack Reloaded (CHR) is really a new book in it's own right. CHR has gone through an extensive revision and is fully updated to meet today and tomorrow's emerging threats (i.e. wireless attacks). While 50% of the tools/exploits that are discussed in this book can be found in other `hack' books, the tools/exploits have been fully updated and document the latest commands. See page 21 of for a detailed explanation of CHR's updates.

Some quick points of interest for me:
* Page 228 - excellent, quick description of DNS's characteristics (when DNS uses UDP vs TCP).
* Page 264 - good explanation of UDP vs ICMP pings (something to remember when troubleshooting connectivity from different platforms).
* Chapter 7 - Gaining Access at the OS and App level - very good discussion of buffer overflows. The chapter also provides an updated list of access tools (i.e. WebGoat & password crackers).
* Chapter 8 - Gaining Access via Network Attacks - great explanation of man-in-the-middle attacks by DSniff and Ettercap. I also enjoyed the explanation of NetCat (everyone's friend).
* Chapter 9 - Denial of Service Attacks - the discussion on SYN cookies was new to me.

While I thought chapter 2, Networking, deserved it's place, I thought that chapter 3, UNIX, went a little off course. I also thought that the 2nd half of chapter 5, Reconnaissance, was of much more value than the first half of chapter 5. Page 138 had a weak description of salting. All these demotions are trivial issues, and do not distract from the overall supremacy of CHR.

Overall, I greatly enjoyed "Counter Hack Reloaded" by Skoudis. It is an update to a classic, that like the first edition, does not disappoint.

I give this book 5 pings out of 5:
!!!!!

Counter Hack is a great book overall. It encapsulates all that should be a good technical book. It's easy to read, easy to follow, contains lots of useful information, and doesn't bog down the reader with useless specifications or incredibly obtuse details.

From the view of a security newbie, this book provides an all-encompassing view of hacking and counteracting it. The book starts out with a simple introduction to various system and network technologies, and then details the ways to hack into, and then prevent hacking into these technologies. The book takes a great view in each chapter. First it explains the evil hacker's view and how they could exploit vulnerabilities and weaknesses. Then it follows it up with how to shore everything up and prevent such hacking.

This book also goes into the tools, websites, and methods to hack and to counter hack, providing an invaluable reference without annoying the reader with too much information. Include this with its remarkable readability, and I would say this should be required reading for anyone administrating networks or writing software applications.

In short, I could not imagine a better security book around.

For those of you out there who are new to computer security, or who understand theory and concepts and want some practical explanations about what's out there, this is a book you cannot do without. If you are really serious about wanting to know details about what you are up against when protecting your organization, or your PC from attacks you will not just want to glance through the book but read it from cover to cover. The is not a book that will teach you theory about encryption, PKI and all the mathamatical and computer science concepts that Computer Science or Computer Engineering majors usually learn. There are plenty of good books out there for that. This book is more of a practical hands-on approach to how attacks are executed and how to stop and defend against them.
Ed Skoudis has really done a phenomenal job presenting the material in an organized, easy-to-follow format without making it like a 'security for dummies' type of book. He gives you knowledge and techniques you can apply. Ed begins with 3 chapters on the basics of TCP/IP, UNIX and Windows NT/2000. I found these three chapter very helpful in preparing for the rest of the book even though I have read books on and worked with all three before. Ed presents a few ideas about the vulnerabilities of these systems without going into detail. That comes later. Then he serves up the main course. The 5 phases of an attack are outlined and the following is a brief description:

Phase 1: How do attackers do research on their targets ? This includes web sites where they look up their info, social engineering techniques, etc.
Phase 2: How do they find vulnerable systems ? This includes war dialers, port scanners, network mappers etc. He also gives you detailed information about where you can find these tools how to use the most popular ones and how they actually work internally.
Phase 3: What can an attacker actually do once he has found the vulnerabilities in your system and breached security ? This tells you about cracking passwords in UNIX and NT, how to attack web apps by finding bad cgi scripts, stack buffer overflows, packet sniffing, IP spoofing, etc. This once again has detailed explanations on where to get the tools and how they are used.
Phase 4: How does the attacker maintain access to the system ? This tells you about trojan horses, back doors, Rootkits, etc
Phase 5: How does the attacker cover his tracks ?

Ed finally ties it all together by describing attacks using the phases and tools he talks about above with examples along with a discussion of mistakes made by system admins. I should also mention that for all the attacks mentioned in the book, Ed always fills you in on how to defend against them so you don't feel like you are fighting a losing battle as a system admin. The book is written in a way that is very easy to follow. It is almost like someone standing in front of you in a classroom and explaining things to you. Ed uses personal experiences along with light-hearted comments about system administrators and hackers that will make you smile so that the reading doesn't stay too serious.

This book is worth reading and keeping as a reference. I gave it 5 stars because it is the best book I have seen on practical computer security.

This has got to be one of the best books that I've read on computer security, hands down. Ed obviously put a great deal of time and creativity into designing a book that would give a system/network administrator exactly what s/he needs to do useful computer security work: a solid understanding of the fundamentals. He follows that up with excellent descriptions and tutorials on the hacking process, including tools and techniques. I loved Ed's introductory chapters, titled "Pretty Much Everything You Need to Know about {"TCP/IP","Windows NT/2000", "Unix"} to Follow the Rest of This Book, in N pages or Less." This was just an incredibly good idea. It provides a great introduction to what you need if you're new to this. It also provides great review on material that you might use every day but need to remember or understand more deeply. And, once you finish these, you're ready to learn about hacking/auditting tools and techniques. Now, Ed takes a much *better* approach than most of the other books coming out today: for every tool, technique, or topic, he works to help you understand it very deeply. For example, most books include a short description of a tool, possibly accompanied by a table listing its command-line options. Ed takes the opposite approach -- he explains the tool's use and functionality in the right amount of detail and describes how the tool works, turning you into an instant power-user for every tool you use! I knew this book got it right when I saw 17 pages on Fyodor's nmap (the premier network mapping and scanning tool) -- to truly use nmap effectively, you've got to understand what it is that you're doing. The whole book shows this strong attention to exactly the right amount of focus on each topic and it shows. This is one of the best designed well-written books on computer security that I've read in a while. If you don't buy anything else on network auditting or penetration testing, buy this book!

Recent security books have dealt exclusively with point security issues such as Windows NT security, Cisco router security, and TCP/IP security. Although point security is necessary, it does not provide the necessary level of security unless the varied points are integrated. This year, a number of security books have bucked the point-security-only trend and have concentrated on security from an integrated architecture perspective. The most noteworthy of these titles has been Ross Anderson's Security Engineering.

Another worthy title is Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses. The self-described Next Generation Hacker Book promises to be "a step-by-step guide to defending against hacker intrusions." Rather than focusing on a single technology to secure, Skoudis shows readers how to design and defend their networks against myriad threats. His step-by-step approach is to partition the hacking process into five phases (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks, and Hiding) and to detail the steps within each phase.

As noted by Anderson in Security Engineering, most systems are designed to keep out the "good guys" --those who follow the rules but may occasionally bypass them. Hackers and other adversaries -- who do not follow the rules -- require a unique set of constraints to keep them out of corporate networks.

The book opens with a crucial topic: knowing your threats and not underestimating your adversary. Although most people may put all adversaries under the blanket class of "hackers," there are a number of antagonistic groups, each of which possesses a unique set of threats. Unless an organization knows who its adversaries are -- whether internal employees (the true cause of most security incidents), organized crime, disgruntled consultants, remote hackers, customers, suppliers, or hactivists -- there is no way its network can be appropriately secured. Counter Hack details what course of action to take in order to protect against attacks, whether they originate from a low-level script kiddy or a world-class hacker.

Skoudis' step-by-step approach to effectively securing a network begins with an introduction to the operations of TCP/IP. Most experienced readers can bypass this section. The next two chapters provide an overview of Unix and Windows NT/2000, which are the most commonly installed operating systems in corporate America. Although most security books address Windows NT/2000 and Windows PPTP (Point-to-Point Tunneling Protocol), Skoudis astutely notes the huge security ramifications of running them.

The following sections detail how hackers perform reconnaissance and scanning attacks against networks in order to penetrate them. Skoudis details the fundamentals of port scanning and the use of scanning tools such as nmap.

Chapter 7 covers applications and operating-system-level attacks. It includes an excellent overview of buffer-overflow attacks and how to obviate them. This is a crucial point for programmers who are often unaware of the specific dangers of buffer overflows.

The book details the dangers of Trojan horses, backdoors, and root kits, which are often difficult to detect once they are installed. Skoudis covers the nastiest backdoor, kernel-level root kits, and execution redirection in particular. The danger of execution redirection is that the hacker can intercept a call to run a certain application and map that call to another application . It is basically a bait-and-switch attack, except that the victims do not know that they are being attacked.

Skoudis has an easy-to-read style. When he mentions a hacking tool, he effectively describes how the tool works and how it can be employed to secure a system. Skoudis also includes a number of stories written in the first-person. It is a pleasure to read a security book written by a professional who has in-the-trenches experience, as opposed to someone who thinks copying RFC's makes for an original book.

If you have a network connected to the Internet, you will inevitably be hacked. This book shows how to avert such attacks with a counter hack. For a wide-ranging overview of how to secure a system against myriad adversaries, do yourself, your employer, and your networks a favor and read Counter Hack.

This has got to be one of the best books that I've read on computer security, hands down. Ed obviously put a great deal of time and creativity into designing a book that would give a system/network administrator exactly what s/he needs to do useful computer security work: a solid understanding of the fundamentals. He follows that up with excellent descriptions and tutorials on the hacking process, including tools and techniques.

I loved Ed's introductory chapters, titled "Pretty Much Everything You Need to Know about {"TCP/IP","Windows NT/2000", "Unix"} to Follow the Rest of This Book, in N pages or Less." This was just an incredibly good idea. It provides a great introduction to what you need if you're new to this. It also provides great review on material that you might use every day but need to remember or understand more deeply. And, once you finish these, you're ready to learn about hacking/auditting tools and techniques.

Now, Ed takes a much *better* approach than most of the other books coming out today: for every tool, technique, or topic, he works to help you understand it very deeply. For example, most books include a short description of a tool, possibly accompanied by a table listing its command-line options. Ed takes the opposite approach -- he explains the tool's use and functionality in the right amount of detail and describes how the tool works, turning you into an instant power-user for every tool you use! I knew this book got it right when I saw 17 pages on Fyodor's nmap (the premier network mapping and scanning tool) -- to truly use nmap effectively, you've got to understand what it is that you're doing. The whole book shows this strong attention to exactly the right amount of focus on each topic and it shows.

This is one of the best designed well-written books on computer security that I've read in a while. If you don't buy anything else on network auditting or penetration testing, buy this book!

Let me start with a disclaimer. I find network and computer security very interesting, but have never looked into it in-depth before (other than a paper I once wrote on worms and viruses). I have a strong programming background (The usual suspects - C/C++, Perl, Fortran, Pascal, Assembly), but I'd never even HEARD of netcat before, and sure as heck didn't know what a rootkit did. Sure, knowing Assembly I understand how a stack functions, so buffer overflows made sense before Ed's explanation. But the rest of the book was all foreign to me, so keep in mind this a review from a security newbie.

This book was excellent for me. I read it cover to cover, and it was almost like reading a spy and/or detective novel, with details of what the spies and detectives do. The plot was the phases of a network attack, and I could almost hear the Mission Impossible theme in the background at times when I was looking at the output from some of the applications. I don't know if this is normal for a security book (like I said, I'm a newb), but Counter Hack was great to read straight-through, and I have no doubt I'll frequently refer to portions in the future.

I found Ed's overviews of topics that would be used in the rest of the book exceptional - they really were exactly what you needed to know, with no extra fluff. Concisely written and well-explained, but I didn't feel like I was being treated as a three-year-old. I had previous knowledge of OS's and networking, but Counter Hack's first few chapters were excellent refreshers, and in some cases spectacular insight into how things work together (I constantly referred back to OSI's 7-layer model for TCP/IP).

To be honest, I did find some typos and things that were odd (though perhaps I just thought them odd due to lack of knowledge). For example, Ed says a subnet mask is XOR'd with an IP address to determine the network address versus the host address. XOR? If I XOR my address... let's see:
11000000 10101000 00000001 00000001 (192.168.1.1)
11111111 11111111 11111111 00000000 (255.255.255.0)
00111111 01010111 11111110 00000001 (127.87.254.1?!)

This is an obvious typo for someone who has background knowledge of networking... but isn't that my point? Should have been caught before going to press. Still, when I have to pick out a single WORD of an entire book to have something bad to say, you know the book is a great one.

I highly recommend this book, definitely to people new to the field (like me!), but perhaps those of you who have in-depth knowledge will learn some things you didn't know (or fully understand) before. And now, onto Malware!

Overall, highly recommended, it's a no doubt five stars quality book. Even though I borrowed this book from library, I just place an order to purchase my own copy. Excellent reference material!

This book covers two major parts: (1) All-you-need-to-know Overviews, and (2) Hacking Skills. Ed only takes about 20% of his entire book portion for giving readers the overview of all important knowledge such as Networking,Unix & Windows. For those overviews chapters, they are all well-written and extremely easy to follow even for complicated concepts. By themselves, they already worth the book value, and they're excellent for refreshing those key & important knowledge & concepts.

The second part of the book mainly addresses various hacking approaches. The contents are exactly same as Ed's desktop seminar 'The Hack Counter-Hack Training Course', which is a computer-based training video on CD-ROM. However, this book provides much more details and in-depth explanation on how-things-done. Again, it's really well-written to depict the complicated hacking techniques. If you purchase the Ed's The Hack Counter-Hack Training Course, I strongly recommend you to buy this book as your reference material. They should go in pair.