Customer Reviews


16 Reviews
5 star:
 (5)
4 star:
 (10)
3 star:    (0)
2 star:    (0)
1 star:
 (1)
 
 
 
 
 
Average Customer Review
Share your thoughts with other customers
Create your own review
 
 

The most helpful favorable review
The most helpful critical review


55 of 56 people found the following review helpful
4.0 out of 5 stars Powerhouse authors should provider deeper coverage next time
'Gray Hat Hacking' (GHH) is positioned as a next-generation book for so-called ethical hackers, moving beyond the tool-centric discussions of books like 'Hacking Exposed.' The authors leave their definition of 'gray hat' unresolved until ch 3, where they claim that a 'white hat' is a person who 'uncovers a vulnerability and exploits it with authorization;' a 'black hat'...
Published on January 14, 2005 by Richard Bejtlich

versus
5 of 12 people found the following review helpful
1.0 out of 5 stars this book is a waste of good paper
I have been condicting ethical hacking for 3 years and this book was such a let down, it falls well short in providing and good detailed content. Basically its the kind of stuff you learn on day 1 and shows no evidence of experience from an author who can hack into systems. My advise is save your money as this book covers nothing you wouldnt find on Google in 5 minutes...
Published on September 13, 2007 by joe blogs


‹ Previous | 1 2 | Next ›
Most Helpful First | Newest First

55 of 56 people found the following review helpful
4.0 out of 5 stars Powerhouse authors should provider deeper coverage next time, January 14, 2005
This review is from: Gray Hat Hacking : The Ethical Hacker's Handbook (Paperback)
'Gray Hat Hacking' (GHH) is positioned as a next-generation book for so-called ethical hackers, moving beyond the tool-centric discussions of books like 'Hacking Exposed.' The authors leave their definition of 'gray hat' unresolved until ch 3, where they claim that a 'white hat' is a person who 'uncovers a vulnerability and exploits it with authorization;' a 'black hat' is one who 'uncovers a vulnerability and illegally exploits it and/or tells others how to;' and a 'gray hat' is one who 'uncovers a vulnerability, does not illegally exploit it or tell others how to do it, but works with the vendor.' I disagree and prefer SearchSecurity.com's definitions, where white hats find vulnerabilities and tell vendors without providing public exploit code; black hats find vulnerabilities, code exploits, and maliciously attack victims; and gray hats find vulnerabilities, publish exploits, but do not illegally use them. According to these more common definitions, the book should have been called 'White Hat Hacking.' I doubt it would sell as well with that title!

Content-wise, the book mixes ethical and legal advice with tool overviews and technical information. Many reviewers note the good legal overview in ch 3, where I found the tables summarizing various laws to be helpful. The authors provide a sound rationale for penetration testing: 'Nothing should be trusted until it is tested' (p. 13). I enjoyed the disclosure discussion in ch 3 as well. I liked the brief tool descriptions of Core IMPACT, Immunity Security's CANVAS, and the Metasploit Framework. Some of the other discussions (e.g., Amap, P0f, Ettercap) didn't go deeper than already published explanations of those same tools.

I found the technical material to be accurate albeit somewhat disorganized and in some cases far too shallow. For example, the authors provide 6 pages on Python (ch 6), 6 pages on C (ch 7), and a single 21 page chapter (ch 10) mentioning system calls, socket programming, and assembly language. On p 279 and several other places the authors admit their topic 'deserves a chapter to itself, if not an entire book!' They should have trusted their instincts and required readers to have prior knowledge of programming in low- and high-level languages prior to reading GHH. Instead, short sections that are too basic for the pros but too rushed for beginners detract from the book's focus.

The five authors clearly know their subjects, but they should have coordinated their chapters better. For example, ch 7 introduces using debuggers without even a description of their purpose. Six chapters later (in ch 13), we read a description of debugging only to be followed again by another discussion of debugging in ch 14. All of this should have been consolidated and rationalized.

I think McGraw-Hill/Osborne's second edition of GHH should seek to differentiate itself from more focused books like 'The Shellcoder's Handbook' (by Wiley) and 'Exploiting Software' (by Addison-Wesley). There is a market for high-end security books without sparse introductory material included for the benefit of beginners. Authors should either commit to the beginners and give enough information to enlighten them, or tell them to read foundational references first and concentrate on the more experienced audience. Authors like Allen Harper and Chris Eagle, winners of last year's 'Capture the Flag' contest at Def Con, can deliver the goods if not constrained by a publisher's desire to address as broad an audience as possible. I would not be surprised to see this book greatly expanded in a second edition, which I look forward to reading.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


33 of 34 people found the following review helpful
4.0 out of 5 stars best intro to vulnerability discovery, January 28, 2005
By 
Jeff Pike (Mechanicsville, VA United States) - See all my reviews
This review is from: Gray Hat Hacking : The Ethical Hacker's Handbook (Paperback)
This book is designed as a beyond Hacking Exposed type book. It certainly lives up to that by concentrating on more fundamental knowledge. Among it's strong points, this book is the most solid introduction to vulnerability discovery techniques I have seen. Another point to this books credit is that I was unable to find any errors in the examples I ran (about half)

The authors start out with a 4 chapters that discuss things like... what pen-testing is, ethics, legal issues. Some of the more useful discussions in this section include legal issues, and reporting vulnerabilities to vendors. Some of the less useful discussions include the difference between gray, white, and black hats. Omitted was discussion the true old schoool meaning of 'hacker.' The first 4 chapters rate three stars.

Chapters 5 and 6 discuss some cool tools including: p0f, amap, ettercap, xprobe2, metasploit, CANVAS, and IMACT. Enough information is included to get you going on each one. Also the underlying principles are discussed. Good chapters. Chapters 5 and 6 rate four stars.

Chapters 7 through 11 discuss: Programming, Linux Exploits, Shell Code, and Windows Exploits. The "Programming Survival Skills" chapter is a little light, but that can only be expected. These chapters are very well done, and this is the best section of the book. The explanations are very clear and concise. I tried many of the examples in these chapters, and they worked flawlessly. The authors attention to detail will make these chapters very valuable to those learning vulnerability research and discovery. The material here provides a solid foundation. Chapters 7 through 11 rate a strong five stars.

Chapters 12 through 15 discuss reverse engineering, writing exploits, and patching the holes. Tools discuss include valgrind, sharefuzz, SPIKE, IDA Pro, RATS, its4, debuggers, and more. This is a nice introduction to reverse engineering. It's enough to get you going, but it's not quite as deep as many will probably want. The discussions here are well done. Chapters 12 through 15 rate a weak five stars.

Overall, I rated this book a strong four stars. I would have loved to give it five stars if the first few chapters were better. I wouldn't mind seeing them removed and replaced with expanded technical content in any future editions. Based on the strengh of the remainder of this book, it's hard to imagine a better introduction to advanced vulnerability discovery techniques. I wish I had this a few years ago!
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


24 of 26 people found the following review helpful
5.0 out of 5 stars Great buy for every IT dept., February 8, 2006
This review is from: Gray Hat Hacking : The Ethical Hacker's Handbook (Paperback)
I bought this book from a store in D.C, and read it on my way back to India. I was impressed. Never found any book that deals with computer security and software vulnerabilities written so well. The reason I like this book is than others is because it does not only give you information that can help you in assessing your network security, but also gives you a basic introduction to the laws and legal technicalities. The contents of this book cover most of computer/network security related areas including technical implementation, planning, and defense. Therefore, it is not only for system engineers, but also for people managing IT departments.

My favorite chapters were those which discussed about reverse engineering, programming survival skills, and legal aspects of hacking. However, I do agree with one of the reviewers on the definition of "Grey Hat Hackers", I do agree that the authors were wrong here, and should have chosen a different title. Otherwise, the book is great and the reason it has something for everyone who deals with IT security is, because it took five authors to write this book and all of the specializes in different segments of IT security. The book is not expensive, I bought it for $45, and you can get it from Amazon for $33 and believe me that's nothing. I have spent more money on books those have attractive titles but actually are crap. Have a look at those written by Ankit Fadia, and you will know what I mean.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


15 of 16 people found the following review helpful
4.0 out of 5 stars Covers more than the typical hacking book, February 11, 2006
This review is from: Gray Hat Hacking : The Ethical Hacker's Handbook (Paperback)
"Gray Hat Hacking - The Ethical Hacker's Handbook" is not your normal hacking book. This book should not be lumped in with the "Hacking Exposed" series nor the likes of "Counter Hack". What differentiates Gray Hat Hacking (GHH) from other books is the amount of code the book offers. This book is not for script kiddies, but instead shows how to advance to the next level of hacking (and, more importantly, prevention) by devoting over 100 pages to developing programming skills for both Linux and Window exploits. I had not encountered a book that dedicated this much space to scripting.

The authors take a delicate balance at discussing tools that are well documented in other publications (ettercap, xploit2 & p0f), and mentioning some lesser known tools (sharefuzz, RATS and valgrind). While I believe there is no doubt that the authors know their material, I do agree with other reviewers in wishing GHH was simply expanded. I also like that GHH offers many referrences. Page for page, this book probably received more highlights than any other hacking book I own.

I give this book 4 pings out of 5:

!!!.!
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


7 of 7 people found the following review helpful
4.0 out of 5 stars Fun and useful security book, May 10, 2005
This review is from: Gray Hat Hacking : The Ethical Hacker's Handbook (Paperback)
Yet another general "security-hacking" book which is good - you've got to be kidding? However unbelievable it might sound, a weirdly titled "Grayhat Hacking" (I guess, in this context it means "semi-criminal" : - ) ) is a remarkable book on vulnerability discovery, exploit writing and pentesting. I would treat this book as less of a "tool book" (which I generally hate), but more of an "approach book".

I does contain sections on tools useful during the penetration testing, but with different highlights. For example, I liked that in the necessary section on scanning, the authors did not fell into "hey-I-know-all-the-nmap-flags" trap (common in security books) and described `scanrand' and other fun tools for network discovery. I loved their overview of exploitation frameworks (CANVAS, Impact and Metasploit), although would have preferred a bit more details (maybe an use case for discovering a vulnerability with CANVAS, for example)

While this book's coverage of software exploitation is not as in-depth as, say, `Exploiting Software', I still liked the way it is presented. I suspect it will appear to less hard-core people who do not write exploits daily. Windows and Linux shellcode and exploit tips are nicely separated, which avoids a confusion sometimes seen in other books.

The book is mostly focuses on the attacking side (however ethical it might be...), but also has some tips for the defending side (for example, a somewhat light-weight section on patching software).

Overall, I think the book is really useful for just about any technical security professional, especially those starting to do more in-depth pentesting.

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II". In his spare time, he maintains his security portal info-secure.org
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4 of 4 people found the following review helpful
4.0 out of 5 stars Broad Range of Information Collected In One Place, May 9, 2005
This review is from: Gray Hat Hacking : The Ethical Hacker's Handbook (Paperback)
One of the issues I had with the book is that it has multiple personalities, in multiple ways. First, having multiple authors colaborate means that different chapters sometimes have a completely different tone and feel than other chapters. So, you might "click" with one of the authors, but find it difficult to follow a different author's chapter.

The other way that the book has multiple personalities is that it seems to try to provide 3 distinct different types of information in the same book. Part of it is reverse-engineering and shell-coding, part of it is programming secure code and part of it is the concepts of hacking and the tools and techniques used.

That has both pros and cons. In some ways it lacks what may be found in books more focused on just one of those topics such as Exploiting Software or Hacking Exposed. But for those looking for breadth of information, this book provides a lot of content in one place.

Issues aside, I thought the information was excellent and I recommend that security administrators and programmers take a look at this book.

(...)
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


20 of 28 people found the following review helpful
5.0 out of 5 stars The Real Scoop, Not for Beginners., November 23, 2004
This review is from: Gray Hat Hacking : The Ethical Hacker's Handbook (Paperback)
This is a book on how to hack into computer systems to teach you more about how to protect yourself from hackers. This is a lot like the military uses schools like Top Gun to teach warriors how the expected opposition fights.

Hacks into systems are generally based on bugs in the code. Generally accepted guidelines say that there are 5 to 50 bugs per thousand lines of code. Windows XP has approximately 40 million lines of code -- That says somewhere between 200,000 and 2,000,000 bugs in XP alone.

This book will teach you what hackers are doing, the legal aspects, the damage done and most important how to avoid your own systems getting maliciously hacked. It is not intended for the beginner - when you're reverse engineering binary files or investigating what's happening with the stack your're pretty deep into what's happening in the system.

This is the most complete, most detailed book I've seen on hacking.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


2 of 2 people found the following review helpful
4.0 out of 5 stars A good guide for the beginner ethical hacker., November 29, 2006
By 
P. Cluff (Mchenry, IL USA) - See all my reviews
(REAL NAME)   
This review is from: Gray Hat Hacking : The Ethical Hacker's Handbook (Paperback)
There is alot of good knowledge to be learned in this book, but it is very cutthroat and dry. There are almost no "real world" examples of what they talk about, and alot of it talks about using programs that were created for linux.. Otherwise it is a good book, but I have read better.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


1 of 1 people found the following review helpful
4.0 out of 5 stars Great book, October 13, 2008
This review is from: Gray Hat Hacking : The Ethical Hacker's Handbook (Paperback)
What a great book. From no skillz to haxor writing shellcode, I'd recommend this to any academic institution wishing to teach on security. The first few chapters aren't overly exciting, but finding a book that gives fair coverage to topics like Linux shellcode development, client-side attacks on Windows, IDA pro usage, fuzzing, and more is no easy find!

Great job guys!
jrod
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4.0 out of 5 stars Just bought this for my husband., June 9, 2013
Verified Purchase(What's this?)
This review is from: Gray Hat Hacking : The Ethical Hacker's Handbook (Paperback)
thank you, this is a great book for my husband, he has been taking it with him everywhere to read.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


‹ Previous | 1 2 | Next ›
Most Helpful First | Newest First

Details

Gray Hat Hacking : The Ethical Hacker's Handbook
Gray Hat Hacking : The Ethical Hacker's Handbook by Michael Lester (Paperback - November 9, 2004)
$49.99 $45.63
In Stock
Add to cart Add to wishlist
Search these reviews only
Rate and Discover Movies
Send us feedback How can we make Amazon Customer Reviews better for you? Let us know here.