Sorry, this item is not available in
Image not available for
Color:
Image not available

To view this video download Flash Player

 


or
Sign in to turn on 1-Click ordering
Sell Us Your Item
For a $4.83 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Tell the Publisher!
I'd like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Hacker's Challenge 3: 20 Brand New Forensic Scenarios & Solutions (v. 3) [Paperback]

by David Pollino, Bill Pennington, Tony Bradley, Himanshu Dwivedi
4.6 out of 5 stars  See all reviews (12 customer reviews)

List Price: $55.00
Price: $35.29 & FREE Shipping. Details
You Save: $19.71 (36%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 3 left in stock (more on the way).
Ships from and sold by Amazon.com. Gift-wrap available.
Want it Monday, April 28? Choose Two-Day Shipping at checkout. Details
Free Two-Day Shipping for College Students with Amazon Student

Formats

Amazon Price New from Used from
Paperback $35.29  
Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Book Description

April 25, 2006 0072263040 978-0072263046 3

The stories about phishing attacks against banks are so true-to-life, it’s chilling.” --Joel Dubin, CISSP, Microsoft MVP in Security

Every day, hackers are devising new ways to break into your network. Do you have what it takes to stop them? Find out in Hacker’s Challenge 3. Inside, top-tier security experts offer 20 brand-new, real-world network security incidents to test your computer forensics and response skills. All the latest hot-button topics are covered, including phishing and pharming scams, internal corporate hacking, Cisco IOS, wireless, iSCSI storage, VoIP, Windows, Mac OS X, and UNIX/Linux hacks, and much more. Each challenge includes a detailed explanation of the incident--how the break-in was detected, evidence and clues, technical background such as log files and network maps, and a series of questions for you to solve. In Part II, you’ll get a detailed analysis of how the experts solved each incident.


Frequently Bought Together

Hacker's Challenge 3: 20 Brand New Forensic Scenarios & Solutions (v. 3) + Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios + HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
Price for all three: $94.11

Buy the selected items together


Editorial Reviews

From the Back Cover

The stories about phishing attacks against banks are so true-to-life, it’s chilling.” --Joel Dubin, CISSP, Microsoft MVP in Security

Every day, hackers are devising new ways to break into your network. Do you have what it takes to stop them? Find out in Hacker’s Challenge 3. Inside, top-tier security experts offer 20 brand-new, real-world network security incidents to test your computer forensics and response skills. All the latest hot-button topics are covered, including phishing and pharming scams, internal corporate hacking, Cisco IOS, wireless, iSCSI storage, VoIP, Windows, Mac OS X, and UNIX/Linux hacks, and much more. Each challenge includes a detailed explanation of the incident--how the break-in was detected, evidence and clues, technical background such as log files and network maps, and a series of questions for you to solve. In Part II, you’ll get a detailed analysis of how the experts solved each incident.

Exerpt from “Big Bait, Big Phish”:

The Challenge: “Could you find out what’s going on with the gobi web server? Customer order e-mails aren’t being sent out, and the thing’s chugging under a big load…” Rob e-mailed the development team reminding them not to send marketing e-mails from the gobi web server…. “Customer service is worried about some issue with tons of disputed false orders….” Rob noticed a suspicious pattern with the “false” orders: they were all being delivered to the same P.O. box…He decided to investigate the access logs. An external JavaScript file being referenced seemed especially strange, so he tested to see if he could access it himself…. The attacker was manipulating the link parameter of the login.pl application. Rob needed to see the server side script that generated the login.pl page to determine the purpose….

The Solution: After reviewing the log files included in the challenge, propose your assessment: What is the significance of the attacker’s JavaScript file? What was an early clue that Rob missed that might have alerted him to something being amiss? What are some different ways the attacker could have delivered the payload? Who is this attack ultimately targeted against? Then, turn to the experts' answers to find out what really happened.

About the Author

David Pollino has a strong background in security, wireless, and networking. David is currently a security practitioner working in financial services. During his career, he has worked for an industry-leading security consulting company, a large financial services company, and a tier 1 ISP. David often speaks at security events and has frequently been quoted in online and printed journals regarding security issues. During his career as a consultant and network engineer, David has worked for clients across multiple industries, including financial services, service providers, high technology, manufacturing, and government. He co-authored Wireless Security (RSA Press, 2002) and Hacker's Challenge and Hacker's Challenge 2 (McGraw-Hill/Osborne, 2001 and 2002, respectively).

Bill Pennington, CISSP, has six years of professional experience in information security and eleven years in information technology. His duties at WhiteHat include managing research and development, guiding product and technology direction, managing web application assessment teams, and developing and delivering WhiteHat Security training. Bill has performed web application assessments for more than four years in a variety of industry verticals including financial services, e-commerce, and biotechnology. He is familiar with Mac OS X, Linux, Solaris, Windows, and OpenBSD, and he is a Certified Information Security Systems Practitioner (CISSP) and Certified Cisco Network Administrator (CCNA). He has broad experience in web application security, penetration testing, computer forensics, and intrusion detection systems. Prior to joining WhiteHat, Bill was a principal consultant and technical lead for assessment services at Guardent, a nationwide security services provider.

Tony Bradley, CISSP-ISSAP, MCSE2k, has eight years of computer networking and administration experience, focusing the last four on network security and malware protection. Tony is a network security architect providing design, implementation, and management of network security solutions for a variety of Fortune 500 customers. He is also the editor and writer for the About.com Internet/Network Security website and frequently contributes to a variety of technical and security publications, both in print and on the Web. You can view his writing portfolio at http://www.s3kur3.com.

Himanshu Dwivedi is a founding partner of iSEC Partners, an independent provider of information security services and tools. He has 12 years of experience in security and IT. Before forming iSEC, he was Technical Director for @stake's Bay Area security practice. Himanshu's professional focus includes strategic security services, which leverages his experience with software development, infrastructure security, application security, tool development, and secure product design. He is considered an industry expert in storage security, specifically Fibre Channel/iSCSI SANs and CIFS/NFS NAS systems. Himanshu has presented at major security conferences throughout the world, including Black Hat, Storage Networking World, Syscan Singapore, and Bellua Indonesia. Himanshu also has a patent pending for a storage security design architecture that can be implemented on enterprise storage products for Fibre Channel networks. Himanshu has also authored two additional security books, including Securing Storage: A Practical Guide to SAN and NAS Security (Addison-Wesley, 2005) and Implementing SSH: Strategies for Optimizing the Secure Shell (Wiley, 2003).


Product Details

  • Paperback: 400 pages
  • Publisher: McGraw-Hill Osborne Media; 3 edition (April 25, 2006)
  • Language: English
  • ISBN-10: 0072263040
  • ISBN-13: 978-0072263046
  • Product Dimensions: 9.1 x 7.3 x 0.8 inches
  • Shipping Weight: 1.5 pounds (View shipping rates and policies)
  • Average Customer Review: 4.6 out of 5 stars  See all reviews (12 customer reviews)
  • Amazon Best Sellers Rank: #577,220 in Books (See Top 100 in Books)

More About the Author

Tony Bradley, CISSP-ISSAP, MCSE2k, is a Microsoft MVP in Windows Security. Tony is a Director with Evangelyze- a Microsoft Gold Partner focused primarily on unified communications and VoIP based out of Houston, TX. He is a writer with a focus on information security, Windows Vista, Windows Server 2008, unified communications, virtualization, and SharePoint. He has over 10 years of experience working in the various areas of Information Technology, focusing the last 6 on security. He is the About.com Guide for Internet / Network Security. Tony also contributes frequently to other industry publications and web sites.

Customer Reviews

Most Helpful Customer Reviews
13 of 13 people found the following review helpful
5.0 out of 5 stars I bought this book for one reason: wireless May 30, 2006
Format:Paperback
I've been looking for a resource that would be useful as a recommendation to the students in my wireless training classes. There've been plenty teaching wireless security and penetration philosophically, but I wanted a practical - get your hands dirty - approach. It's here! Hackers Challenge 3 contains a great "case study" of a hack attack on a wireless network and gives you the insights you need to analyze such an attack.

In addition, you get information related to other newer attacks like phishing, VoIP vulnerabilities and social engineering. This is a great book and MUST be in every security technician's library.

Tom Carpenter, Author: Wireless@ Certification Official Study Guide, CWSP Certification Official Study Guide, and Foundations of Effectiveness.
Comment | 
Was this review helpful to you?
7 of 7 people found the following review helpful
5.0 out of 5 stars A Digest of the New World of Hack Attacks June 4, 2006
Format:Paperback
What struck me about this book is that the attacks are all brand new. This isn't just a rehash of the same old attacks we read about over and over again, nor is it a rehash of the attacks - but on steroids - from the previous Hacker's Challenge books. The day of the simple port scan and null session enumeration are long gone. Today's world is much more complicated and scarier. Hacker's Challenge 3 proves it.

And these aren't off-the-wall attacks cooked up in hidden computer labs by researchers. They're the type of threats now, unfortunately, becoming more commonplace to any one in information security.

The chapters on phishing are real-life and could've been taken right out of the playbook of an actual attack perpetrated against a real bank. The steps for investigating, tracking down and bringing down malicious phishing sites closely follow those actually taken by information security professionals on the job.

Another attack presented is pharming, a new and frightening type of DNS poisoning that threatens financial and e-commerce web sites. The description of the attacks is very accurate. It's almost as if you were working with the team trying to block the attack.

Hacker's Challenge 3 is written by a star-studded cast of well-known industry players, each a top notch expert in their specialty in the field.

For each attack, this book provides a complete set of steps for detection, resolution, prevention and evasion of future attacks. There are detailed examples of the forensics examination used to track down both the attack and its offending attackers, including samples of analyzed logs and data that would be used by an actual threat and incident management team in action on a case.
Read more ›
Comment | 
Was this review helpful to you?
3 of 3 people found the following review helpful
5.0 out of 5 stars Fun and informative read June 2, 2006
Format:Paperback
What I like about this book is that the technical information is at a level where amateurs will not be overwhelmed while seasoned pros will not be bored.

The format is also very nice because you become involved in the solution rather than just having technical information thrown at you.

Finally, and most important to me, the solutions to the challenges are technically correct.

The book is certainly a good read.
Comment | 
Was this review helpful to you?
3 of 3 people found the following review helpful
5.0 out of 5 stars Engaging even for novice computer users! May 26, 2006
Format:Paperback
This book surpassed my expectations. I expected a high-level, tech-jargon-filled, 'computer-geek' book with no link to the mentality of a novice user like myself. Instead, I found that it actually IS all of those things, but blends it very nicely with an engaging set of real-life stories.

The attention to the details of the lives and experiences of each individual in the stories gives an added flavor not seen in most computer books. I would expect anyone to be able to relate to these stories, and the experiences they depict.

It also reveals how ignorant most people are to the real dangers of insecure networks and PCs, and it's an applaudable attempt to reach those people. Well done!
Comment | 
Was this review helpful to you?
2 of 2 people found the following review helpful
5.0 out of 5 stars Reads like a suspense novel! June 18, 2006
Format:Paperback
One of the best ways to teach is via the use of examples. This book is chock full of real world forensic scenarios along with their solutions. As the author of a forensics book myself, I understand and appreciate the hard work that these four brilliant individuals have put into this excellent text. We need to see more books like this in the future!
Comment | 
Was this review helpful to you?
2 of 2 people found the following review helpful
5.0 out of 5 stars Hacker's Challenge 3 May 9, 2006
Format:Paperback
This is a book that can serve two different purposes. For the security expert the book provides 20 real world security issues along with the appropriate logs and challenges them to work out what type of attack is being performed, how it is being performed, and what needs to be done to fix it and prevent it happening again. For those with an interest in security but who are not experts the book provides an entertaining series of tutorials that introduce several types of security breach, what they are, how to detect them, and what to do to stop them or at leasdt mitigate the effects.

The 'challenges' that are described in the book cover a range of different methods that have been used to breach the security of various computer networks. Each challenge provides a all of the essential pieces of information that would be available to be examined by security experts dealing with the problem (trimmed of much of the irrelevant logs). Sufficient information is actually provided to enable someone with a sufficient knowledge of security to work out both what type of attack has taken place and how the attack was done. They should then have no trouble in answering the series of questions about the particular attack that appear at the end of each challenge before turning to the solutions section to check their answers.

The challenges also provide excellent tutorials for novice security staff to find out how to extract and interpret information in order to determine what has happened.

I always thought of computer security as a necessary but boring subject but the authors of this book have managed to make it both informative and entertaining. If you are a security specialist looking to take the "hacker's Challenge" and test how much you know or if you are just someone wanting to learn more about some of the latest security threats then this book will provide you with many hours of interesting reading and investigating.
Comment | 
Was this review helpful to you?
Most Recent Customer Reviews
Search Customer Reviews
Only search this product's reviews
ARRAY(0xa335993c)




Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

Forums

There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
Topic:
First post:
Prompts for sign-in
 



Look for Similar Items by Category