Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios [Paperback]

Mike Schiffman (Conductor)

Book Description

ISBN-10: 0072193840 | ISBN-13: 978-0072193848 | Publication Date: October 18, 2001 | Edition: First edition.

"Hacker's Challenge" will consist of 20-25 hacking scenarios followed by the solution for each. The challenges/chapters are organized by increasing levels of complexity, and covers many hot topics, including Web content, VPNs, Denial of Service, wireless issues, e-commerce, email attacks and more. It includes input from top names in the industry - in addition to Mike Schiffman, consultants from the top security firms, such as Guardent, Foundstone, @Stake, SecurityFocus.com, In-Q-Tel, Arbor Networks, LoudCloud and more contribute their expertise. It is intended for a broad audience - "Hacker's Challenge" is for anyone who wants to solve the latest hacking challenges. It is a great companion to "Hacking Exposed" - an entire book of hands-on scenarios that compliment the "Hacking Exposed" text.

Editorial Reviews

Amazon.com Review

Mike Schiffman has hit upon a great formula for Hacker's Challenge. Rather than try to research, fully understand, and adequately explain attacks that have taken place on other people's networks--the approach taken by too many writers of books about computer security--Schiffman lets network administrators and security experts tell their stories first-hand. This is good. What's better is that Schiffman has edited each of their war stories into two sections: one that presents the observations the sysadmin or security consultant made at the time of the attack, and another (in a separate part of the book) that ties the clues together and explains exactly what was going on. The challenge in the title is for you to figure out what the bad guys were doing--and how best to stop them--before looking at the printed solution. Let's call this book what it is: an Encyclopedia Brown book for people with an interest in network security.

It doesn't really matter, from a value-for-money standpoint, whether your skills are up to the challenge or not. The accounts of intrusions--these are no-kidding, real-life attacks that you can probably learn from, by the way--are written like chapters from a novel (though log file listings, network diagrams, and performance graphs appear alongside the narrative text). Recall every time you've seen a movie or read a book with computer scenes so technically inaccurate they made you wish for a writer with a clue. Schiffman and Hacker's Challenge is what you wished for. --David Wall

Topics covered: The sorts of attacks that black-hat hackers (everyone from script kiddies to accomplished baddies) launch against Internet-linked computers and networks. Everything is presented from the perspective of the defenders--i.e., the network administrators--who have to look at log files and process activity to figure out what's going on.

From the Back Cover

"A solve-it-yourself mystery that will draw you in with entertaining, yet realistic scenarios that both challenge and inform you." --Tim Newsham, security research scientist, @stake, Inc.

Malicious hackers are everywhere these days, so how do you keep them out of your networks? This unique volume challenges your forensics and incident response skills with 20 real-world hacks presented by upper-echelon security experts. Important topics are covered, including Denial of Service, wireless technologies, Web attacks, and malicious code. Each challenge includes a detailed explanation of the incident--how the break-in was detected, evidence and possible clues, technical background such as log files and network maps, and a series of questions for you to solve. Then, in Part II, you get a detailed analysis of how the experts solved each incident.

Excerpt from "The Insider":

The Challenge:

Kris, a software company's senior I.T. staffer, got a call from the helpdesk....Users were complaining that the entire contents of their inbox, outbox, and deleted items folders had completely disappeared....The following Monday, Kris found that the entire Exchange database had been deleted....The attacker sent an email from a Yahoo! account taking responsibility for the attacks....The e-mail had been sent from a machine within the victim's network. Kris brought in an external security team who immediately began their investigation...In addition to gathering physical security logs, Microsoft Exchange logs, and virtual private network (VPN) logs they interviewed key people inside the company....

The Solution:

After reviewing the log files included in the challenge, propose your assessment--when did the deletion of e-mail accounts begin and end, which users were connected to the VPN at the time, and what IP addresses were the users connecting from? Then, turn to the experts' answers to find out what really happened.

Contributing authors include:

Top security professionals from @stake, Foundstone, Guardent, The Honeynet Project, University of Washington, Fortrex Technologies, SecureMac.com, AnchorIS.com, and the National Guard Information Warfare unit.

See all Editorial Reviews

Product Details

• Paperback: 300 pages
• Publisher: McGraw-Hill Osborne Media; First edition. edition (October 18, 2001)
• Language: English
• ISBN-10: 0072193840
• ISBN-13: 978-0072193848
• Product Dimensions: 9.2 x 7.5 x 0.8 inches
• Shipping Weight: 1.7 pounds (View shipping rates and policies)
• Average Customer Review: 4.4 out of 5 stars  See all reviews (24 customer reviews)
• Amazon Best Sellers Rank: #623,097 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

40 of 40 people found the following review helpful:

4.0 out of 5 stars Innovative and practical for technical trainers and students, November 8, 2001

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios (Paperback)

I am a senior engineer for network security operations. I read "Hacker's Challenge" because one of my work duties involves training tier one and tier two security analysts. (Tier one analysts can recognize insecure digital assets; tier two analysts understand the threats to insecure digital assets; tier three analysts can manipulate most aspects of digital assets to mitigate insecurity.) I hoped "Hacker's Challenge" would educate my tier one and possibly tier two students. I now realize the book offers something for security professionals at all levels of expertise.

"Hacker's Challenge" is a collection of twenty "case studies." By dropping the reader into an incident response scenario, the book challenges security professionals to answer tough questions: How did the intruder gain access? What tools were used after the compromise occurred? How do you mitigate that threat in the future? This approach breathes new life into the world of security reading. Students will learn a lot by taking the time to answer these questions before consulting the well-written "solutions" section.

I noticed several technical themes repeated throughout "Hacker's Challenge." They included wireless vulnerabilities, Unicode and directory traversal attacks against Microsoft IIS, and older Solaris exploits. I particularly enjoyed the SQL server attack (challenge 7), and the thorough description of the sadmind worm (challenge 8). I liked the Macintosh case (challenge 15), but wished for coverage of OS X. Finally, the need for network security monitoring via intrusion detection system was wisely emphasized in many "solutions."

"Hacker's Challenge" isn't perfect, however. HK.exe, mentioned in challenge 10, exploits the "spoofed LPC port request" vulnerability of MS00-003, and doesn't involve directory traversal or Unicode. While an old Checkpoint ACK flood vulnerability was well explained (challenge 17), one of the references pointed to an unrelated IP fragmentation vulnerability. Also, the lead author should change his reference to the Air Force Information Warfare Center from "AFWIC" to AFIWC. He might also re-evaluate his interest in the TAB soft drink. (Read challenge 20!)

I plan to incorporate "Hacker's Challenge" into my analyst development program. I believe challenges 1,4,5,8,12,13, and 16 are suitable for tier one personnel. Challenges 2,3,6,10,11,14,15,17 and 18 are suitable for tier two staff. Tier three personnel may enjoy challenges 7,9,19, and 20. I look forward to second and third follow-on books to further enrich the security community.

(Disclaimer: I received a free review copy from the publisher.)

12 of 14 people found the following review helpful:

5.0 out of 5 stars Real-World Security IQ Test, November 26, 2001

By 

W. Fergerstrom "ferg" (san diego, ca) - See all my reviews
(REAL NAME)   

This review is from: Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios (Paperback)

Mike Schiffman's book, "Hackers Challenge," is a very innovative approach towards computer security learning and skill assessment. Guiding the reader from evidence, to reasons, to how and why, and to the end results of a hack attempt, this book provides a blueprint for pursuing and examining the forensic evidence of an attack. This book cohesively brings together all aspects of a hacking event into 20 separate incidents that will guide the reader towards the ultimate answers but only if you have the ability to see the forest from the trees. If you have the skills to recognize the attacks this book will provide confirmation of your abilities along with items of interest you may have missed. If you are left wondering what all the evidence adds up to, this book will get you as close to the on-site experience as possible that most dry manual or reference books do not provide.

For any system administrator this book provides an invaluable way to test your talents and expertise against real-world hacking events in a safe environment using multiple hardware and software products. This book is a must-have for anyone serious about the security of their systems and their ability to recognize and thwart hackers before, during and after an attack. I highly recommend this book for the beginner looking to build their abilities to a veteran looking to confirm or update their skills.

8 of 10 people found the following review helpful:

3.0 out of 5 stars Good book but light on info, January 19, 2002

By 

Craig "arcticfox1" (Canada) - See all my reviews

This review is from: Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios (Paperback)

The premise of the book really intrigued me so I picked it up. While the writing is good and there is some really good information, I don't think the information content was quite worth the money. Not to spoil the mystery for you, but several of the hacks described really just boiled down to a particular type of attack (to compromise) followed by something else. Similarly, the logs provided (for publishing purposes) have to be truncated. In essence, the reader is spoon-fed because only relevant logs are shown; quite different than real life where an admin may be facing 20 Mb of logs that they have to sift through.

One last point. The author of one of the sections was Tim Mullen. Had I known that beforehand, I would not have purchased the book. I've read his articles on securityfocus.com and have little respect for his abilities in the security field. Luckily, he only authored one scenario.