Customer Reviews

Hacker's Challenge 2: Test Your Network Security & Forensic Skills

5 star:		(4)
4 star:		(5)
3 star:		(0)
2 star:		(0)
1 star:		(1)

 

 

I read and reviewed the original "Hacker's Challenge" in Nov 01, and gave that book four stars. Mike Schiffman and crew have recaptured the magic and published another winner: "Hacker's Challenge 2" (HC2). This is the sort of book that needs to be used when interviewing new hires or promoting technical staff. If the candidate has read the book and knows the answers to the challenges, she at least demonstrates her commitment to learning, as well as an ability to remember what she reads. If she can solve the challenges without having read the book, she shows a higher level of skill. If she has no clue how to respond to the challenges, you can move on to the next candidate.

The majority of HC2 involves three subjects. Challenges 1,3,7, and 16 revolve around wireless insecurities. Challenges 2,5,6,15, and 17 discuss network-based attacks. Solving the mysteries of challenges 4,11,12,14,18, and 19 require log analysis. A few other issues are sprinkled through the text: social engineering (ch. 8), host-based digital forensics (ch. 9), a man-in-the-middle attack against SSH (ch. 13), and a crafty buffer overflow tutorial (ch. 10). None of the material struck me as being exceptionally original, although this accurately reflects the sorts of cases handled by most consultants! I was impressed by the level of explanation offered by challenge 17, where vulnerabilities associated with VLAN 1 were exposed.

HC2 has a few weaknesses. I was sorry to see Peter Lemonjello fired in challenge 5, but he appeared to strike again in challenge 11. Pages 126-8 featured some of the oddest techno-babble in print, offering obscure references to Rabindranath Tagore and condescending dialogue with a tech support staffer. I've given up on seeing Mike Schiffman correctly abbreviate the Air Force Information Warfare Center as "AFIWC" in his biography. His use of "AFWIC" must refer to the UN's AFrican Women In Crisis program and not the talk he gave to the AFIWC in Apr 99!

HC2 is the first must-buy of 2003, but it leaves some room for improvement. Future editions should provide greater details in the solutions, like explanations of the fields in various firewall logs. I'd also like to see the author's names on the challenges, as appeared in the first HC book. The bottom line is that HC2 is a fast read that will entertain, and more importantly, educate.

The second "The Hacker's Challenge" brought with it another sleepless night of fun security reading. 19 attack cases with solutions and mitigation and prevention strategies are described by a team of known expert authors led by Mike Schiffman.

Impressive wireless DoS attack, social engineering penetrations (including one case with no technical penetration whatsoever), mysterious web defacements, SQL injection, DNS tunneling case and router attack inform and educate, just as the first book did. Authors' mildly perverse sense of humor keeps the reader in a good mood. The book begs to be read in one helping (and then reread, as needed)! "The Challenge 2" again covers a wide range of victims and attack methods.

An interesting case asks for writing an exploit and provides a walkthrough for a simple local buffer overflow attack, a novel feature of this edition.

At about scenario 12, things start to heat up and solving the case starts to require some thinking. Harder to crack cases and more sophisticated attackers up the fun level and value of information learned. Just as in the first book, solving the case usually takes some log analysis, some security knowledge and careful reading about character actions and observations.

In addition to technology-astute readers, the book will also satisfy the hard-core security policy fans. Some of the questions asked about the cases involve policy decisions.

As for the book minor blemishes, it suffers a bit from a "sequel syndrome". Namely, since the first book was so amazingly good, it is very hard to beat it and most people will compare it to the first one. Let's say that "The Challenge 2" is almost as good as its predecessor. A couple of scenarios sound somewhat ridiculous (e.g. one on "wireless terrorists"). Another couple is painfully obvious (few people are impressed by a /bin/sh bound to a port in inetd.conf or by a default router password nowadays). In addition, the scenario names often give out a hint that spoils the fun of "cracking" the story ("Freeloader" and some others).

Overall, the book is a must have, both for its educational and entertainment value. The Hacker Challenge books fuse fun storyline, mystery and technical information in one great package, that makes for awesome reading for all technical readers, in security field and beyond. It was clearly a great idea to invent such a "security thriller" book.

Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

Hacker's Challenge 2 is a sort of practical exam for the Hacking Exposed series. Hacker's Challenge was a terrific book for putting some incident response and forensic skills to use and practicing for the real thing. Hacker's Challenge 2 continues the tradition and should be a must read for anyone who works with network security and incident response. The style of the challenges is fairly entertaining and the plots are so engaging you may not want to put the book down. Its like a best-selling mystery novel for network security techies. It may not affect the quality of the book overall, but I preferred having the authors of the individual challenges identified as they were in Hacker's Challenge. However, you should definitely buy this book!

(...)

Hacker's Challenge 2 is a great review course for anyone in the security industry, or just a sysadmin who needs to know basic security skills (that means all of you sysadmins). The challenges range in ease of forensic review from really simple (DoS attacks and packet sniffing) to very challenging to diagnose.
Probably the best part of the book is that along with every explanation of what happened, is an accompanying explanation of how it happened and what could be done to prevent it.
I strongly recommend this book to anyone who wants to test or expand their network and host security skills.

As a security specialist and Ethical hacker I've been extremely disapointed by this book. It is too simple and obsolete. History around each challenge are way to detailed compare to the actual incident and technical detail. I just dont quite understand other reviewer rating this book with 5 stars.

Yes, Slightly better than the first edition.
However, if you need or like this kind of books give first a try to "Stealing the Network: How to Own the Box" by Ryan Russell, the same idea, but a lot more illustrative and easy to read (still with the same level of very up to date information).
Some extra bucks to spend ?. . . OK, then try both, they complement each other very well.

Amazon auto-recommended this book to me when I was buying another book. I bought it allthough I was shure that this will be anotherone of the books you buy, leaf through for 30 minutes and then burry in your bookshelf forever ...
The book arrived on friday - helloween. I decided to "leaf it quickly through" before diving into the helloween chaos in my city ... Now it is sunday ... I have skipped helloween completely and sucked up the book completely, played a bit with the new knowledge in my LAN and definitely had a lot of fun.
I'm nor a hacker nor a sysadmin, just a programmer. But the challenges are easy enough for me (As a programmer I'm not so experienced in networking ...). Not too easy to be boring, not to hard to be "work". You can compare it better to a funny short-story-book than to a laborious brain-teaser-book. I learned a lot and had much fun. It is the first IT-book I ever read completely from the beginning to the end. Have you ever been laughing loudly when reading an IT-book ? I did often during this wheekend :) And additionaly I _did_ learn a lot. It's magic ...

Besides being very entertaining this book offers a great deal of knowledge. If you are able to recognize all the concepts inside, it will serve as a perfect reference and starting point book.

Very, very nice book.

I liked Hackers Challenge volume 1, and volume 2 carries on.

It is lively, entertaining, and makes you think.

This book is very real-world.

I loved it and had fun reading it.

Hacker's Challenge est un bon livre pour tester sa propre sécurité. Mais comme beaucoup de livres sur la sécurité informatique, il n'insiste pas sur le volet humain, contrairement au Guide du Cyberdétective, paru en France aux Editions Chiron, ISBN 2702707831, écrit par Alain STEVENS.

Toutefois, ce numéro 2 rentre bien dans les détails. A lire