Enjoy fast, FREE delivery, exclusive deals and award-winning movies & TV shows with Prime
Try Prime
and start saving today with Fast, FREE Delivery
Amazon Prime includes:
Fast, FREE Delivery is available to Prime members. To join, select "Try Amazon Prime and start saving today with Fast, FREE Delivery" below the Add to Cart button.
Amazon Prime members enjoy:- Cardmembers earn 5% Back at Amazon.com with a Prime Credit Card.
- Unlimited Free Two-Day Delivery
- Instant streaming of thousands of movies and TV episodes with Prime Video
- A Kindle book to borrow for free each month - with no due dates
- Listen to over 2 million songs and hundreds of playlists
- Unlimited photo storage with anywhere access
Important: Your credit card will NOT be charged when you start your free trial or if you cancel during the trial period. If you're happy with Amazon Prime, do nothing. At the end of the free trial, your membership will automatically upgrade to a monthly membership.
Buy new:
$34.96$34.96
FREE delivery:
Thursday, Sep 14
Payment
Secure transaction
Ships from
Amazon.com
Sold by
Amazon.com
Returns
Eligible for Return, Refund or Replacement within 30 days of receipt
Buy used: $8.99
Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required. Learn more
Read instantly on your browser with Kindle for Web.
Using your mobile phone camera - scan the code below and download the Kindle app.
Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques 1st Edition
| Price | New from | Used from |
- Kindle
$17.27 - $33.21 Read with Our Free App - Paperback
$8.99 - $34.966 Used from $5.00 6 New from $34.96
Purchase options and add-ons
Ninja Hacking offers insight on how to conduct unorthodox attacks on computing networks, using disguise, espionage, stealth, and concealment. This book blends the ancient practices of Japanese ninjas, in particular the historical Ninjutsu techniques, with the present hacking methodologies. It looks at the methods used by malicious attackers in real-world situations and details unorthodox penetration testing techniques by getting inside the mind of a ninja. It also expands upon current penetration testing methodologies including new tactics for hardware and physical attacks.
This book is organized into 17 chapters. The first two chapters incorporate the historical ninja into the modern hackers. The white-hat hackers are differentiated from the black-hat hackers. The function gaps between them are identified. The next chapters explore strategies and tactics using knowledge acquired from Sun Tzu's The Art of War applied to a ninja hacking project. The use of disguise, impersonation, and infiltration in hacking is then discussed. Other chapters cover stealth, entering methods, espionage using concealment devices, covert listening devices, intelligence gathering and interrogation, surveillance, and sabotage. The book concludes by presenting ways to hide the attack locations and activities.
This book will be of great value not only to penetration testers and security professionals, but also to network and system administrators as well as hackers.
- Discusses techniques used by malicious attackers in real-world situations
- Details unorthodox penetration testing techniques by getting inside the mind of a ninja
- Expands upon current penetration testing methodologies including new tactics for hardware and physical attacks
- ISBN-101597495883
- ISBN-13978-1597495882
- Edition1st
- PublisherSyngress
- Publication dateOctober 7, 2010
- LanguageEnglish
- Dimensions7.52 x 0.98 x 9.17 inches
- Print length336 pages
Popular titles by this author
Professional Penetration Testing: Creating and Learning in a Hacking LabThomas Wilhelm MSc ISSMP CISSP SCSECA and SCNAPaperback
Editorial Reviews
Review
"The hacking community is fraught with Eastern military comparisons. Like the ninja, we are continuing to come out of the shadows of our communal origins and grow into respected members of a larger society. As our industry matures, it demands more formal education, strict regulations and an adherence to a code of ethics. Therefore it becomes increasingly difficult to incorporate the culture of the unconventional warrior into our new world. Enter Wilhelm and Andress, who make it safe to show off your fu again. By the end of this book, the security professional is given the philosophical foundation along with a practical framework from which to leverage the way of the ninja. What could be cooler?"--Overall, Ninja Hacking has excellent relevant material and a significant amount of Ninja lore and history. While this book is not a technical reference, it is an excellent choice for someone who has an interest in Ninjas or someone who is looking for inspiration to think differently about penetration testing and security concepts. The mappings for traditional Ninja skills to the skills of today are mostly well-coupled and are always relevant to how the leaders in the field are addressing security today."----Donald C. Donzal, Editor-in-Chief, The Ethical Hacker Network
"When they put "unconventional" in the title, the authors weren't exaggerating. Perhaps the most unusual book written on computer security, this volume centers around detailed descriptions of the ethics, mindset, and tactics used in the Japanese martial arts commonly called ninja. The history of ninja fighting arts and the samurai warriors who practiced them are described in the first chapter. Each subsequent chapter presents specific ninja tactics, including intelligence, use of weapons, surveillance, and sabotage, then applies them to effective computer security management. Both authors are computer security specialists. The book also benefits from a Ninjutsu consultant, Bryan R. Garner, and a technical editor, Joshua Abraham."--SciTechBookNews
"With the good blend of historical techniques and its modern day application there is something in here for everyone."--Hakin9
"Be in no doubt, credibility is high for this book..All in all, while the writing style is light, the content is, for lack of a better term, meaty. This is definitely not recommended as an entry level book, but it is an excellent resource for penetration testers and those thinking of commissioning pen tests on their systems."--Paul Baccas, NakedSecurity.com, Oct. 25, 2011,
Review
From the Back Cover
Ever thought of using the time-tested tactics and techniques of the ancient ninja to understand the mind of today’s ninja, the hacker? Penetration testers and security consultants perform tests both externally and internally for clients that include both physical and technical tests. Throw traditional pen testing methods out the window for now, and see how thinking and acting like a ninja could actually grant you quicker and more complete access to a company’s assets. Get in before the hacker does with these unorthodox techniques -- using all of the tools that the ninja has: disguise, espionage, stealth, and concealment. Learn how to benefit from these tools by laying your plans, impersonating employees, infiltrating via alarm system evasion, discovering weak points and timing, spyware and keylogging software, and log manipulation and logic bombs. And, really, don’t you want to be a ninja for a day just because they’re cool? Let this book be your excuse!
About the Author
Thomas Wilhelm has been involved in Information Security since 1990, where he served in the U.S. Army for 8 years as a Signals Intelligence Analyst, Russian Linguist, and a Cryptanalyst. His expertise in the field of Information Security has led him to speak at prominent security conferences across the United States, including DefCon, HOPE, and CSI.
Thomas has contributed significantly to the field of professional penetration testing and information security. In his capacity as both a practice director and a managing director, he has played a pivotal role in executing offensive and defensive security initiatives for Fortune 100 companies and leading research and tool development that has influenced the security industry. Presently, he serves as a managing director at Redstone Securities and possesses master’s degrees in both Computer Science and Management.
His influence also extends to education where he formerly held the position of Associate Professor at Colorado Technical University. Thomas has also written various publications, including magazines and books. Through Pentest.TV, he continues to provide advanced security training and has obtained numerous certifications over the years, including the ISSMP, CISSP, CCNP Security, AWS Cloud Solutions Architect, AWS Cloud Security Specialist, and multiple Solaris certifications as well.
Jason Andress (CISSP, ISSAP, CISM, GPEN) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.
Product details
- Publisher : Syngress; 1st edition (October 7, 2010)
- Language : English
- Paperback : 336 pages
- ISBN-10 : 1597495883
- ISBN-13 : 978-1597495882
- Item Weight : 1.54 pounds
- Dimensions : 7.52 x 0.98 x 9.17 inches
- Best Sellers Rank: #5,310,072 in Books (See Top 100 in Books)
- #778 in Content Management
- #1,286 in Management Information Systems
- #1,610 in Software Testing
- Customer Reviews:
Important information
To report an issue with this product, click here.
About the authors

Thomas Wilhelm has been in involved in Information Security since 1990, where he served in the Army for eight years as a Signals Intelligence Analyst / Russian Linguist / Cryptanalyst.
A speaker at security conferences across the U.S., including DefCon, HOPE, and CSI, he has been employed by Fortune 100 companies to conduct Risk Assessments, participate and lead external and internal Penetration Testing efforts, and manage Information Systems Security projects.
Thomas is also a Doctoral student who holds Masters degrees in both Computer Science and Management. Additionally, he also dedicates some of his time as an Associate Professor at Colorado Technical University, and has contributed to multiple publications, including both magazines and books. His latest contribution was the publication titled "Professional Penetration Testing," released in August, 2009, which was his fourth book contribution to Syngress.

Dr. Jason Andress is a seasoned security professional, security researcher, and technophile. He has been writing on security topics for over a decade, covering data security, network security, hardware security, penetration testing, and digital forensics, among others.

Discover more of the author’s books, see similar authors, read author blogs and more
Customer reviews
Customer Reviews, including Product Star Ratings help customers to learn more about the product and decide whether it is the right product for them.
To calculate the overall star rating and percentage breakdown by star, we don’t use a simple average. Instead, our system considers things like how recent a review is and if the reviewer bought the item on Amazon. It also analyzed reviews to verify trustworthiness.
Learn more how customers reviews work on Amazon-
Top reviews
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
If you don't know the first thing about hacking and want a good read, this book will entertain you.
If you've read every other security book under the sun, you will find this entertaining, and perhaps it will inspire you to be a bit more creative in life and in work.
If you just think Ninja are cool and just want another book about them you'll find the history section fascinating.
The main premise of this book is to think differently. That is, after all, what the rogue hacker will do, and quite frankly any book that even mentions water boarding in the context of penetration testing gets a big cheesy grin from me =|D-
When I should have been reading much more boring books this one made me smile, and didn't take me off topic at all, although it's not a technical how to for hackers in any sense, but that's a good thing! I'm looking forward to having the time to sit on a tropical beach somewhere and read this again.
Thanks for a good read guys.
Good points: The section on mobile pentesting is interesting. Historical Research is complete.
Bad points: Other technical aspects are pretty much the same as every other books. For a beginner, i would recommand Professional Pentesting, from the same author.
Bottom Line: Should have been 2 books. 1 on the history of the Ninja. 1 on "new" hacking techniques. Both promised but none delivered.
Not worth the read if one has any security experience. I would certainly not recommend this book if one is technically inclined.
The book is peppered with historical parables designed to shed light on modern security scenarios and stoke interest in the material. These scenarios may make explanation of aspects of penetration testing easier to understand for non-pentesters, and they should make experienced security experts think. The book covers a broad range of concepts, from contrasting the philosophies of the Ninja and Samurai classes using stories about specific feudal lords and clan leaders to examining the rules of engagement according to Sun Tzu's Art of War. Throughout, these researched components are not only used to examine concepts of penetration and defense but also to question the cookie-cutter methodologies found in many penetration tests. However, those who aren't interested in Ninjas can skip the first 2 chapters and go directly into the chapters about stealth and misdirection and will still be able to understand the references in most of the book.
By examining penetration testing using a point of view which is not bound by the traditional rules of war, Wilhelm and Andress are able to examine what sets apart traditional penetration testers from the leaders in the field. The authors do not focus on explicit programs or tools which grant the latter an advantage. Rather, they explain how the Zukin can achieve better results than a traditional penetration tester. Approaching a problem from the mindset of an intruder who wants to obtain access without being detected changes the field of play for penetration tests in significant ways that this book is not afraid to explore. Modern techniques for advanced information gathering, social engineering, misdirection, and even sabotage are defined as extensions of the Ninja philosophy for covert and open operational tactics. Discussion of disguise, impersonation, surveillance and social engineering begins with exploration of how these techniques were leveraged by the feudal warriors.
Overall, Ninja Hacking has excellent relevant material and a significant amount of Ninja lore and history. While this book is not a technical reference, it is an excellent choice for someone who has an interest in Ninjas or someone who is looking for inspiration to think differently about penetration testing and security concepts. The mappings for traditional Ninja skills to the skills of today are mostly well-coupled and are always relevant to how the leaders in the field are addressing security today.
Originally posted by me on [...]
And the tactics that *are* presented are rarely done in any detail, or are outright wrong/useless. Some chapters read like a vague, half-decent college paper on hacking and physical security. Detailed techniques are quite rare--don't expect explanations, actual code, or actual devices you can use, but instead a one-paragraph description of the attack, in the foggiest of terms, with either no references or, occasionally, an actual outside reference, which if you follow it, turns out to be some obscure proof-of-concept attack outlined that the author informs you, can be done "quite easily," without further explanation.
There are NUMEROUS examples of this approach, but to take just a few, in the chapter on Covert Listening Devices, the authors reject the use of physically-planted listening devices (they leave evidence, which no ninja would do, DUH), instead suggesting to eavesdrop using VOIP, which, they assure us, is "relatively trivial" (no details given, only a reference to an old Hakin9 article), or to hijack a computer's microphone, again, with scant details on how to do this, aside from a vague suggestion to configure flash "in such a way" to auto accept recording requests.
If you have to use a physical audio bug, however, you still shouldn't use readily available $100 bugs, because instead you can be a ninja and use a laser listening device! Never mind that these devices cost about $50,000, you can just build one yourself through the link given (which is itself pretty vague). Sorry, but I can't really see ninjas preferring to use crude, bulky DIY bugs of questionable reliability rather than readily available, tiny, cheap listening devices, but whatever.
Surprisingly, though, this chapter is one of the better ones. Whereas in the Covert Listening Devices chapter one can glean nuggets of wisdom here and there, the Infiltration chapter (physical security) is completely useless.
The authors eschew traditional lock picking because it leaves evidence (in the form of scratches INSIDE THE LOCK), and suggest lock bumping instead, presumably unaware that bumping is more destructive to locks than picking.
For opening safes, they suggest obvious things like trying the default combination (what happened to unconventional techniques?), briefly referencing manipulation but getting it entirely wrong, suggesting its practice consists of merely listening for a click as the wheel rotates past the correct number. In reality safe locks do not click when the wheel rotates past (or maybe they did in 1850, I don't know). Manipulation is much more complicated than suggested and is based on a combination of feel (dial feedback) and detailed analysis of the information gained through that feedback. I'd recommend "Safecracking for the Computer Scientist" for a brief introduction.
The discussion on cameras and alarm systems is equally useless. Blinding cameras with lasers is neither new, nor particularly effective. In fact practically any other method of blinding/disabling a camera is more effective. And the only alarm sensors covered are Infrared and Ultrasonic. The only techniques mentioned for defeating these were gleaned from an episode of Mythbusters. And while I'm not suggesting these techniques do or do not work, I think it says something about the way the authors approached this book, that the entirety of their research into bypassing alarm systems is taken from a TV episode.
The rest of the book if more of the same. The only redeeming factor is that some of the references in the footnotes are actually useful (but more of them are not). Otherwise I'd give it 1 star. Still, this is not enough redemption to warrant buying it. Save your money.
Ninja Hacking is well-written and coherent, with real effort made to thoroughly apply Ninja tenets to digital problems. Unusual for a book of this sort, Ninja Hacking is well-sourced (using endnotes) and surprisingly well integrated into other Syngress titles. Rather than rehash or summarize material published elsewhere, the Ninja Hacking authors are comfortable directing readers to previous works for more information on topics like managing a penetration test. This approach kept Ninja Hacking focused and relevant.
My primary critique of the book is that some of the comparison between Ninja and modern digital intruders seems forced. For example, p 20 says "black hats simply do not have the financial backing that white hats have." The authors state this to maintain their perceived similarity between Ninjas and black hats. However, that financial outlook is not true for many black hats. Multiple teams of black hats are exceptionally well-funded compared to the 1-person or no-person security operations at the hundreds of thousands of small-to-medium businesses exploited each year. Some well-resourced black hats work for organized crime groups, while others are state-sponsored. Thankfully, this one aspect of the authors' philosophy doesn't really impact the book's core message.
Overall, I like Ninja Hacking more for the discussions of ancient Japan than for the application to digital security. Still, perhaps others will be inspired to make comparisons between military and quasi-military forces of old and modern digital actors?
ISBN-978-1-59749-588-2
Reviewer: Mario Camilien, CISSP
Authors: Thomas Wilhelm and Jason Andress
Ninja hacking will continue to be a very good reference book. The process of using Social Engineering as a tool to exploit human weaknesses will continue to be enhanced. There are many ways Social Engineering attacks can be crafted. Attacks are often successful because attackers exploit our human frailties. Social Engineers are often playing on peoples' fear, vanity, and curiosity. The authors have pinpointed those areas in many good examples such the ones outlined below:
- loss of job
- loss of insurance
- mergers
- current events
- academic achievements
After reading the Ninja hacking book, one will come to the conclusion that human's ability to use techniques to accomplish a stated objective is limitless. One must never assume and rely on pre-conceived notions about individuals, locations, and organizations. The methods are not new. Social Engineering is the process of using technology as vehicle to revive and enhancing old tactics.
Mario Camilien, CISSP
I mainly liked it because
- it is different than the 'usual' security books
- it never gets boring
- the historical parts were very interesting and educational
- it is extremely well structured
- it gives you a good sense of what is possible in hacking today
- it transports the methods and concepts of the ninjas into today's security (and hacking) world.
All in all I think it is a very good book to read and worth the time spend.
The combination of both parts (the technical and the historical) encourages the out-of-the-box thinking.
Maybe I should write such a book . . .
One certainly hopes that the technology of cyber warfare goes beyond run-of-the-mill intrusion detection, anti-virus, and DDoS-mitigation boxes with which one can festoon one's networks or the honeypots that lure fools yonder. I opine that there's a good deal of highly classified work that cannot be shared, but--due to its compartmentalized nature--it is equally likely that such work includes profound duplication of effort, if not reinvention altogether of the wheel.
Main chapters provide to the point and pertinent points on which attacks can be built, making them vital for the defense.
Once you've finished this book you'll have a clear-cut notions on important aspects of attack such as how to time your infiltrations or attacking on multiple fronts to confuse the enemy. This book provides one of the clearest and simplest insights to the attackers mind, to quote Sun-Tzu on the Art of War: "If you know your enemy and you know yourself you need not fear the results of a hundred battles."
So, with one half of the book being of, well, rather questionable value which you'd better get in a decent book on Japanese history, the other is similarly lacking as it's descriptions read like fiction. It's a bit like a Clancy novel, but with less detail. Yet, some fundamental truths get covered in such a detail that it makes me question the authors, like a one page description of an instance in which someone was impersonating a police officer to gain access and eventually steal some stuff. What about condensing this to a bullet point like, "If in doubt, ask for credentials." I think the publishers of this book would have been well-advised to have done the same.






