- ISBN13: 9780596154578
- Condition: NEW
- Notes: Brand New from Publisher. No Remainder Mark.
Product Description
With the advent of rich Internet applications, the explosion of social media, and the increased use of powerful cloud computing infrastructures, a new generation of attackers has added cunning new techniques to its arsenal. For anyone involved in defending an application or a network of systems, Hacking: The Next Generation is one of the few books to identify a variety of emerging attack vectors.
You’ll not only find valuable information on new hacks that … Read More >>
Related posts:
- Ethical Hacking and Countermeasures: Threats and Defense Mechanisms ISBN13: 9781435483613 Condition: NEW Notes: Brand New from Publisher....
- Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition ISBN13: 9780071613743 Condition: NEW Notes: Brand New from Publisher....
- No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing ISBN13: 9781597492157 Condition: NEW Notes: Brand New from Publisher....
- Ethical Hacking Course for a Bright Future Also known as white hat hacker, an ethical hacker is...
- Hacking Exposed Computer Forensics, Second Edition ISBN13: 9780071626774 Condition: NEW Notes: Brand New from Publisher....
This is a great read if you are interested in understanding what types of things make your systems and identity vulnerable to hacking. I basically read it cover to cover in a single sitting, I could not put it down. This is not a book that tells you how to secure your systems against various threats, but rather explains in detail how threats arise and how they are exploited. If you are a software professional interested in building secure systems or just interested in how to protect yourself online I highly recommend this book.
Rating: 5 / 5
Hacking The Next Generation
This was a very well written book. The authors did a great job of mixing technical and non-technical attack vectors. I felt the flow of the book was very well done, keeping the reader engaged the entire time. The authors gave enough information on each topic to get you started, but did not inundate you with the minute details that can get overwhelming. In many chapters of the book the authors use scenarios to relate the reader to a topic. This method helped me grasp a few of the concepts that may have otherwise taken a second or third read.
In most of the sections that described technical attack vectors the authors gave links to tools that would help the reader perform that specific attack. Not only is this a great way to help the reader increase their tool set, it allows the reader to put into practice what was just read.
Chapter 2: Inside-Out-Attacks is an example of how every technical topic should be taught. The authors used scenario based writing mixed with technical details that really help the reader grasp the concept. Again, these are not littered with enough technical detail to understand in-depth how these attacks work, but they will give you a general understanding of each topic.
Chapter 7: Infiltrating the Phishing Underground was my favorite in the book. The author did a great job of relating how the underground works, how you get in contact with people, and how the act of phishing transpires. I was amazed to read how templates are shared, how they are put in place, and how the phishing crowd feel about each other.
Chapter 5: Sharing the Cloud with Your Enemy was not really what I expected. I was hoping to hear of some new attack vectors, but didn’t seem to get that. It was a great reminder of the risks to companies that use shared resources, and allow other administrators to control those resources, but this all seemed like common knowledge.
Overall this book was great. The content seemed very fresh, and where it was overlap from previous readings the authors seemed to put a new spin on old ideas. If you are looking for a book that will teach you step by step how to hack a website, or steal some credit cards, this book is not for you. This book is a great overview of multiple attack vectors, giving broad overviews of each one.
Wayne Gipson, CISSP, CISA
Rating: 5 / 5
Reviewer: Dave Roman, GCPCUG member
The 10 chapters in this book are very informative as well as interesting. It’s a read for every corporate security employee.
The author first talks about intelligence gathering in the first chapter. You must find out all the information possible about the company and its people. They might be able to help you. It’s called social engineering.
Chapter 2 is about using an insider that you found in your intelligence gathering. The insider or employee might have the information you need. Cultivate these people.
Chapter 3 is about network protocols and their weaknesses. He talks about exploiting these weaknesses.
Most computers are loaded with various types of software and he talks about how to exploit these complexities in Chapter 4.
Cloud computing is the next generation of computing. In Chapter 5 he discusses how hackers are positioning themselves to take advantage of Cloud.
Chapter 6 is all about mobile devices and how to abuse them.
Have you ever gone phishing? That’s what this chapter is all about. Try to understand the criminal mind and why they are phishers of men!
Chapter 8 is titled “Influencing Your Victims”. The author claims that it is sometimes easier to influence and manipulate a human being then it is to try to exploit a vulnerable point in a computer system. He looks at crafty techniques attackers employ to discover information about people to influence them.
Hacking Executives: Can Your CEO Spot a Targeted Attack? is an interesting title for the Ninth chapter. The reason hackers attack high level people like CEOs is that they usually have high security information on their laptops or office computer. He gives a few scenarios as examples.
Chapter 10 presents two scenarios on how a determined hacker can cross pollinate vulnerabilities from different processes, systems and applications to compromise businesses and steal confidential data.
A good book to read if you want into the mind of a hacker.
Rating: 5 / 5
I’m always skeptical about books that propose to cover such a vast spectrum of subjects, the book in question however does a wonderful job at explaining in plain english what is happening behind an attack, it unveils the possible motives and end result, and I personally found it a superb manuscript on what is happening today in the fields of hacking and social engineering.
On a more technical side it covers XSS attacks and blended exploits, again in plain english. Though the authors also throw some code in there to keep the techiest of us entertained, personally I found the inclusion of code somewhat unnecessary. ‘Plain english’ would suffice especially because I found that this would otherwise be the perfect book to hand to someone less techy who wants to know what is happening out there in the wild and to some extent what they need to look out for if they intend to be security conscious. Could they ignore the code? sure! will they? depends on the individual and his/her aversion to programming. It still keeps its five stars though, I cant fault a book for having too much information. The book also covers phishing attacks, that chapter was a very worth wile read. I hold no interest or curiosity in phishing attacks and after reading it I was surprised on what I had learned.
The chapters on social engineering and information gathering were very interesting as well. The authors made a clear effort to mention current online tools that attackers can use to acquire information on a target (may that be a person or a corporate entity) and go into deeper detail on how such an attack can develop into face to face contact with a target. The way the book is written makes it feel like a story, like one attack unfolds into another and that is really why this book is such good fun to read.
If there’s something I can fault in this book its really its life span. You have to get it now for it to matter. In 2 years time all this will be old, stale news and at the speed things change in the IT/IS world its really quite inevitable. Social engineering will always be social engineering but the tools used to gather information will surely change.
Rating: 5 / 5
I’ve read my share of hacking books over the years, and usually most of the books focus on the same topics… pointer overflows, brute force password hacks, etc. But with all the movement towards Web 2.0, the Cloud, and social networks, is it possible that hacking vectors have shifted somewhat into areas we don’t normally worry about? After reading Hacking: The Next Generation by Nitesh Dhanjani, Billy Rios, and Brett Hardin, the answer is definitely yes. There’s a whole new series of things to worry about, both from a corporate and a personal level.
Contents:
Intelligence Gathering: Peering Through the Windows to Your Organization
Inside-Out Attacks: The Attacker Is the Insider
The Way It Works: There Is No Patch
Blended Threats: When Applications Exploit Each Other
Cloud Insecurity: Sharing the Cloud with Your Enemy
Abusing Mobile Devices: Targeting Your Mobile Workforce
Infiltrating the Phishing Underground: Learning from Online Criminals?
Influencing Your Victims: Do What We Tell You, Please
Hacking Executives: Can Your CEO Spot a Targeted Attack?
Case Studies: Different Perspectives
Chapter 2 Source Code Samples
Cache_Snoop.pl
Index
Yes, the deeply technical hacks still exist, the ones that rely on badly coded software to gain privileges you aren’t granted. But in some ways, the hacks are getting easier, or at least more available to those who are not hardcore techheads. Take for instance, blended threats. This is an interesting concepts that shows how interconnected software environments have become. In the example they use, Microsoft had a minor vulnerability in XP and Vista, while Apple had a minor vulnerability in their Safari browser. Both vendors didn’t feel that either item was critical. That changed (at least for Microsoft) when someone used the behavior in Safari running on Windows to place a dll file on the Windows desktop. This dll file was then used by IE7 when starting up, overriding the use of the real dll in the proper Window directories. You can imagine how this would lead to “undesirable consequences.”
And if that’s not enough, imagine the potential of hacks in the Cloud. The authors show how one could hack an administration console to a Cloud provider, allowing someone to modify a number of parameters of a Cloud account. Or… if your attack target runs on the Cloud and is charged based on bandwidth and CPU, imagine what you could do to this target if you were to launch a distributed denial of service attack using the Cloud as the attacking client. The resources are almost limitless, and the target will get hit with charges that escalate at an incredible rate. Not a comforting thought if you’ve trusted your business to “the Cloud”…
I also noticed that more and more, hacking is not so much about taking over hardware as it is about getting a pipeline to timely information. For instance, more and more people are using shared and public calendars to manage their daily work. It’s not uncommon to be able to search and find conference call details that aren’t removed from the entry. If you find this info, it’s very possible that you can call in to the number, remain on mute, and pick up vital information that can be of value to you or other companies. This type of hack isn’t technical in the least. It’s just a mix of Google searching and ignorant/non-cautious users.
I’d really recommend Hacking: The Next Generation to my fellow techies. More important than learning new ways to mess with each other’s minds, it will expose you to a number of new attack vectors that you may not have considered. And in most cases, simple awareness of those new vectors is enough to allow you to start to defend against them.
Disclosure:
Obtained From: Publisher
Payment: Free
Rating: 5 / 5