Slashdot Mirror
Book Review: BackTrack 4: Assuring Security by Penetration Testing
RickJWagner writes "Watch out, System Admins. The floodgates to BlackHat Hackerdom are now open. Packt Publishing has just released BackTrack 4: Assuring Security by Penetration Testing, a how-to book based on the freely available BackTrack 4 Linux distribution. The intent of the book is to educate security consultants on the use of this devastatingly complete Hacker's toolkit, and to provide sage words of advice on how to conduct yourself as a penetration testing consultant. On both counts, the authors do well." Keep reading for the rest of Rick's review.
BackTrack 4: Assuring Security by Penetration Testing
author
Shakeel Ali, Tedi Heriyanto
pages
392
publisher
Packt
rating
9/10
reviewer
Rick J Wagner
ISBN
1849513945
summary
Covers the core of BackTrack with real-world examples and step-by-step instructions
I have to admit, at first blush I wasn't impressed by the book. I usually start looking a tech book over by thumbing through it, quickly glancing over snippets every chapter or so to get a feel for how the book is written. My initial impression was that the book contained many 2-page introductions to what appeared to be system tools, showing how to invoke them and the type of text output they would produce. Who needs that, I thought? I settled down to read the text front to back, then realized the full horror of what I was reading. More on that later.
The book starts out telling you how to find BackTrack 4, how to install it or run it as a live DVD, and how to get the parts working. Suffice it to say this is all easy for anyone who's installed a Linux distribution before.
Next up, the authors cover some solid basics for the would-be security professional. There are other tips throughout the book, too-- what kinds of written agreements you should have, what types of reports you should produce, and generally how you should conduct yourself. Well done, and I'm sure anyone reading this book will have the thought that maybe they'll go into business doing this someday. At least that's what I hope everyone is thinking, because after that the gloves are off and you are shown the dark side of this magnificent machinery.
The authors outline a disciplined framework for penetration testing. By myself, I never would have considered such a thing, but these guys clearly have given this a lot of time and effort. The following chapters are broken out into each phase, and within those chapters the various tools of the trade are grouped. (So you'd find the tools that can provide you with a reverse shell in the 'Target Exploitation' chapter, for example.)
The first phase is Information Gathering, and here the reader is introduced to several tools that can glean information like domain names, IP addresses, host names, and other data that can identify potential targets. The 2-page tool introductions I mentioned earlier contain all the tools that do this kind of work. There's enough introductory material to let you figure out which ones you want to try (it seems each chapter covers at least a dozen tools), and how to get started.
Target Discovery is the next phase, it's all about finding hosts and identifying operating systems. Again, no malicious stuff goes on yet, just methodically gathering information. Par for the course, there are a variety of tools presented to help the user.
Target Enumeration is next. The user is exposed to applications that can help find which ports are open, which services (i.e. MySQL) are running, and even what kinds of VPN are present. By the way, throughout the book the authors throw in brief but relevant snippets concerning the topic at hand. As an example, in this chapter you'll find an example of the TCP protocol (SYN, SYN-ACK, etc.) that will tell you when a port's available and when it's not. There's more of this kind of information throughout the book, too. Some of it I knew (not much, really) and some I didn't, so I felt the book advanced my basic knowledge of IT systems in some ways.
Now that the user has all this useful information, they can proceed on to Vulnerability Mapping. Here the tools are used to help calculate which vulnerabilities might exist in the targeted systems.
The following chapters are where the really bad toys come out. They deal with Target Exploitation, Privilege Escalation, and Maintaining Access. True to their titles, they tell all about how the user can attack the targeted systems, set up shop, and leave a backdoor for returning later.
Of course, no good book on penetration technique would be complete without a chapter on Social Engineering, and so we have one here as well. Hardcore hackers might look down their nose at such a thing, but I imagine this is really one of the more effective avenues of attack.
So, who is this book good for? First, for security professionals. They'll want to get a copy just so they can be sure they understand what they're up against, and how to check their own systems using the same tools the bad guys have. Second, programmers with an active sense of curiosity. I fall into this category. Lastly, the bad guys will probably buy a copy (or pirate one), unfortunately. I hope they're too lazy to read it well and end up getting busted and thrown in the clink. Maybe they can talk ethics in programming with Hans Reiser while they're awaiting parole.
If your livelihood depends on keeping a secure environment, you probably ought to get a copy of this book for your in-house penetration tester. It's an eye-opener.
You can purchase BackTrack 4: Assuring Security by Penetration Testing from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
The book starts out telling you how to find BackTrack 4, how to install it or run it as a live DVD, and how to get the parts working. Suffice it to say this is all easy for anyone who's installed a Linux distribution before.
Next up, the authors cover some solid basics for the would-be security professional. There are other tips throughout the book, too-- what kinds of written agreements you should have, what types of reports you should produce, and generally how you should conduct yourself. Well done, and I'm sure anyone reading this book will have the thought that maybe they'll go into business doing this someday. At least that's what I hope everyone is thinking, because after that the gloves are off and you are shown the dark side of this magnificent machinery.
The authors outline a disciplined framework for penetration testing. By myself, I never would have considered such a thing, but these guys clearly have given this a lot of time and effort. The following chapters are broken out into each phase, and within those chapters the various tools of the trade are grouped. (So you'd find the tools that can provide you with a reverse shell in the 'Target Exploitation' chapter, for example.)
The first phase is Information Gathering, and here the reader is introduced to several tools that can glean information like domain names, IP addresses, host names, and other data that can identify potential targets. The 2-page tool introductions I mentioned earlier contain all the tools that do this kind of work. There's enough introductory material to let you figure out which ones you want to try (it seems each chapter covers at least a dozen tools), and how to get started.
Target Discovery is the next phase, it's all about finding hosts and identifying operating systems. Again, no malicious stuff goes on yet, just methodically gathering information. Par for the course, there are a variety of tools presented to help the user.
Target Enumeration is next. The user is exposed to applications that can help find which ports are open, which services (i.e. MySQL) are running, and even what kinds of VPN are present. By the way, throughout the book the authors throw in brief but relevant snippets concerning the topic at hand. As an example, in this chapter you'll find an example of the TCP protocol (SYN, SYN-ACK, etc.) that will tell you when a port's available and when it's not. There's more of this kind of information throughout the book, too. Some of it I knew (not much, really) and some I didn't, so I felt the book advanced my basic knowledge of IT systems in some ways.
Now that the user has all this useful information, they can proceed on to Vulnerability Mapping. Here the tools are used to help calculate which vulnerabilities might exist in the targeted systems.
The following chapters are where the really bad toys come out. They deal with Target Exploitation, Privilege Escalation, and Maintaining Access. True to their titles, they tell all about how the user can attack the targeted systems, set up shop, and leave a backdoor for returning later.
Of course, no good book on penetration technique would be complete without a chapter on Social Engineering, and so we have one here as well. Hardcore hackers might look down their nose at such a thing, but I imagine this is really one of the more effective avenues of attack.
So, who is this book good for? First, for security professionals. They'll want to get a copy just so they can be sure they understand what they're up against, and how to check their own systems using the same tools the bad guys have. Second, programmers with an active sense of curiosity. I fall into this category. Lastly, the bad guys will probably buy a copy (or pirate one), unfortunately. I hope they're too lazy to read it well and end up getting busted and thrown in the clink. Maybe they can talk ethics in programming with Hans Reiser while they're awaiting parole.
If your livelihood depends on keeping a secure environment, you probably ought to get a copy of this book for your in-house penetration tester. It's an eye-opener.
You can purchase BackTrack 4: Assuring Security by Penetration Testing from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
http://www.backtrack-linux.org/backtrack/backtrack-5-release-tool-suggestions/
Expert in software patents or patent law? Contribute to the ESP wiki!
I dunno, it has the innuendo and sounds official, but is is a believable chat-up line ?
Nullius in verba
I'm not sure if the guy who wrote this book has heard yet, but BackTrack 5 was released yesterday. GG writing a book on old software.
Could we at least have an explanation, or full disclosure, or something? Why so many PACKT reviews? Free samples? A sponsor? WHat is it?
I'm curious about this spate of Slashvertising for Packt books. Is the problem that no-one is writing any other book reviews, or is the problem that Packt is gaming the slashdot system to get these posted?
don't most unix admins keep eyes open on ports, connections, user information, etc...? not scared yet.
taking advantage of visibility tools and keeping up with what tools are available should be a skill owned by every administrator.
it examines tools to probe known issues of unpatched daemons with known exploits. sorry, i'm still not scared.
if an administrator does not keep a system up to date throw them out the door, run over them twice, THEN tell them they are fired.
that being said, i'll agree, the book is very good. it details modern tools and how to use them. some of the tools let the administrator get ahead of potential 0 day exploits and weed out poorly written code. it gets my vote for the top 10 must read books for network/system administrators and at least top 5 for security engineers.
Having to work for a living is the root of all evil.
Hey! Give me a break! It's a reference to.... sorry... I don't remember which series it's about. Simpsons? South Park? Family Guy? Oh, did I just mix them up? Did I insult anybody with that?
Why does this all sound like a bad Porno Title?
Queue the bwap chicky bwap music!
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Wireless networks with WEP security are frighteningly easy to infiltrate. It's the WiFi equivalent of using "password" as your password.
I would expect this book to be reviewed by a penetration tester or at least a security engineer. I'm not sure I trust a Cobol/Java programmer to really know how well the book covers the topics here.
That is all.
Stay classy, Slashdot.
"Penetration tester [...] you will play an exciting and fundamental role [...] Live penetrations of locked down hosts..." — From a job posting on securityfocus.com.
Non-Linux Penguins ?
Another Packt review? Seriously?
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
By the nice folks who distribute BackTrack Linux, by the way.
The whole moon and the entire sky are reflected in one dewdrop on the grass. - Dogen
that people only used BackTrack for WEP cracking.
Seriously, the Packtvertisements are getting pretty deep here.
Readers have already said enough. To summarize: Packt turns out junk, and they have no place on any technie's bookshelf. Please stop promoting them here.
Watch out, System Admins. The floodgates to BlackHat Hackerdom are now open.
This isn't just Captain Obvious.
This is Captain Obvious after he's been beaten half to death by a mob wielding stupid bats, been gene spliced with a tardosaurus rex, and then got a lobotomy from Dr. Mengele.
Good unix admins do however what about the plethora of Windows admins who don't know what TCP is? One of our security consultants does all our pen testing and very few admins have ever detected his attacks/activity.
Shame the Book is focused on a product which is no longer supported, and has no more official downloads from the BackTrack team...
our website: http://www.happyshopping100.com/ watches price 75$ Air jordan(1-24)shoes $30 Nike sh ox(R4,NZ,OZ,TL1,TL2,TL3) $35 Hndbags(Coach lv fendi d&g) $35 Tshirts (Polo ,ed hardy,lacoste) $16
Jean(True Religion,ed hardy,coogi) $30
Sunglasses(Oakey,coach,gucci,Armaini) $15
New era cap $10
Bikini (Ed hardy,polo) $25
FREE SHIPPING,accept paypal
free shipping
accept paypal credit card
lower price fast shippment with higher quality
BEST QUALITY GUARANTEE!!
SAFTY & HONESTY GUARANTEE!!
FAST & PROMPT DELIVERY GUARANTEE!!
**** http://www.happyshopping100.com/ ***
Isn't this the TSA's strategy?
The Search Engine Optimization as it is commonly known is the technique used for the purpose of web marketing which helps in increasing the visibility of a website and to make it gain a better ranking on the search engine result pages.
=====
BT5 was released yesterday.
Would you be kind enough to share your top 10 list with us?
Thanks
i'm not exactly well read but i'll give you the most important ones i've read, off the top of my head. note: they are not in order of importance and they are important because they taught me how much i didn't know so i could fix me.
silence on the wire
hacking exposed linux
lpi linux certification in a nutshell.
rootkits subverting the windows kernel
steal this book
gray hat python