Average Reviews:
(More customer reviews)Without turning into a how-to manual, Wilhelm and Andress do a good job exposing the reader to the world of the Ninja and then mapping the cutting-edge skills of the leaders in penetration testing to those of the Zukin (the penetration tester who leverages unorthodox techniques). A good mix of history and hacking ensures even those who have no interest in the historical aspect will still get ideas for how to take penetration tests to the next level. This reference is broad enough to inspire almost everyone, but that breadth comes at the cost of not being deep enough to allow for expert mastery of any of the individual skills. By the end of this book the reader should know how to become the Ninja penetration tester and should be able to intelligently discuss the relationship between the feudal Ninja to the Ninjas of today.
The book is peppered with historical parables designed to shed light on modern security scenarios and stoke interest in the material. These scenarios may make explanation of aspects of penetration testing easier to understand for non-pentesters, and they should make experienced security experts think. The book covers a broad range of concepts, from contrasting the philosophies of the Ninja and Samurai classes using stories about specific feudal lords and clan leaders to examining the rules of engagement according to Sun Tzu's Art of War. Throughout, these researched components are not only used to examine concepts of penetration and defense but also to question the cookie-cutter methodologies found in many penetration tests. However, those who aren't interested in Ninjas can skip the first 2 chapters and go directly into the chapters about stealth and misdirection and will still be able to understand the references in most of the book.
By examining penetration testing using a point of view which is not bound by the traditional rules of war, Wilhelm and Andress are able to examine what sets apart traditional penetration testers from the leaders in the field. The authors do not focus on explicit programs or tools which grant the latter an advantage. Rather, they explain how the Zukin can achieve better results than a traditional penetration tester. Approaching a problem from the mindset of an intruder who wants to obtain access without being detected changes the field of play for penetration tests in significant ways that this book is not afraid to explore. Modern techniques for advanced information gathering, social engineering, misdirection, and even sabotage are defined as extensions of the Ninja philosophy for covert and open operational tactics. Discussion of disguise, impersonation, surveillance and social engineering begins with exploration of how these techniques were leveraged by the feudal warriors.
Overall, Ninja Hacking has excellent relevant material and a significant amount of Ninja lore and history. While this book is not a technical reference, it is an excellent choice for someone who has an interest in Ninjas or someone who is looking for inspiration to think differently about penetration testing and security concepts. The mappings for traditional Ninja skills to the skills of today are mostly well-coupled and are always relevant to how the leaders in the field are addressing security today.
Originally posted by me on [...]
Click Here to see more reviews about: Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques
Ever thought of using the time-tested tactics and techniques ofthe ancientninja to understand the mind of today's ninja, the hacker? As a penetration tester or security consultant you no doubt perform tests both externally and internally for your clients that include both physical and technical tests. Throw traditional pen testing methods out the window for now and see how thinking and acting like a ninja can actually grant you quicker and more complete access to a company's assets. Get in before the hacker does with these unorthodox techniques. Use all of the tools that the ninja has: disguise, espionage, stealth, and concealment. Learn how to benefit from these tools by laying your plans, impersonating employees, infiltrating via alarm system evasion, discovering weak points and timing, spyware and keylogging software, and log manipulation and logic bombs. And, really, don't you want to be a ninja for a day just because they're cool? Let this book be your excuse!
Discusses techniques used by malicious attackers in real-world situations
Details unorthodox penetration testing techniques by getting inside the mind of a ninja
Expands upon current penetration testing methodologies including new tactics for hardware and physical attacks
0 comments:
Post a Comment