Ninja Hacking
Unconventional Penetration Testing Tactics and Techniques
- 1st Edition - September 23, 2010
- Latest edition
- Authors: Thomas Wilhelm, Jason Andress
- Language: English
Ninja Hacking offers insight on how to conduct unorthodox attacks on computing networks, using disguise, espionage, stealth, and concealment. This book blends the ancient practices… Read more
World Book Day celebration
Where learning shapes lives
Up to 25% off trusted resources that support research, study, and discovery.
Description
Description
Ninja Hacking offers insight on how to conduct unorthodox attacks on computing networks, using disguise, espionage, stealth, and concealment. This book blends the ancient practices of Japanese ninjas, in particular the historical Ninjutsu techniques, with the present hacking methodologies. It looks at the methods used by malicious attackers in real-world situations and details unorthodox penetration testing techniques by getting inside the mind of a ninja. It also expands upon current penetration testing methodologies including new tactics for hardware and physical attacks.
This book is organized into 17 chapters. The first two chapters incorporate the historical ninja into the modern hackers. The white-hat hackers are differentiated from the black-hat hackers. The function gaps between them are identified. The next chapters explore strategies and tactics using knowledge acquired from Sun Tzu's The Art of War applied to a ninja hacking project. The use of disguise, impersonation, and infiltration in hacking is then discussed. Other chapters cover stealth, entering methods, espionage using concealment devices, covert listening devices, intelligence gathering and interrogation, surveillance, and sabotage. The book concludes by presenting ways to hide the attack locations and activities.
This book will be of great value not only to penetration testers and security professionals, but also to network and system administrators as well as hackers.
Key features
Key features
- Discusses techniques used by malicious attackers in real-world situations
- Details unorthodox penetration testing techniques by getting inside the mind of a ninja
- Expands upon current penetration testing methodologies including new tactics for hardware and physical attacks
Readership
Readership
Penetration testers; Security consultants; IT security professionals including system / network administrators; hackers
Table of contents
Table of contents
About the Authors
About the Ninjutsu Consultant
About the Technical Editor
Introduction
Chapter 1 The Historical Ninja
The Historical Samurai
Bushido
Samurai Weapons
The Historical Ninja
Origins of the Ninja
Stories of Ninja
Ninja Code of Ethics
Ninja Weapons
Samurai Versus Ninja
Ethical Differences
Battlefield Use
Weapons
Summary
Endnotes
Chapter 2 The Modern Ninja
Modern-Day Ninjutsu
White Hats versus Black Hats
Black Hat Hackers
White Hat Hackers
Ninja Hackers – or Zukin
Ethics of a Modern-Day Ninja
Modern Ninja Ethics – Family
Modern Ninja Ethics – Community
Modern Ninja Ethics – Homeland
Modern Ninja Ethics – Appropriateness
Summary
Endnotes
Chapter 3 Strategies and Tactics
The Art of War – Breaking the Rules
Laying Plans
Five Constant Factors
Warfare Is Based on Deception
Waging War
No Cleverness in Long Delays
Rousing Anger
Victory – Not Lengthy Campaigns
Maneuvering
Practice Dissimulation
Strike Fast – Strike Wisely
Studying Moods
The Use of Spies
Five Classes of Spies
Rewards for Spying
Preconceived Notions
Psychological Warfare
Manipulating the Enemy’s Perception
Summary
Endnotes
Acknowledgment
Chapter 4 Exploitation of Current Events
Playing on People’s Fears and Curiosity
E-mail Attacks
Search Engines
Exploiting Patch Windows and Processes
Patch Windows
Patch Processes
Summary
Endnotes
Chapter 5 Disguise
Hensōjutsu (Disguise)
Impersonating People
The Modern “Seven Ways of Going”
mployees
Badges and Uniforms
Vendors
Virtual Disguises
Anonymous Relays
Summary
Endnotes
Chapter 6 Impersonation
Pretexting
Scholastic
Business
Rural
Religious
Public Figures
Labor
Uniformed
Phishing
The Sender
The E-mail
The Web Site
Fraudulent Certificates
Summary
Endnotes
Chapter 7 Infiltration
Lock Picking and Safe Cracking
Avoiding the Lock
Subverting Locks without Leaving Evidence
Opening Safes
Compromising Proximity Card Systems
Defeating Biometric Systems
Alarm System Evasion
Creating False Positives
Alarm Sensors
Trusted Networks
Employee or Contractor Home Networks
Vendor or Partner Networks
Nonstandard Internal Networks
Legacy Networks
Summary
Endnotes
Chapter 8 Use of Timing to Enter an Area
Tailgating
Physical Tailgating
Network and System Tailgating
Intrusion Detection System Avoidance
Physical Intrusion Detection Systems
Logical Intrusion Detection Systems
Administrative IDS
Out-of-Band Attacks
Honeypots
Summary
Endnotes
Chapter 9 Discovering Weak Points in Area Defenses
Traffic Patterns
Physical Traffic
Logical Traffic
Gates, Guns, and Guards
Gates
Guns
Guards
Information Diving
Physical Information Diving
Logical Information Diving
Summary
Endnotes
Chapter 10 Psychological Weaknesses
Baiting
The Modern Trojan Horse
The Con
Social Engineering
The Five Elements
The Five Weaknesses
The Five Needs
Social Engineering and the Kunoichi
Summary
Endnotes
Chapter 11 Distraction
Use of Big Events
Holidays
Sporting Events
Company Events
Environmental Events
Shill Web Sites
Spurious Company Data
Social Networking
False Search Engine Results
Multipronged Attacks
Distractors
Attacking on Multiple Fronts
Attack Timing
Summary
Endnotes
Chapter 12 Concealment Devices
Mobile Devices
Detection Methods
Mobile Device Trends
Data Smuggling
Encryption
Concealment
Summary
Endnotes
Chapter 13 Covert Listening Devices
Radio Frequency Scanners
Bluetooth
Cellular
Key Logging
Software Key Loggers
Hardware Key Loggers
Placing Key Loggers
Retrieving the Data
Not Getting Caught
Spyware
Stealing Personal Information
Stealing Credentials
Modifying Configurations
Installing Spyware
Using Spyware Quietly
Clandestinely Placed Sensors
Audio
Video
Other Electromagnetic Radiation
Summary
Endnotes
Chapter 14 Intelligence
Human Intelligence
Sources of Human Intelligence
Relationship Analysis
Debriefing and Interrogation
Interrogation Techniques
Deception
Good Cop/Bad Cop
Suggestion
Drugs
Torture
Clandestine Human Intelligence
Penetrating Organizations
Clandestine Reporting
Resources
Summary
Endnotes
Chapter 15 Surveillance
Gathering Intelligence
Resumes and Job Postings
Blogs and Social Networks
Credit Reports
Public Records
Location Tracking
GPS Tracking Devices
Other Devices that Provide Location Information
Detecting Surveillance
Technical Surveillance Countermeasures
RF Devices and Wiretapping
Detecting Laser-Listening Devices
Detecting Hidden Cameras
Physical Surveillance
Antisurveillance Devices
RF Jammers
Defeating Laser-Listening Devices
Blinding Cameras
Tempest
Summary
Endnotes
Chapter 16 Sabotage
Logical Sabotage
Malware
Data Manipulation
Physical Sabotage
Network and Communications Infrastructure
Counterfeit Hardware
Access Controls
Sources of Sabotage
Internal
External
Summary
Endnotes
Chapter 17 Hiding and Silent Movement
Attack Location Obfuscation
Protocol-Specific Anonymizers
Filtered Protocol Tunneling
Compromised Hardware
Memory Sticks
Hard Drives
Cell Phones
Network Devices
Log Manipulation
User Log Files
Application Log Files
Summary
Endnotes
Index
Review quotes
Review quotes
"The hacking community is fraught with Eastern military comparisons. Like the ninja, we are continuing to come out of the shadows of our communal origins and grow into respected members of a larger society. As our industry matures, it demands more formal education, strict regulations and an adherence to a code of ethics. Therefore it becomes increasingly difficult to incorporate the culture of the unconventional warrior into our new world. Enter Wilhelm and Andress, who make it safe to show off your fu again. By the end of this book, the security professional is given the philosophical foundation along with a practical framework from which to leverage the way of the ninja. What could be cooler?"—Overall, Ninja Hacking has excellent relevant material and a significant amount of Ninja lore and history. While this book is not a technical reference, it is an excellent choice for someone who has an interest in Ninjas or someone who is looking for inspiration to think differently about penetration testing and security concepts. The mappings for traditional Ninja skills to the skills of today are mostly well-coupled and are always relevant to how the leaders in the field are addressing security today."——Donald C. Donzal, Editor-in-Chief, The Ethical Hacker Network
"When they put "unconventional"in the title, the authors weren't exaggerating. Perhaps the most unusual book written on computer security, this volume centers around detailed descriptions of the ethics, mindset, and tactics used in the Japanese martial arts commonly called ninja. The history of ninja fighting arts and the samurai warriors who practiced them are described in the first chapter. Each subsequent chapter presents specific ninja tactics, including intelligence, use of weapons, surveillance, and sabotage, then applies them to effective computer security management. Both authors are computer security specialists. The book also benefits from a Ninjutsu consultant, Bryan R. Garner, and a technical editor, Joshua Abraham."—SciTechBookNews
"With the good blend of historical techniques and its modern day application there is something in here for everyone."—Hakin9
"Be in no doubt, credibility is high for this book..All in all, while the writing style is light, the content is, for lack of a better term, meaty. This is definitely not recommended as an entry level book, but it is an excellent resource for penetration testers and those thinking of commissioning pen tests on their systems."—Paul Baccas, NakedSecurity.com, Oct. 25, 2011,
Product details
Product details
- Edition: 1
- Latest edition
- Published: November 2, 2010
- Language: English
About the authors
About the authors
TW
Thomas Wilhelm
Thomas Wilhelm has been involved in Information Security since 1990, where he served in the U.S. Army for 8 years as a Signals Intelligence Analyst, Russian Linguist, and a Cryptanalyst. His expertise in the field of Information Security has led him to speak at prominent security conferences across the United States, including DefCon, HOPE, and CSI.
Thomas has contributed significantly to the field of professional penetration testing and information security. In his capacity as both a practice director and a managing director, he has played a pivotal role in executing offensive and defensive security initiatives for Fortune 100 companies and leading research and tool development that has influenced the security industry. Presently, he serves as a managing director at Redstone Securities and possesses master’s degrees in both Computer Science and Management.
His influence also extends to education where he formerly held the position of Associate Professor at Colorado Technical University. Thomas has also written various publications, including magazines and books. Through Pentest.TV, he continues to provide advanced security training and has obtained numerous certifications over the years, including the ISSMP, CISSP, CCNP Security, AWS Cloud Solutions Architect, AWS Cloud Security Specialist, and multiple Solaris certifications as well.
JA