Ninja Hacking book cover

Ninja Hacking

Unconventional Penetration Testing Tactics and Techniques

Ninja Hacking offers insight on how to conduct unorthodox attacks on computing networks, using disguise, espionage, stealth, and concealment. This book blends the ancient practices of Japanese ninjas, the historical Ninjutsu techniques in particular, with the present hacking methodologies. The first two chapters incorporate the historical ninja into the modern hackers. The white-hat hackers are differentiated from the black-hat hackers. The function gaps between them are identified. The next chapters explore strategies and tactics using knowledge acquired from Sun Tzus The Art of War applied to a ninja hacking project. The use of disguise, impersonation, and infiltration in hacking is then discussed. Other chapters cover stealth, entering methods, espionage using concealment devices, covert listening devices, intelligence gathering and interrogation, surveillance, and sabotage. The book concludes by presenting ways to hide the attack locations and activities. This book will be of great value not only to penetration testers and security professionals, but also to network and system administrators.

Audience

Penetration testers; Security consultants; IT security professionals including system / network administrators; hackers

Paperback, 336 Pages

Published: September 2010

Imprint: Syngress

ISBN: 978-1-59749-588-2

Reviews

  • "The hacking community is fraught with Eastern military comparisons. Like the ninja, we are continuing to come out of the shadows of our communal origins and grow into respected members of a larger society. As our industry matures, it demands more formal education, strict regulations and an adherence to a code of ethics. Therefore it becomes increasingly difficult to incorporate the culture of the unconventional warrior into our new world. Enter Wilhelm and Andress, who make it safe to show off your fu again. By the end of this book, the security professional is given the philosophical foundation along with a practical framework from which to leverage the way of the ninja. What could be cooler?"--Overall, Ninja Hacking has excellent relevant material and a significant amount of Ninja lore and history. While this book is not a technical reference, it is an excellent choice for someone who has an interest in Ninjas or someone who is looking for inspiration to think differently about penetration testing and security concepts. The mappings for traditional Ninja skills to the skills of today are mostly well-coupled and are always relevant to how the leaders in the field are addressing security today."----Donald C. Donzal, Editor-in-Chief, The Ethical Hacker Network

    "When they put "unconventional" in the title, the authors weren't exaggerating. Perhaps the most unusual book written on computer security, this volume centers around detailed descriptions of the ethics, mindset, and tactics used in the Japanese martial arts commonly called ninja. The history of ninja fighting arts and the samurai warriors who practiced them are described in the first chapter. Each subsequent chapter presents specific ninja tactics, including intelligence, use of weapons, surveillance, and sabotage, then applies them to effective computer security management. Both authors are computer security specialists. The book also benefits from a Ninjutsu consultant, Bryan R. Garner, and a technical editor, Joshua Abraham."--SciTechBookNews

    "With the good blend of historical techniques and its modern day application there is something in here for everyone."--Hakin9

    "Be in no doubt, credibility is high for this book..All in all, while the writing style is light, the content is, for lack of a better term, meaty. This is definitely not recommended as an entry level book, but it is an excellent resource for penetration testers and those thinking of commissioning pen tests on their systems."--Paul Baccas, NakedSecurity.com, Oct. 25, 2011,


Contents


  • About the Authors

    About the Ninjutsu Consultant

    About the Technical Editor

    Introduction

    Chapter 1 The Historical Ninja

        The Historical Samurai

             Bushido

             Samurai Weapons

        The Historical Ninja

             Origins of the Ninja

             Stories of Ninja

             Ninja Code of Ethics

             Ninja Weapons

        Samurai Versus Ninja

             Ethical Differences

             Battlefield Use

             Weapons

        Summary

        Endnotes

    Chapter 2 The Modern Ninja

        Modern-Day Ninjutsu

        White Hats versus Black Hats

             Black Hat Hackers

             White Hat Hackers

             Ninja Hackers - or Zukin

        Ethics of a Modern-Day Ninja

             Modern Ninja Ethics - Family

             Modern Ninja Ethics - Community

             Modern Ninja Ethics - Homeland

             Modern Ninja Ethics - Appropriateness

        Summary

        Endnotes

    Chapter 3 Strategies and Tactics

        The Art of War - Breaking the Rules

        Laying Plans

             Five Constant Factors

             Warfare Is Based on Deception

        Waging War

             No Cleverness in Long Delays

             Rousing Anger

             Victory - Not Lengthy Campaigns

        Maneuvering

             Practice Dissimulation

             Strike Fast - Strike Wisely

             Studying Moods

        The Use of Spies

             Five Classes of Spies

             Rewards for Spying

        Preconceived Notions

             Psychological Warfare

             Manipulating the Enemy’s Perception

        Summary

        Endnotes

        Acknowledgment

    Chapter 4 Exploitation of Current Events

        Playing on People’s Fears and Curiosity

             E-mail Attacks

             Search Engines

        Exploiting Patch Windows and Processes

             Patch Windows

             Patch Processes

        Summary

        Endnotes

    Chapter 5 Disguise

        Hensōjutsu (Disguise)

             Impersonating People

        The Modern “Seven Ways of Going”

              mployees

             Badges and Uniforms

             Vendors

        Virtual Disguises

             Anonymous Relays

        Summary

        Endnotes

    Chapter 6 Impersonation

        Pretexting

             Scholastic

             Business

             Rural

             Religious

             Public Figures

             Labor

             Uniformed

        Phishing

             The Sender

             The E-mail

             The Web Site

             Fraudulent Certificates

        Summary

        Endnotes

    Chapter 7 Infiltration

        Lock Picking and Safe Cracking

             Avoiding the Lock

             Subverting Locks without Leaving Evidence

             Opening Safes

             Compromising Proximity Card Systems

             Defeating Biometric Systems

        Alarm System Evasion

             Creating False Positives

             Alarm Sensors

        Trusted Networks

             Employee or Contractor Home Networks

             Vendor or Partner Networks

             Nonstandard Internal Networks

             Legacy Networks

        Summary

        Endnotes

    Chapter 8 Use of Timing to Enter an Area

        Tailgating

             Physical Tailgating

             Network and System Tailgating

        Intrusion Detection System Avoidance

             Physical Intrusion Detection Systems

             Logical Intrusion Detection Systems

             Administrative IDS

             Out-of-Band Attacks

             Honeypots

        Summary

        Endnotes

    Chapter 9 Discovering Weak Points in Area Defenses

        Traffic Patterns

             Physical Traffic

             Logical Traffic

        Gates, Guns, and Guards

             Gates

             Guns

             Guards

        Information Diving

             Physical Information Diving

             Logical Information Diving

        Summary

        Endnotes

    Chapter 10 Psychological Weaknesses

        Baiting

             The Modern Trojan Horse

             The Con

        Social Engineering

             The Five Elements

             The Five Weaknesses

             The Five Needs

             Social Engineering and the Kunoichi

        Summary

        Endnotes

    Chapter 11 Distraction

        Use of Big Events

             Holidays

             Sporting Events

             Company Events

             Environmental Events

        Shill Web Sites

             Spurious Company Data

             Social Networking

             False Search Engine Results

        Multipronged Attacks

             Distractors

             Attacking on Multiple Fronts

             Attack Timing

        Summary

        Endnotes

    Chapter 12 Concealment Devices

        Mobile Devices

             Detection Methods

             Mobile Device Trends

        Data Smuggling

             Encryption

             Concealment

        Summary

        Endnotes

    Chapter 13 Covert Listening Devices

        Radio Frequency Scanners

             Bluetooth

             Cellular

        Key Logging

             Software Key Loggers

             Hardware Key Loggers

             Placing Key Loggers

             Retrieving the Data

             Not Getting Caught

        Spyware

             Stealing Personal Information

             Stealing Credentials

             Modifying Configurations

             Installing Spyware

             Using Spyware Quietly

        Clandestinely Placed Sensors

             Audio

             Video

             Other Electromagnetic Radiation

        Summary

        Endnotes

    Chapter 14 Intelligence

        Human Intelligence

             Sources of Human Intelligence

             Relationship Analysis

             Debriefing and Interrogation

        Interrogation Techniques

             Deception

             Good Cop/Bad Cop

             Suggestion

             Drugs

             Torture

        Clandestine Human Intelligence

             Penetrating Organizations

             Clandestine Reporting

             Resources

        Summary

        Endnotes

    Chapter 15 Surveillance

        Gathering Intelligence

             Resumes and Job Postings

             Blogs and Social Networks

             Credit Reports

             Public Records

        Location Tracking

             GPS Tracking Devices

             Other Devices that Provide Location Information

        Detecting Surveillance

             Technical Surveillance Countermeasures

             RF Devices and Wiretapping

             Detecting Laser-Listening Devices

             Detecting Hidden Cameras

             Physical Surveillance

        Antisurveillance Devices

             RF Jammers

             Defeating Laser-Listening Devices

             Blinding Cameras

             Tempest

        Summary

        Endnotes

    Chapter 16 Sabotage

        Logical Sabotage

             Malware

             Data Manipulation

        Physical Sabotage

             Network and Communications Infrastructure

             Counterfeit Hardware

             Access Controls

        Sources of Sabotage

             Internal

             External

        Summary

        Endnotes

    Chapter 17 Hiding and Silent Movement

        Attack Location Obfuscation

             Protocol-Specific Anonymizers

             Filtered Protocol Tunneling

        Compromised Hardware

             Memory Sticks

             Hard Drives

             Cell Phones

             Network Devices

        Log Manipulation

             User Log Files

             Application Log Files

        Summary

        Endnotes

    Index




Advertisement

advert image