Ninja Hacking - 1st Edition - ISBN: 9781597495882, 9781597495899

Ninja Hacking

1st Edition

Unconventional Penetration Testing Tactics and Techniques

Authors: Thomas Wilhelm Jason Andress
eBook ISBN: 9781597495899
Paperback ISBN: 9781597495882
Imprint: Syngress
Published Date: 23rd September 2010
Page Count: 336
Tax/VAT will be calculated at check-out
15% off
15% off
15% off
49.95
42.46
30.99
26.34
38.95
33.11
Unavailable
File Compatibility per Device

PDF, EPUB, VSB (Vital Source):
PC, Apple Mac, iPhone, iPad, Android mobile devices.

Mobi:
Amazon Kindle eReader.

Institutional Access


Description

Ninja Hacking offers insight on how to conduct unorthodox attacks on computing networks, using disguise, espionage, stealth, and concealment. This book blends the ancient practices of Japanese ninjas, in particular the historical Ninjutsu techniques, with the present hacking methodologies. It looks at the methods used by malicious attackers in real-world situations and details unorthodox penetration testing techniques by getting inside the mind of a ninja. It also expands upon current penetration testing methodologies including new tactics for hardware and physical attacks.

This book is organized into 17 chapters. The first two chapters incorporate the historical ninja into the modern hackers. The white-hat hackers are differentiated from the black-hat hackers. The function gaps between them are identified. The next chapters explore strategies and tactics using knowledge acquired from Sun Tzu's The Art of War applied to a ninja hacking project. The use of disguise, impersonation, and infiltration in hacking is then discussed. Other chapters cover stealth, entering methods, espionage using concealment devices, covert listening devices, intelligence gathering and interrogation, surveillance, and sabotage. The book concludes by presenting ways to hide the attack locations and activities.

This book will be of great value not only to penetration testers and security professionals, but also to network and system administrators as well as hackers.

Key Features

  • Discusses techniques used by malicious attackers in real-world situations
  • Details unorthodox penetration testing techniques by getting inside the mind of a ninja
  • Expands upon current penetration testing methodologies including new tactics for hardware and physical attacks

Readership

Penetration testers; Security consultants; IT security professionals including system / network administrators; hackers

Table of Contents


About the Authors

About the Ninjutsu Consultant

About the Technical Editor

Introduction

Chapter 1 The Historical Ninja

The Historical Samurai

Bushido

Samurai Weapons

The Historical Ninja

Origins of the Ninja

Stories of Ninja

Ninja Code of Ethics

Ninja Weapons

Samurai Versus Ninja

Ethical Differences

Battlefield Use

Weapons

Summary

Endnotes

Chapter 2 The Modern Ninja

Modern-Day Ninjutsu

White Hats versus Black Hats

Black Hat Hackers

White Hat Hackers

Ninja Hackers – or Zukin

Ethics of a Modern-Day Ninja

Modern Ninja Ethics – Family

Modern Ninja Ethics – Community

Modern Ninja Ethics – Homeland

Modern Ninja Ethics – Appropriateness

Summary

Endnotes

Chapter 3 Strategies and Tactics

The Art of War – Breaking the Rules

Laying Plans

Five Constant Factors

Warfare Is Based on Deception

Waging War

No Cleverness in Long Delays

Rousing Anger

Victory – Not Lengthy Campaigns

Maneuvering

Practice Dissimulation

Strike Fast – Strike Wisely

Studying Moods

The Use of Spies

Five Classes of Spies

Rewards for Spying

Preconceived Notions

Psychological Warfare

Manipulating the Enemy’s Perception

Summary

Endnotes

Acknowledgment

Chapter 4 Exploitation of Current Events

Playing on People’s Fears and Curiosity

E-mail Attacks

Search Engines

Exploiting Patch Windows and Processes

Patch Windows

Patch Processes

Summary

Endnotes

Chapter 5 Disguise

Hensōjutsu (Disguise)

Impersonating People

The Modern “Seven Ways of Going”

mployees

Badges and Uniforms

Vendors

Virtual Disguises

Anonymous Relays

Summary

Endnotes

Chapter 6 Impersonation

Pretexting

Scholastic

Business

Rural

Religious

Public Figures

Labor

Uniformed

Phishing

The Sender

The E-mail

The Web Site

Fraudulent Certificates

Summary

Endnotes

Chapter 7 Infiltration

Lock Picking and Safe Cracking

Avoiding the Lock

Subverting Locks without Leaving Evidence

Opening Safes

Compromising Proximity Card Systems

Defeating Biometric Systems

Alarm System Evasion

Creating False Positives

Alarm Sensors

Trusted Networks

Employee or Contractor Home Networks

Vendor or Partner Networks

Nonstandard Internal Networks

Legacy Networks

Summary

Endnotes

Chapter 8 Use of Timing to Enter an Area

Tailgating

Physical Tailgating

Network and System Tailgating

Intrusion Detection System Avoidance

Physical Intrusion Detection Systems

Logical Intrusion Detection Systems

Administrative IDS

Out-of-Band Attacks

Honeypots

Summary

Endnotes

Chapter 9 Discovering Weak Points in Area Defenses

Traffic Patterns

Physical Traffic

Logical Traffic

Gates, Guns, and Guards

Gates

Guns

Guards

Information Diving

Physical Information Diving

Logical Information Diving

Summary

Endnotes

Chapter 10 Psychological Weaknesses

Baiting

The Modern Trojan Horse

The Con

Social Engineering

The Five Elements

The Five Weaknesses

The Five Needs

Social Engineering and the Kunoichi

Summary

Endnotes

Chapter 11 Distraction

Use of Big Events

Holidays

Sporting Events

Company Events

Environmental Events

Shill Web Sites

Spurious Company Data

Social Networking

False Search Engine Results

Multipronged Attacks

Distractors

Attacking on Multiple Fronts

Attack Timing

Summary

Endnotes

Chapter 12 Concealment Devices

Mobile Devices

Detection Methods

Mobile Device Trends

Data Smuggling

Encryption

Concealment

Summary

Endnotes

Chapter 13 Covert Listening Devices

Radio Frequency Scanners

Bluetooth

Cellular

Key Logging

Software Key Loggers

Hardware Key Loggers

Placing Key Loggers

Retrieving the Data

Not Getting Caught

Spyware

Stealing Personal Information

Stealing Credentials

Modifying Configurations

Installing Spyware

Using Spyware Quietly

Clandestinely Placed Sensors

Audio

Video

Other Electromagnetic Radiation

Summary

Endnotes

Chapter 14 Intelligence

Human Intelligence

Sources of Human Intelligence

Relationship Analysis

Debriefing and Interrogation

Interrogation Techniques

Deception

Good Cop/Bad Cop

Suggestion

Drugs

Torture

Clandestine Human Intelligence

Penetrating Organizations

Clandestine Reporting

Resources

Summary

Endnotes

Chapter 15 Surveillance

Gathering Intelligence

Resumes and Job Postings

Blogs and Social Networks

Credit Reports

Public Records

Location Tracking

GPS Tracking Devices

Other Devices that Provide Location Information

Detecting Surveillance

Technical Surveillance Countermeasures

RF Devices and Wiretapping

Detecting Laser-Listening Devices

Detecting Hidden Cameras

Physical Surveillance

Antisurveillance Devices

RF Jammers

Defeating Laser-Listening Devices

Blinding Cameras

Tempest

Summary

Endnotes

Chapter 16 Sabotage

Logical Sabotage

Malware

Data Manipulation

Physical Sabotage

Network and Communications Infrastructure

Counterfeit Hardware

Access Controls

Sources of Sabotage

Internal

External

Summary

Endnotes

Chapter 17 Hiding and Silent Movement

Attack Location Obfuscation

Protocol-Specific Anonymizers

Filtered Protocol Tunneling

Compromised Hardware

Memory Sticks

Hard Drives

Cell Phones

Network Devices

Log Manipulation

User Log Files

Application Log Files

Summary

Endnotes

Index




Details

No. of pages:
336
Language:
English
Copyright:
© Syngress 2010
Published:
Imprint:
Syngress
eBook ISBN:
9781597495899
Paperback ISBN:
9781597495882

About the Author

Thomas Wilhelm

Thomas Wilhelm has been involved in Information Security since 1990, where he served in the U.S. Army for 8 years as a Signals Intelligence Analyst / Russian Linguist / Cryptanalyst. A speaker at security conferences across the United States, including DefCon, HOPE, and CSI, he has been employed by Fortune 100 companies to conduct risk assessments, participate and lead in external and internal penetration testing efforts, and manage Information Systems Security projects.Thomas is also an Information Technology Doctoral student who holds Masters degrees in both Computer Science and Management. Additionally, he dedicates some of his time as an Associate Professor at Colorado Technical University and has contributed to multiple publications, including both magazines and books. Thomas currently performs security training courses for both civilian and government personnel through Heorot.net, and maintains the following security certifications: ISSMP, CISSP, SCSECA, and SCNA.

Affiliations and Expertise

ISSMP, CISSP, SCSECA, and SCNA, Associate Professor at Colorado Technical University

Jason Andress

Jason Andress (CISSP, ISSAP, CISM, GPEN) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.

Affiliations and Expertise

CISSP, ISSAP, CISM, GPEN

Reviews

"The hacking community is fraught with Eastern military comparisons. Like the ninja, we are continuing to come out of the shadows of our communal origins and grow into respected members of a larger society. As our industry matures, it demands more formal education, strict regulations and an adherence to a code of ethics. Therefore it becomes increasingly difficult to incorporate the culture of the unconventional warrior into our new world. Enter Wilhelm and Andress, who make it safe to show off your fu again. By the end of this book, the security professional is given the philosophical foundation along with a practical framework from which to leverage the way of the ninja. What could be cooler?"--Overall, Ninja Hacking has excellent relevant material and a significant amount of Ninja lore and history. While this book is not a technical reference, it is an excellent choice for someone who has an interest in Ninjas or someone who is looking for inspiration to think differently about penetration testing and security concepts. The mappings for traditional Ninja skills to the skills of today are mostly well-coupled and are always relevant to how the leaders in the field are addressing security today."----Donald C. Donzal, Editor-in-Chief, The Ethical Hacker Network

"When they put "unconventional" in the title, the authors weren't exaggerating. Perhaps the most unusual book written on computer security, this volume centers around detailed descriptions of the ethics, mindset, and tactics used in the Japanese martial arts commonly called ninja. The history of ninja fighting arts and the samurai warriors who practiced them are described in the first chapter. Each subsequent chapter presents specific ninja tactics, including intelligence, use of weapons, surveillance, and sabotage, then applies them to effective computer security management. Both authors are computer security specialists. The book also benefits from a Ninjutsu consultant, Bryan R. Garner, and a technical editor, Joshua Abraham."--SciTechBookNews

"With the good blend of historical techniques and its modern day application there is something in here for everyone."--Hakin9

"Be in no doubt, credibility is high for this book..All in all, while the writing style is light, the content is, for lack of a better term, meaty. This is definitely not recommended as an entry level book, but it is an excellent resource for penetration testers and those thinking of commissioning pen tests on their systems."--Paul Baccas, NakedSecurity.com, Oct. 25, 2011,