Ninja Hacking offers insight on how to conduct unorthodox attacks on computing networks, using disguise, espionage, stealth, and concealment. This book blends the ancient practices of Japanese ninjas, the historical Ninjutsu techniques in particular, with the present hacking methodologies. The first two chapters incorporate the historical ninja into the modern hackers. The white-hat hackers are differentiated from the black-hat hackers. The function gaps between them are identified. The next chapters explore strategies and tactics using knowledge acquired from Sun Tzus The Art of War applied to a ninja hacking project. The use of disguise, impersonation, and infiltration in hacking is then discussed. Other chapters cover stealth, entering methods, espionage using concealment devices, covert listening devices, intelligence gathering and interrogation, surveillance, and sabotage. The book concludes by presenting ways to hide the attack locations and activities. This book will be of great value not only to penetration testers and security professionals, but also to network and system administrators.
- Discusses techniques used by malicious attackers in real-world situations
- Details unorthodox penetration testing techniques by getting inside the mind of a ninja
- Expands upon current penetration testing methodologies including new tactics for hardware and physical attacks
Penetration testers; Security consultants; IT security professionals including system / network administrators; hackers
About the Authors About the Ninjutsu Consultant About the Technical Editor Introduction Chapter 1 The Historical Ninja The Historical Samurai Bushido Samurai Weapons The Historical Ninja Origins of the Ninja Stories of Ninja Ninja Code of Ethics Ninja Weapons Samurai Versus Ninja Ethical Differences Battlefield Use Weapons Summary Endnotes Chapter 2 The Modern Ninja Modern-Day Ninjutsu White Hats versus Black Hats Black Hat Hackers White Hat Hackers Ninja Hackers – or Zukin Ethics of a Modern-Day Ninja Modern Ninja Ethics – Family Modern Ninja Ethics – Community Modern Ninja Ethics – Homeland Modern Ninja Ethics – Appropriateness Summary Endnotes Chapter 3 Strategies and Tactics The Art of War – Breaking the Rules Laying Plans Five Constant Factors Warfare Is Based on Deception Waging War No Cleverness in Long Delays Rousing Anger Victory – Not Lengthy Campaigns Maneuvering Practice Dissimulation Strike Fast – Strike Wisely Studying Moods The Use of Spies Five Classes of Spies Rewards for Spying Preconceived Notions Psychological Warfare Manipulating the Enemy’s Perception Summary Endnotes Acknowledgment Chapter 4 Exploitation of Current Events Playing on People’s Fears and Curiosity E-mail Attacks Search Engines Exploiting Patch Windows and Processes Patch Windows Patch Processes Summary Endnotes Chapter 5 Disguise Hensōjutsu (Disguise) Impersonating People The Modern “Seven Ways of Going” mployees Badges and Uniforms Vendors Virtual Disguises Anonymous Relays
- No. of pages:
- © Syngress 2010
- 23rd September 2010
- eBook ISBN:
- Paperback ISBN:
Thomas Wilhelm has been involved in Information Security since 1990, where he served in the U.S. Army for 8 years as a Signals Intelligence Analyst / Russian Linguist / Cryptanalyst. A speaker at security conferences across the United States, including DefCon, HOPE, and CSI, he has been employed by Fortune 100 companies to conduct risk assessments, participate and lead in external and internal penetration testing efforts, and manage Information Systems Security projects.Thomas is also an Information Technology Doctoral student who holds Masters degrees in both Computer Science and Management. Additionally, he dedicates some of his time as an Associate Professor at Colorado Technical University and has contributed to multiple publications, including both magazines and books. Thomas currently performs security training courses for both civilian and government personnel through Heorot.net, and maintains the following security certifications: ISSMP, CISSP, SCSECA, and SCNA.
ISSMP, CISSP, SCSECA, and SCNA, Associate Professor at Colorado Technical University
Jason Andress (CISSP, ISSAP, CISM, GPEN) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.
CISSP, ISSAP, CISM, GPEN
"The hacking community is fraught with Eastern military comparisons. Like the ninja, we are continuing to come out of the shadows of our communal origins and grow into respected members of a larger society. As our industry matures, it demands more formal education, strict regulations and an adherence to a code of ethics. Therefore it becomes increasingly difficult to incorporate the culture of the unconventional warrior into our new world. Enter Wilhelm and Andress, who make it safe to show off your fu again. By the end of this book, the security professional is given the philosophical foundation along with a practical framework from which to leverage the way of the ninja. What could be cooler?"--Overall, Ninja Hacking has excellent relevant material and a significant amount of Ninja lore and history. While this book is not a technical reference, it is an excellent choice for someone who has an interest in Ninjas or someone who is looking for inspiration to think differently about penetration testing and security concepts. The mappings for traditional Ninja skills to the skills of today are mostly well-coupled and are always relevant to how the leaders in the field are addressing security today."----Donald C. Donzal, Editor-in-Chief, The Ethical Hacker Network
"When they put "unconventional" in the title, the authors weren't exaggerating. Perhaps the most unusual book written on computer security, this volume centers around detailed descriptions of the ethics, mindset, and tactics used in the Japanese martial arts commonly called ninja. The history of ninja fighting arts and the samurai warriors who practiced them are described in the first chapter. Each subsequent chapter presents specific ninja tactics, including intelligence, use of weapons, surveillance, and sabotage, then applies them to effective computer security management. Both authors are computer security specialists. The book also benefits from a Ninjutsu consultant, Bryan R. Garner, and a tec