May 05, 2010, 11:29 AM — Hacking: The Next Generation
Nitesh Dhanjani, Billy Rios and Brett Hardin
August 2009, O'Reilly
The art of hacking has changed dramatically with advancement in technology and the changing motivations of those who hack.
Script kiddies still exist, but have been largely bumped as the threats we need to worry about by more stealthy professionals and throngs of more motivated hackers working for the likes of antagonistic governments and organized crime.
Along with these changes come changes in the tools and methods that hackers use. Today's more motivated hackers are like bull dogs that identify their targets and then sink their teeth into your flesh. They don't let go until they get what they want. They are resourceful and not limited to a single tool or script when they size up their targets, plan for attack and cover their tracks.
"Hacking: The Next Generation" is a book which quickly moves beyond the basics of why hacking works to modern tools and methods. Its three authors, each a recognized security expert in his own right, have joined together to write a book which is both jammed with practical insights and delightfully readable.
Hacking takes the reader through realistic intelligence gathering, explains how the hacker is able to access resources as an insider, details the process of exploiting the unpatched (including such delights as hijacking sessions, ARP poisoning and DNS cache snooping).
Hacking explains how "blended threats" (taking advantage of combinations of inherent vulnerabilities) work and makes it all real with details and real life examples. It addresses cloud insecurities and attack methods such as poisoning virtual machines, attacks against management consoles and cloud phishing. It also describes the kinds of attacks that can be perpetrated against mobile devices.
Hacking uncovers the phishing underground, including how they make headway into their targets. It goes into considerable detail on current methods of social engineering, including how hackers identify and target executives. It ends with some thought provoking case studies.
The topics are timely. The book is readable and compelling. It grabs the reader's attention and then quickly moving from intelligence gathering to advanced methods and techniques. It covers a lot of ground in its less than 300 pages and is a book that even your manager is likely to understand. An excellent security text for these difficult times. Highly recommended.