.

Offensive security scenarios?

<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue Mar 18, 2008 12:50 pm

Offensive security scenarios?

All,

I may have been dreaming as I have been unable to find any proof after the fact, but in case I'm not crazy (not likely according to the missus ;) ) I have a question to ask.

I once read a sample chapter for an IT security book online, possibly EH-net but I can't find it. The book detailed 'offensive' security practices (not the training company) were admins could use configurations and tricks to thwart intrusion attempts, such as bogus DNS entries such as 'rm -r /' to kill an attackers machine parsing zone files. The book dealt with fictional scenarios going through each from both an attacking and defensive viewpoint.

Whilst I have no idea how technically good, correct or advisable the book is as I only managed to read a few pages, it was an interesting read and I would quite like to get my hands an a hardcopy.

I know this isn't technically a book 'review' but I couldn't think of a better forum for my plea for help. If anyone can help me out with the title I'm looking for I'd greatly appreciate it.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Mar 18, 2008 1:19 pm

Re: Offensive security scenarios?

My best guess is you're looking for this... Aggressive Network Self-Defense

edit: I've looked at this book before (briefly) and so that's what came to mind right after reading your post. Here's the description:

Over the past year there has been a shift within the computer security world away from passive, reactive defense towards more aggressive, proactive countermeasures. Although such tactics are extremely controversial, many security professionals are reaching into the dark side of their tool box to identify, target, and suppress their adversaries. This book will provide a detailed analysis of the most timely and dangerous attack vectors targeted at operating systems, applications, and critical infrastructure and the cutting-edge counter-measures used to nullify the actions of an attacking, criminal hacker.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue Mar 18, 2008 2:07 pm

Re: Offensive security scenarios?

BillV,

looks exactly like what I was looking for, thanks man. ;D
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Tue Mar 18, 2008 2:09 pm

Re: Offensive security scenarios?

If you buy it, let me know if it worth getting. The preview looks good!
Put that in your pipe and grep it!
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Mar 18, 2008 2:16 pm

Re: Offensive security scenarios?

No problem.

Also, here's a thread I started a while back about that book.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue Mar 18, 2008 2:29 pm

Re: Offensive security scenarios?

eth3real wrote:If you buy it, let me know if it worth getting. The preview looks good!


Just got it on order through Amazon, should have it in around a week. I'll keep you posted.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue Mar 18, 2008 2:36 pm

Re: Offensive security scenarios?

Thanks to BillV know now what I was looking for,

quick Google and I've found the sample chapter that whet my appetite in the first place. Enjoy people ;D
http://johnny.ihackstuff.com/downloads/ ... d=/gid,36/
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Mar 18, 2008 3:22 pm

Re: Offensive security scenarios?

That's the same place that sparked my first post about this book too :)
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sun Apr 06, 2008 8:14 am

Re: Offensive security scenarios?

Just finished this book , so as promised here is my mini review.

The subject of the book revolves around the concept of a 'strike back' or 'hack-back', regardless of the term used it is primarily about aggressively protecting your network and/or devices. The idea was proposed in a paper by Timothy Mullen, and whilst the original article is included in the book it is towards the end (Chapter 10). Personally I feel the book could have been more coherent if this were moved to the start of the book, possibly as an introduction.

The first part of the book has 8 fictional scenarios in which you see both the initial attacks and the strike back attempts. Each chapter deals with a different subject matter and in places delves quite deeply into the technical processes involved. For example, chapter one deals with trojan software written for PDAs, and describes both Windows Mobile forensics and assembly code analysis/modification. Another of the chapters is the sample chapter posted above.

Due to the bredth of scenarios covered I am not an expert in all of the subject matter covered in the book, but in the areas where I felt most comfortable I had no issue with the technical information provided. Begrudgingly I'll admit that on more than a few occasions I though, 'oooh, wish I'd thought of that'. Unfortunately, this was often quickly followed by 'maybe that's not something I want to do after all'.

One aspect of the material that could have been covered better is the legal and ethical implications of adopting the strategies covered by the book. This isn't surprising given the topic in question and is probably a wise move by the authors and publishes to skip over this aspect. From my perspective I won't be keen to try any of examples in a live network, if anyone feels braver than me I would be interested to know your results.

If you are new to the field of computer security then this probably isn't the best option if you're on a budget. However it does give a fairly good impression of 'live' security events and in places could easily be anecdotes of seasoned veterans. Overall I'm glad I have taken the time to read this book, whilst it may not have any immediate impact to my working practices iit has opened my eyes potential dangers that I was unaware of, and managed to do it in a readable and entertaining manner.

If you've got the spare time and finances then I'd recommend this as an entertaining and informative resource.

Return to Book Reviews

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software