HACKING EXPOSED: 4th Edition
Results 1 to 9 of 9

Thread: HACKING EXPOSED: 4th Edition

  1. #1
    Senior Member
    Join Date
    Apr 2003
    Posts
    125

    HACKING EXPOSED: 4th Edition

    HACKING EXPOSED: 4th Edition Network Security Secrets & Solutions
    is here AO's. I spent a pretty penny on this 737 page book.
    (DVD included) When I cracked it open I put my nose in between the pages, ahhhhhhh, smells like old library. Any ways, you guys have answered alot of my newbie questions so I feel compeled to give something in return. Heres a brief look at Chap. 1 Enjoy!

    Chapter 1: FOOTPRINTING

    WHAT IS FOOTPRINTING?

    The systematic footprinting of an organization enables attackers to create a complete profile of an organization's security posture. By using a combination of tools and techniques, attackers can take an unkown quantity(Widget Company's Internet connection) and reduce it to a specific range of domain names, network blocks, and individual IP addresses of systems directly connected to the Internet. Although although there are many types of footprinting techniques, they are primarily aimed at discovering information related to the following invironments:Internet,intranet, remote access, and extranet. Table 1-1 depicts these enviroments and the critical information an attacker will try to identify.


    Internet
    Domain name
    Network blocks
    Specific IP addresses of systems reachable via the Internet
    TCP and UDP services running on each system identified
    System arichitecture
    Access control mechanisms and related access control list
    Intrusion-detection systems (IDSs)
    System enumeration (user and group names, routing tables, etc.)
    Intranet
    Networking protocols in use (IP, IPX, DecNet, etc.)
    Internal Domain name
    Network blocks
    Specific IP addresses of systems reachable via the Intranet
    TCP and UDP services running on each system identified
    System arichitecture
    Access control mechanisms and related access control list
    Intrusion-detection systems (IDSs)
    System enumeration (user and group names, routing tables, etc.)

    Remote
    access Analog/digital telephone numbers
    Remote system type
    Authentication mechanisms


    Footprinting is necessary to systematically and methodically ensure that all pieces of information related to the aforementioned technologies are identified. Without a sound methodolgy for performing this type of reconnaissance, you are likely to miss key pieces of information related to a specific technology or organization. Footprinting is often the most ardous task of trying to determine the security posture of an entity.

    Step 1: Determine the Scope of Your Activities

    The first item to address is to determine the scope of your footprinting activities. Are you going to footprint an entire organization, or are you going to limit your activites to certain locations.
    As a starting point, persue the target organizations web page if it has one. Many times an organizations web page provides a ridiculous amount of info that can aid attackers. We have actually seen organizations list security configuration options for their firewall system directly on their web server. Other items of interest include:
    Related companies or entities
    Merger news
    Phone numbers
    Contact names and e-mail addresses

    In addition, try reviewing the HTML soiurce code for comments. Many items not listed for public consumption are buried in HTML comment tags, such as < , !, and -. Viewing the source code offline may be faster than viewing it online, so it is often beneficial to mirror the entire site for offline viewing. Having a copy of the site locally may allow you to programmatically search for comments or other items of interest, thus making your footprinting activities more efficient. UNIX and Teleport Pro (http://www.tenmax.com/teleport/pro/home.htm)

    EDGAR Search

    For targets that are publicly traded companies, you can consult the Securities and Exchange Commission EDGAR databse at www.sec.gov.
    One of the biggest problems organizations have is managing their Internet connections, especially when they are actively acquiring or merging with other entities. Therefore, it is important to focus on newly acquired entities. Two of the best SEC publications to review are the 10-Q and 10-K. The 10-Q is a quick snapshot of what the org has done over the last quarter. 10-K is a yearly update of what the company has done. Often orgs will scramble to connect the acquired entities to their corporate network with little regard to security. With EDGAR search, keep in mind that you are looking for entity names tht are different from the parent company.

    Countermeasure: Public Database Security

    Much of the information discussed earlier must be made publicly available, this is especially true for publicily traded companies. The Site Security Handbook (RFC 2196) can be found at http://www.faqs.org/rfcs/rfc2196.html and is a wonderful resource for many policy-related issues.



    Chapter 2 Scanning
    Chapter 3 Enumeration
    Chapter 4 Hacking Windows X
    Chapter 5 Windows NT
    Chapter 6 Novell Netware Hacking
    Chapter 7 Hacking UNIX
    Chapter 8 Dial up, PBX, Voicemail, and VPN Hacking
    Chapter 9 Network Devices\
    Chapter 10 Wireless Hacking
    Chapter 11 Firewalls
    Chapter 12 Denial of Sevice (DoS)
    Chapter 13 Remote control Insecurites
    Chapter 14 Advanced Tech
    Chapter 15 Web Hacking
    Chapter 16 Hacking the Internet User

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    well ... if nobody else is gonna reply to this very good post then i am ..

    tahnk for the knoledge .. appriciate it

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    I actually spoke to the fellas from Foundstone last week at a show in D.C.

    All 4 additions are laid out the same way. The 4th addition adds Wifi hacks and some heavier concentration on web hacking. Is it worth the price? Well, even though much of the info is rehashed, I'd still say that it is. I like to keep current NFO close at hand.

    --my two cents--
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    There are also little addendum books they released that probably cover the same type of material. For example, the Hacking Web Applications Exposed, quite the good read...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    I just posted a review of the book on my site a couple of days ago.

    George Kurtz and Stuart McClure are going to be joining me on my site for a chat session on Thursday, June 12 from 8pm to 10pm eastern time.

    If any of you want to know more about these guys or have any questions related to their books or information security feel free to join the chat that night.

    Here is a link to the chat site: About.com Internet / Network Security Chat Session

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    PS, you can get this book for 20 bucks on half.com
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    Junior Member
    Join Date
    Sep 2002
    Posts
    12
    There is also a "Hacking Linux Exposed" book. I think it's a must read as well if you have anything to do with a net-facing Linux box....

  8. #8
    Doc d00dz Attackin's Avatar
    Join Date
    Mar 2003
    Location
    Florida
    Posts
    661
    This looks like a very good book (and I know it is), am over here going to the book store and buying books that are around 30 to 80 dollars and I can get them for half wow thanks a lot thehorse13. I think I will order HACKING EXPOSED: 4th from there and some another books that are on my wish list . OOO an idea, After ordering an army of books I can sit in front of my local book store and sell them for 20 dollars less.... Hehehehe I have the best idea's ROFL!!!!!!!!

    Cya --d00dz AtTackin--
    First you listen, then you do, finally you teach.
    Duck Hunting Chat
    VirtualConvenience
    RROD

  9. #9
    Banned
    Join Date
    Mar 2002
    Posts
    594
    I'ver tried very hard to get through one of the books in the series and haven't been able to. I've gotten through a good 3/4's of the Windows 2000 book but frankly some of the stuff just confuses while the other stuff just bores me. The only way I could imagine using this book is for a reference in a report but otherwise I truly can't say anything good about it.

    - Cheers, jaguar291

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •