Product Description
The stories about phishing attacks against banks are so true-to-life, it’s chilling.” –Joel Dubin, CISSP, Microsoft MVP in Security Every day, hackers are devising new ways to break into your network. Do you have what it takes to stop them? Find out in Hacker’s Challenge 3. Inside, top-tier security experts offer 20 brand-new, real-world network security incidents to test your computer forensics and response skills. All the latest hot-button top… More >>
Hacker’s Challenge 3: 20 Brand New Forensic Scenarios & Solutions
I bought the entire series of these books to help my organization during Incident Response exercises. As part of our yearly audits we are required to test our procedures and tighten up any loose ends. I felt a great way to test them was with predefined scenarios such as the ones in this book. We had to modify them a little to meet our infrastructure and business model, but that was not too difficult. It was amazing to work through these scenarios as a group and see how each of us would handle the situations differently. Overall it was a very effective way to share ideas and thoughts on how we would handle these situations in the future.
Overall I think the book was an enjoyable and thought provoking read, and can be used for real world situations. Perfect for getting your security team thinking about what might hit them next and how they will handle situations when they arise.
Rating: 4 / 5
The stories were entertaining but they lacked the detail I had been looking for. It would be a great book for non-technical managers to read so they know their techs are not just over-bearing security freaks.
I also feel that several of the investigations were flawed in how they were conducted. It is possible that the book is just being faithful to the ‘real’ story, but it would have been good to see comments on what could have been done better at the end of each one.
If you are looking for a broad picture of the types of attacks you might face and some procedures for what to do during or after an attack the book can be a helpful starting point (wake up call for some).
Rating: 3 / 5
HACKER’S CHALLENGE 3: 20 BRAND-NEW FORENSIC SCENARIOS AND SOLUTIONS comes from too-tier security experts who offer 20 new real-world network security incidents to allow readers to test computer forensics skills and responses. From phishing and internal corporate hacking to wireless and Linux hacks, each challenge includes an in-depth explanation of the incident, how it was detected, and provides technical logs and network maps: everything needed for readers to test their skills at solving the incident. And yes, detailed analysis of successful results appear at the end.
Diane C. Donovan
California Bookwatch
Rating: 5 / 5
I read and reviewed HC1 in Nov 01, and HC2 in Jan 03. Now in Aug 06, I’m happy to be reading Hacker’s Challenge 3 (HC3). Like its predecessors, HC3 is the sort of book that needs to be used when interviewing new hires or promoting technical staff. If the candidate has read the book and knows the answers to the challenges, she at least demonstrates her commitment to learning, as well as an ability to remember what she reads. If she can solve the challenges without having read the book, she shows a higher level of skill. If she has no clue how to respond to the challenges, you can move on to the next candidate.
The 20 challenges cover the following: phishing, DNS cache poisoning, Web app hacking (multiple), anonymous FTP abuse, wireless misconfigurations and abuse, social engineering, disgruntled soon-to-be-ex-employees, malware, password reuse, p2p abuse, router exploitation, XSS, and an iSCSI compromise. The last of these was my favorite because I have not seen this in the field yet. Almost all of the other exploits will seem familiar to anyone performing security consulting.
I believe all of the HC books are wonderful learning and discussion tools for junior security analysts. I would caution them to not accept the “approved solutions” as the proper way to conduct incident response and forensics, however. In 4 or perhaps 5 of the 20 cases, the IR process commenced with direct examination of suspected systems. In other words, admins or security folks jumped right onto possibly compromised hosts and began searching for clues of intrusion.
This is not the proper way to perform IR, yet I saw it demonstrated in Chs 4, 6, 9, and 12. Ch 12, p 119 was especially disappointing — “the obvious place to begin the investigation is the Oracle server.” Wrong — unless you want to contaminate evidence, tip off the intruder, or introduce other problems into the security equation.
One of Anton Chuvakin’s cases demonstrated a better way to approach the IR problem — look for application logs, firewall records, and network traces first. Avoid touching suspected victims until there is no other option, and then do so carefully.
I do not intend to say through my comments that this process was universally ignored in HC3. Several times proper host-based IR procedures are followed, when using forensic live CDs or obtaining hard drive images. However, please keep my comments in mind while reading HC3. Since the book claims to be based on real events, it’s possible the authors are retelling flawed investigations by their customers!
Overall, I definitely recommend reading HC3 if you are new to security or if you need to quiz your newer employees. The book is technically sound (except for a mention of Windows 2002 on p 265) and entertaining. Kudos for the HC3 team for sharing their creative ideas with us.
Rating: 4 / 5
This is a book that can serve two different purposes. For the security expert the book provides 20 real world security issues along with the appropriate logs and challenges them to work out what type of attack is being performed, how it is being performed, and what needs to be done to fix it and prevent it happening again. For those with an interest in security but who are not experts the book provides an entertaining series of tutorials that introduce several types of security breach, what they are, how to detect them, and what to do to stop them or at leasdt mitigate the effects.
The ‘challenges’ that are described in the book cover a range of different methods that have been used to breach the security of various computer networks. Each challenge provides a all of the essential pieces of information that would be available to be examined by security experts dealing with the problem (trimmed of much of the irrelevant logs). Sufficient information is actually provided to enable someone with a sufficient knowledge of security to work out both what type of attack has taken place and how the attack was done. They should then have no trouble in answering the series of questions about the particular attack that appear at the end of each challenge before turning to the solutions section to check their answers.
The challenges also provide excellent tutorials for novice security staff to find out how to extract and interpret information in order to determine what has happened.
I always thought of computer security as a necessary but boring subject but the authors of this book have managed to make it both informative and entertaining. If you are a security specialist looking to take the “hacker’s Challenge” and test how much you know or if you are just someone wanting to learn more about some of the latest security threats then this book will provide you with many hours of interesting reading and investigating.
Rating: 5 / 5