Ninja Hacking
Unconventional Penetration Testing Tactics and Techniques
- 1st Edition - September 23, 2010
- Imprint: Syngress
- Authors: Thomas Wilhelm, Jason Andress
- Language: English
- Paperback ISBN:9 7 8 - 1 - 5 9 7 4 9 - 5 8 8 - 2
- eBook ISBN:9 7 8 - 1 - 5 9 7 4 9 - 5 8 9 - 9
Ninja Hacking offers insight on how to conduct unorthodox attacks on computing networks, using disguise, espionage, stealth, and concealment. This book blends the ancient practices… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteNinja Hacking offers insight on how to conduct unorthodox attacks on computing networks, using disguise, espionage, stealth, and concealment. This book blends the ancient practices of Japanese ninjas, in particular the historical Ninjutsu techniques, with the present hacking methodologies. It looks at the methods used by malicious attackers in real-world situations and details unorthodox penetration testing techniques by getting inside the mind of a ninja. It also expands upon current penetration testing methodologies including new tactics for hardware and physical attacks.
This book is organized into 17 chapters. The first two chapters incorporate the historical ninja into the modern hackers. The white-hat hackers are differentiated from the black-hat hackers. The function gaps between them are identified. The next chapters explore strategies and tactics using knowledge acquired from Sun Tzu's The Art of War applied to a ninja hacking project. The use of disguise, impersonation, and infiltration in hacking is then discussed. Other chapters cover stealth, entering methods, espionage using concealment devices, covert listening devices, intelligence gathering and interrogation, surveillance, and sabotage. The book concludes by presenting ways to hide the attack locations and activities.
This book will be of great value not only to penetration testers and security professionals, but also to network and system administrators as well as hackers.
- Discusses techniques used by malicious attackers in real-world situations
- Details unorthodox penetration testing techniques by getting inside the mind of a ninja
- Expands upon current penetration testing methodologies including new tactics for hardware and physical attacks
Penetration testers; Security consultants; IT security professionals including system / network administrators; hackers
About the Authors
About the Ninjutsu Consultant
About the Technical Editor
Introduction
Chapter 1 The Historical Ninja
The Historical Samurai
Bushido
Samurai Weapons
The Historical Ninja
Origins of the Ninja
Stories of Ninja
Ninja Code of Ethics
Ninja Weapons
Samurai Versus Ninja
Ethical Differences
Battlefield Use
Weapons
Summary
Endnotes
Chapter 2 The Modern Ninja
Modern-Day Ninjutsu
White Hats versus Black Hats
Black Hat Hackers
White Hat Hackers
Ninja Hackers – or Zukin
Ethics of a Modern-Day Ninja
Modern Ninja Ethics – Family
Modern Ninja Ethics – Community
Modern Ninja Ethics – Homeland
Modern Ninja Ethics – Appropriateness
Summary
Endnotes
Chapter 3 Strategies and Tactics
The Art of War – Breaking the Rules
Laying Plans
Five Constant Factors
Warfare Is Based on Deception
Waging War
No Cleverness in Long Delays
Rousing Anger
Victory – Not Lengthy Campaigns
Maneuvering
Practice Dissimulation
Strike Fast – Strike Wisely
Studying Moods
The Use of Spies
Five Classes of Spies
Rewards for Spying
Preconceived Notions
Psychological Warfare
Manipulating the Enemy’s Perception
Summary
Endnotes
Acknowledgment
Chapter 4 Exploitation of Current Events
Playing on People’s Fears and Curiosity
E-mail Attacks
Search Engines
Exploiting Patch Windows and Processes
Patch Windows
Patch Processes
Summary
Endnotes
Chapter 5 Disguise
Hensōjutsu (Disguise)
Impersonating People
The Modern “Seven Ways of Going”
mployees
Badges and Uniforms
Vendors
Virtual Disguises
Anonymous Relays
Summary
Endnotes
Chapter 6 Impersonation
Pretexting
Scholastic
Business
Rural
Religious
Public Figures
Labor
Uniformed
Phishing
The Sender
The E-mail
The Web Site
Fraudulent Certificates
Summary
Endnotes
Chapter 7 Infiltration
Lock Picking and Safe Cracking
Avoiding the Lock
Subverting Locks without Leaving Evidence
Opening Safes
Compromising Proximity Card Systems
Defeating Biometric Systems
Alarm System Evasion
Creating False Positives
Alarm Sensors
Trusted Networks
Employee or Contractor Home Networks
Vendor or Partner Networks
Nonstandard Internal Networks
Legacy Networks
Summary
Endnotes
Chapter 8 Use of Timing to Enter an Area
Tailgating
Physical Tailgating
Network and System Tailgating
Intrusion Detection System Avoidance
Physical Intrusion Detection Systems
Logical Intrusion Detection Systems
Administrative IDS
Out-of-Band Attacks
Honeypots
Summary
Endnotes
Chapter 9 Discovering Weak Points in Area Defenses
Traffic Patterns
Physical Traffic
Logical Traffic
Gates, Guns, and Guards
Gates
Guns
Guards
Information Diving
Physical Information Diving
Logical Information Diving
Summary
Endnotes
Chapter 10 Psychological Weaknesses
Baiting
The Modern Trojan Horse
The Con
Social Engineering
The Five Elements
The Five Weaknesses
The Five Needs
Social Engineering and the Kunoichi
Summary
Endnotes
Chapter 11 Distraction
Use of Big Events
Holidays
Sporting Events
Company Events
Environmental Events
Shill Web Sites
Spurious Company Data
Social Networking
False Search Engine Results
Multipronged Attacks
Distractors
Attacking on Multiple Fronts
Attack Timing
Summary
Endnotes
Chapter 12 Concealment Devices
Mobile Devices
Detection Methods
Mobile Device Trends
Data Smuggling
Encryption
Concealment
Summary
Endnotes
Chapter 13 Covert Listening Devices
Radio Frequency Scanners
Bluetooth
Cellular
Key Logging
Software Key Loggers
Hardware Key Loggers
Placing Key Loggers
Retrieving the Data
Not Getting Caught
Spyware
Stealing Personal Information
Stealing Credentials
Modifying Configurations
Installing Spyware
Using Spyware Quietly
Clandestinely Placed Sensors
Audio
Video
Other Electromagnetic Radiation
Summary
Endnotes
Chapter 14 Intelligence
Human Intelligence
Sources of Human Intelligence
Relationship Analysis
Debriefing and Interrogation
Interrogation Techniques
Deception
Good Cop/Bad Cop
Suggestion
Drugs
Torture
Clandestine Human Intelligence
Penetrating Organizations
Clandestine Reporting
Resources
Summary
Endnotes
Chapter 15 Surveillance
Gathering Intelligence
Resumes and Job Postings
Blogs and Social Networks
Credit Reports
Public Records
Location Tracking
GPS Tracking Devices
Other Devices that Provide Location Information
Detecting Surveillance
Technical Surveillance Countermeasures
RF Devices and Wiretapping
Detecting Laser-Listening Devices
Detecting Hidden Cameras
Physical Surveillance
Antisurveillance Devices
RF Jammers
Defeating Laser-Listening Devices
Blinding Cameras
Tempest
Summary
Endnotes
Chapter 16 Sabotage
Logical Sabotage
Malware
Data Manipulation
Physical Sabotage
Network and Communications Infrastructure
Counterfeit Hardware
Access Controls
Sources of Sabotage
Internal
External
Summary
Endnotes
Chapter 17 Hiding and Silent Movement
Attack Location Obfuscation
Protocol-Specific Anonymizers
Filtered Protocol Tunneling
Compromised Hardware
Memory Sticks
Hard Drives
Cell Phones
Network Devices
Log Manipulation
User Log Files
Application Log Files
Summary
Endnotes
Index
- Edition: 1
- Published: September 23, 2010
- Imprint: Syngress
- No. of pages: 336
- Language: English
- Paperback ISBN: 9781597495882
- eBook ISBN: 9781597495899
TW
Thomas Wilhelm
Thomas Wilhelm has been involved in Information Security since 1990, where he served in the U.S. Army for 8 years as a Signals Intelligence Analyst, Russian Linguist, and a Cryptanalyst. His expertise in the field of Information Security has led him to speak at prominent security conferences across the United States, including DefCon, HOPE, and CSI.
Thomas has contributed significantly to the field of professional penetration testing and information security. In his capacity as both a practice director and a managing director, he has played a pivotal role in executing offensive and defensive security initiatives for Fortune 100 companies and leading research and tool development that has influenced the security industry. Presently, he serves as a managing director at Redstone Securities and possesses master’s degrees in both Computer Science and Management.
His influence also extends to education where he formerly held the position of Associate Professor at Colorado Technical University. Thomas has also written various publications, including magazines and books. Through Pentest.TV, he continues to provide advanced security training and has obtained numerous certifications over the years, including the ISSMP, CISSP, CCNP Security, AWS Cloud Solutions Architect, AWS Cloud Security Specialist, and multiple Solaris certifications as well.
Affiliations and expertise
Managing Director, Redstone Securities, Colorado Springs, CO USAJA
Jason Andress
Jason Andress (CISSP, ISSAP, CISM, GPEN) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.
Affiliations and expertise
CISSP, ISSAP, CISM, GPENRead Ninja Hacking on ScienceDirect