Anti Hacker Toolkit, Second Edition

[This book] continues the best-selling tradition of Hacking Exposed--only by learning the tools and techniques of malicious hackers can you truly reduce security risk. Arm yourself today with The Anti-Hacker Tool Kit. --Joel Scambray, co-author of Hacking Exposed, Hacking Exposed Windows 2000, and Hacking Exposed Web Applications and Senior Director of Security for Microsoft's MSN

User review
Pretty good,,,,
Very good book with all the essentials integrated into one book and the companion cd adds to it.

User review
Excellent Resource
If you are tired of cloudy, non-specific examples relating to security, this book is great. It details, with examples, exactly how to perform security functions. I use it for a research group I am heading (www.nmt.edu/~ccravens) and it is definitely an incredible find for our purposes.

PS- A Reader, having never read the book, whenever you come out with your next best seller, lemme know, I might be interested! ;)

User review
A good purchase if you don't have the first edition
I reviewed the first edition `Anti-Hacker Tool Kit` (AHT:1E) in August 2002. This second edition (AHT:2E) follows only 18 months after the original was published. I don't believe enough time has passed to warrant an update, even though tools can evolve quickly. In certain aspects the book suffers from a lack of updates from AHT:1E author Keith Jones, who found the publisher's demands onerous. Nevertheless, AHT:2E is a must-buy if you didn't read AHT:1E.

The major additions to AHT:2E include a new chapter on firewalls, which doesn't really add anything new to the common body of security knowledge. A new chapter on host hardening covers Titan and MSec. Tools like THC-Amap, THC-Hydra, HFNetChk, Ettercap, Wellenreiter, and Kismet make appearances as well. Whereas Trinux was only mentioned in the first edition, it gets welcome coverage in the chapter on building live response bootable CDs. Updated material on Nmap, NetScan Tools, SuperScan, Scanline, and commercial forensic suites is included.

The remainder of the book is largely the same. Particularly, chapters on Netcat, X, VMWare, Cygwin, backdoors, source code auditing, port redirection, war dialers, and open source forensics appear very similar to AHT:1E. Deleted from AHT:2E are Whisker, Twwwscan/Arirang, SMBGrind, and Nbaudit. Comparisons with the first edition are somewhat complicated by the rearrangement of tools and chapters in AHT:2E, but I thought the new organization made sense.

Aside from the information on using Trinux, AHT:2E seemed to lack new contributions from an author with real forensic experience. Keith Jones' original material is still present, but advancements in the forensic arena are not covered. For example, AHT:2E should have addressed Keith's tools in the Odessa project, such as Galleta (cookie parsing), Pasco (IE history recovery), and Rifiuti (Recycle Bin examination).

Overall, AHT:2E is an excellent book, but I don't believe a second edition was needed 18 months after the first was published. The AHT look and feel has spawned the `Anti-Spam Tool Kit,` which I plan to read and review shortly. Perhaps future AHT books will split out various sections (assessment, forensics, etc.) into separate volumes, making it easier to manage the series.

User review
OK as reference
While reviewing the second edition of the AntiHacker Toolkit, I managed to keep my general disdain towards tool books (see my review for a first edition) in check. Thus, I managed to find the book more valuable than the first edition.

I liked that the authors framed the book as being `about tools` and not `about security`. The book will not teach you security concepts, but rather what the current tools are and (to some extent) how to use them.

The book offers coverage of Windows and UNIX, attack and defense (and investigation) tools. As the authors state, it does indeed make a good companion for `Incident Response` by providing a bit more details on the tools. Reading up on the methodologies before starting on the tools is a good idea.

I also liked that they highlighted the changes and new material added for the second edition. However, if the book offers to cover a laundry list of tools, some omissions look pretty suspicious. Where is Bastille in `Host Hardening`? Where is `scanrand` in scanners? Some tools (such as Nessus and Snort as well as commercial scanners) would have justified a bit more details (due to their relative complexity and diverse functionality).

The book will make a valuable addition to a library of a security professional. Although most or even all of the information there is available online after some googling, having it in one place is not a bad idea.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company. He is the author of the book `Security Warrior` (O'Reilly, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

User review
Hmmmm.
Does it concern anyone else that every prior review was written with third-grade English?

I haven't actually read the book, though it seems to be a re-hash of every other security/hacking/cracking book on the shelf. In fact, virtually every `hacking` book on the shelf at Borders and B&N seems to recount the same basic tenets, and yet,,. still more emerge.

I guess I need to write my own book, eh?