Anti-Hacker Tool Kit, Second Edition

Posted By: runje

Anti-Hacker Tool Kit, Second Edition|by Mike Shema and Bradley C.|McGraw Hill|Ebook|CHM|808 pages|size 30 Mb|# Sales Rank: #9,808 in Books |ISBN: 0072230207

I reviewed the first edition "Anti-Hacker Tool Kit" (AHT:1E) in August 2002. This second edition (AHT:2E) follows only 18 months after the original was published. I don't believe enough time has passed to warrant an update, even though tools can evolve quickly. In certain aspects the book suffers from a lack of updates from AHT:1E author Keith Jones, who found the publisher's demands onerous. Nevertheless, AHT:2E is a must-buy if you didn't read AHT:1E.

The major additions to AHT:2E include a new chapter on firewalls, which doesn't really add anything new to the common body of security knowledge. A new chapter on host hardening covers Titan and MSec. Tools like THC-Amap, THC-Hydra, HFNetChk, Ettercap, Wellenreiter, and Kismet make appearances as well. Whereas Trinux was only mentioned in the first edition, it gets welcome coverage in the chapter on building live response bootable CDs. Updated material on Nmap, NetScan Tools, SuperScan, Scanline, and commercial forensic suites is included.

The remainder of the book is largely the same. Particularly, chapters on Netcat, X, VMWare, Cygwin, backdoors, source code auditing, port redirection, war dialers, and open source forensics appear very similar to AHT:1E. Deleted from AHT:2E are Whisker, Twwwscan/Arirang, SMBGrind, and Nbaudit. Comparisons with the first edition are somewhat complicated by the rearrangement of tools and chapters in AHT:2E, but I thought the new organization made sense.

Aside from the information on using Trinux, AHT:2E seemed to lack new contributions from an author with real forensic experience. Keith Jones' original material is still present, but advancements in the forensic arena are not covered. For example, AHT:2E should have addressed Keith's tools in the Odessa project, such as Galleta (cookie parsing), Pasco (IE history recovery), and Rifiuti (Recycle Bin examination).

Overall, AHT:2E is an excellent book, but I don't believe a second edition was needed 18 months after the first was published. The AHT look and feel has spawned the "Anti-Spam Tool Kit," which I plan to read and review shortly. Perhaps future AHT books will split out various sections (assessment, forensics, etc.) into separate volumes, making it easier to manage the series.

"For the pleasure not the pressure"