Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques
Author: Thomas Wilhelm and Jason Andress
Ninja Hacking is not your typical “hacking” book. By comparing hackers with ninjas, the authors try to demonstrate how the ninja way of doing things can be translated to fit the cyber warfare arena, and how learning to think like the enemy does can help you become the very best penetration tester and protector of computer networks and systems you can be.
About the authors
As a speaker at security conferences across the U.S., Thomas Wilhelm has been employed by Fortune 100 companies to conduct risk assessments, penetration testing efforts, and manage information systems security projects.
Jason Andress is a seasoned security professional who is presently employed by a major software company, providing global information security oversight, and performing penetration testing, risk assessment, and compliance functions.
Inside the book
When I first got this book, its title seemed to me a poor attempt to make the subject of hacking seem “cool” – well, “cooler” than it already is. But immediately upon starting the very first page of the very first chapter, I realized that the comparison between ninjas and successful hackers might be spot-on, since both categories don’t have to play by anyone’s rules and simply think differently.
The first two chapter explain the differences between the historical samurai and the ninja, especially when it comes to the code of ethics they followed and how their position in society – or in the case of ninjas, outside it – influenced their way of thinking what constitutes a successful result of a mission. Here, the authors make another good comparison – white hat hackers are the modern day samurais, while black hats are ninjas. And to be a truly effective penetration tester, white hat hackers must learn to think like black hats.
The third chapter takes the military strategy and tactics masterpiece The Art of War and explains how some of the topics it includes – Laying Plans, Waging War, Maneuvering and The Use of Spies – can be applied to espionage and unconventional cyber warfare.
Each following chapter deals with one aspect of the black hat hacker’s behavior when executing an attack. In them you will learn how they play on people’s fears, how they disguise themselves, which infiltration tactics they use, how they discover weak points in area defenses, how they gather intelligence and perform acts of sabotage, and much more. All this covered topics include such performances in the physical and cyber world.
We are all to eager to compare other people to ourself, and predict their behavior by thinking about what we would do in a particular situation. The point of this book is to set aside for a moment all those ethical constraints that we usually operate under, and imagine ourselves as the “bad guy”. I think the authors have achieved the goal perfectly, and that they chose a very fitting and interesting comparison that will help readers do that.
I enjoyed this book immensely, and I consider it a must read for penetration testers – although it must be said that everyone working in the information systems security arena could benefit from reading it. The first chapter has a bit more history than it is strictly needed, but all in all, I think that all points covered in the book have been perfectly explained in a way that will make you retain the knowledge.