Penetration Tester's Open Source Toolkit, Volume 2

Jeremy Faircloth, Chris Hurley, Jesse Varsalone

  • 出版商: Syngress Media
  • 出版日期: 2007-11-30
  • 定價: $1,800
  • 售價: 2.2$399
  • 語言: 英文
  • 頁數: 592
  • 裝訂: Paperback
  • ISBN: 1597492132
  • ISBN-13: 9781597492133
  • 相關分類: 資訊安全駭客 Hack
  • 立即出貨(限量) (庫存=1)

買這商品的人也買了...

商品描述

Customer Reviews

If you want to master the art and science of reverse engineering code with IDA Pro for security R&D or software debugging, this is the book for you. Highly organized and sophisticated criminal entities are constantly developing more complex, obfuscated, and armored viruses, worms, Trojans, and botnets. IDA Pros interactive interface and programmable development language provide you with complete control over code disassembly and debugging. This is the only book which focuses exclusively on the worlds most powerful and popular tool for reverse engineering code.

* Master the most powerful disassembler and debugger for Windows, Linux, or OS X
* Single-step through code to understand the complexities of worms, viruses, and Trojans
* Automate even the most complex tasks using IDA Pros development environment I am not sure why Penetration Tester's Open Source Toolkit (PTOST) was published. If you have no other security assessment books, you may find PTOST helpful. Otherwise, I don't believe this book offers enough value to justify purchasing it. Other books -- some published by Syngress -- cover some of the same ideas, and 5 of PTOST's chapters are published in other books anyway.

I was somewhat confused by PTOST's approach. The book features the logo of the Auditor live CD, along with a foreword by Auditor developer Max Moser. A version of Auditor is included with the book. However, PTOST isn't exactly a guide to Auditor. In fact, only on the back cover do we see a listing of the "CD contents." This list is odd since it does not distinguish between categories of tools (e.g., "Forensics") and the tools themselves (e.g., "Autopsy"). At the very least the book should have included an appendix listing the Auditor tools and a summary of their purpose.

PTOST does not feature enough original content to warrant buying the book. I think Osborne's Hacking Exposed, 5th Ed (HE5E) (or even the 4th Ed) addresses the phases of compromise in a more coherent and valuable manner. This is especially true for Ch 1 (Reconnaissance) and Ch 2 (Enumeration and Scanning); is there really anything original left to say on those subjects? I admit that coverage of certain SensePost tools was helpful, and SpiderFoot was cool.

Those looking to learn about database assessment (Ch 3) or Web hacking (Ch 4) would be better served by Syngress' own Special Ops: Host and Network Security for Microsoft, Unix, and Oracle. HE5E has a good chapter on Web hacking, and there's even a Hacking Exposed: Web Applications (HEWA) book. (A second edition of HEWA arrives this year, as does Syngress' new Web Application Security: A Guide for Developers and Penetration Testers.) However, I did like hearing about OScanner, SQLAT, and OAT in Ch 3.

Ch 5 (Wireless Penetration Testing Using Auditor), was one of my favorite chapters. It covered the material well enough, and it covered tools included with Auditor. The case studies were also helpful. Ch 6 (Network Devices) resembled Chs 1 and 2; it didn't contain anything really new. I could not understand why Ch 7 (Writing Open Source Security Tools) appeared in a book more or less about using a penetration testing live CD. The audiences for those using live CDs and those writing their own tools seem very different.

I also liked Ch 8 (Running Nessus from Auditor). Like Ch 5, it looked at the unique problems one encounters using a live CD for security work. For example, author Johnny Long offers multiple ways to update the Nessus plugins to a USB drive. This is exactly the sort of knowledge not found in other Nessus books. He also takes a look behind the scenes of the Nessus startup script on Auditor. Bravo.

I stopped reading PTOST after Ch 8. Why? Chs 9, 12, and 13 are published in Syngress' Writing Security Tools and Exploits (as Chs 9, 10, and 11). Chs 10 and 11 from PTOST are the same as Chs 3 and 4 from Syngress' Nessus, Snort, and Ethereal Power Tools. This tendency to reprint chapters from other books is worrisome.

I believe a second edition of PTOST would be more helpful if it focused strictly on tools found on a future assessment live CD, namely BackTrack. (BackTrack is a new live CD uniting the Auditor and Whax projects.) In fact, the authors might consider taking a case-based approach for the whole book. I thought the case studies in PTOST were some of the best material. For those looking for a comprehensive guide to security assessment, I recommend waiting for a second edition of Special Ops. Those who want a wide-ranging guide to security tools will like the recently published third edition of Osborne's Anti-Hacker Toolkit.

 

The Penetration Tester's Open Source Toolkit is a new offering from Syngress that primarily focuses on using the Auditor live CD. The 200605-02-ipw2100 version comes included with the book; if you have an IPW2200 wireless interface in your laptop, though, the 802.11x tools won't work as it doesn't include the proper driver.

The book walks through using a number of Open Source or free tools for overall reconnaissance, enumeration, and scanning (most of which everyone's seen before), but then it delves into database, web application, and wireless testing as well as network devices. There's a chapter on "Writing Open Source Security Tools", but it's a little misleading as it's a quick guide to writing security tools without any real discussion of open source development or what it means other than an appendix that briefly includes and talks about the GPL and why it's good.

There are four chapters on Nessus, most of which focus on using NASL and other ways of extending the venerable vulnerability scanner. The final two chapters discuss the Metasploit Project; the first of these is also misleading as it's not so much about "Extending Metasploit" as it is an (admittedly good) introduction to the Framework. The second does a decent walkthrough of developing an exploit with Metasploit, including other offerings from the project like the Opcode Database and such.

It's a very useful book; much of it you'll already know, but there's a lot of discussion about tools that I hadn't seen before. A few of the tools are mostly out-dated, and not all of them are on the Auditor CD, but this goes beyond simple discussions of nmap and whois; even some Google tools from Sensepost are examined. The database chapter features a lot of great information about Oracle but is cursory in its discussion of SQL Server (though I'll be reviewing another book focusing on database testing in the near future). The other topic areas receive decent coverage, if somewhat fast-paced from time to time.

I'm not an expert in NASL, so all I can say about the Nessus chapters is that they appear fairly in-depth and should be useful to me in the future; if you don't know much about scripting for Nessus, at a minimum they'll be a good introduction. The Metasploit Framework was something I'd never used before, but with the help of this book and a few other resources on the Net, it's immediately become a staple in my toolbox along with venerable testing resources like nmap and Nessus - the software is that good, and the text here is clear enough that you should be able to get started with it right away.

Overall, I'm pretty pleased with this book, but it's not as in-depth as I had expected when it arrived. Even though the book is 678 pages long, not including the GPL or the index, the type face is fairly large and there are a lot of examples and sidebars. I'd like a little wider margins and a little smaller point size so that I could make better notes. There are a number of typos, few of which have any technical signifance (those that do are mostly incorrect acronym explications). The technical level feels just right to me for a mid-level security consultant: this is deeper than Hacking Exposed but it's not quite as technical as Hacking: The Art of Exploitation. It won't hold your hand, but you don't need to understand assembly and the intricacies of buffer overflows for all but a few portions of the book (it would be a good idea for you to learn them, though!) Also note that the book focuses on vulnerability assessment; further exploitation of a compromised system is not really discussed. That is, tools and techniques to demonstrate vulnerabilities are shown, but once you're in, you're on your own.

I'd recommend this to anyone involved in vulnerability assessment or penetration testing, whether as a consultant, system administrator, security engineer, etc., if for no other reason than it may introduce you to some tools you haven't seen before.

商品描述(中文翻譯)

客戶評論

如果您想要掌握使用IDA Pro進行安全研究和軟體除錯的逆向工程技巧,這本書非常適合您。高度組織化和複雜的犯罪組織不斷開發更加複雜、混淆和防護的病毒、蠕蟲、特洛伊木馬和僵屍網絡。IDA Pro的互動界面和可編程開發語言讓您完全掌握代碼反彙編和除錯。這是唯一一本專注於世界上最強大和最受歡迎的逆向工程代碼工具的書籍。

- 掌握Windows、Linux或OS X上最強大的反彙編和除錯工具
- 逐步了解蠕蟲、病毒和特洛伊木馬的複雜性
- 使用IDA Pro的開發環境自動化最複雜的任務

我不確定為什麼《滲透測試人員的開源工具包》(PTOST)被出版。如果您沒有其他安全評估書籍,您可能會發現PTOST有所幫助。否則,我認為這本書提供的價值不足以證明購買它的價值。其他書籍 - 其中一些由Syngress出版 - 涵蓋了一些相同的想法,而且PTOST的5個章節已經在其他書籍中出版。

我對PTOST的方法感到有些困惑。這本書的封面上有Auditor live CD的標誌,以及Auditor開發人員Max Moser的序言。書中附帶了Auditor的一個版本。然而,PTOST並不完全是一本關於Auditor的指南。事實上,只有在封底上我們才能看到“CD內容”的列表。這個列表很奇怪,因為它沒有區分工具的類別(例如“法醫學”)和工具本身(例如“Autopsy”)。至少這本書應該包含一個附錄,列出Auditor工具和它們的用途的摘要。

PTOST沒有足夠的原創內容值得購買這本書。我認為Osborne的《Hacking Exposed, 5th Ed》(HE5E)(甚至第4版)以更有條理和有價值的方式談到了入侵的階段。對於第1章(偵察)和第2章(列舉和掃描),這尤其如此;對這些主題還有什麼新的東西可說呢?我承認,關於某些SensePost工具的介紹是有幫助的,而且SpiderFoot也很酷。

那些想要了解數據庫評估(第3章)或Web攻擊(第4章)的人最好閱讀Syngress自己的《Special Ops: Host and Network Security for Microsoft, Unix, and Oracle》。HE5E有一個很好的關於Web攻擊的章節,還有一本《Hacking Exposed: Web Applications》(HEWA)的書籍。(HEWA的第二版將於今年出版,Syngress的新書《Web Application Security: A Guide for Developers and Penetration Testers》也將於今年出版。)然而,我喜歡在第3章中聽到關於OScanner、SQLAT和OAT的介紹。

第5章(使用Auditor進行無線滲透測試)是我最喜歡的章節之一。它很好地介紹了相關材料,並介紹了Auditor附帶的工具。案例研究也很有幫助。第6章(網絡設備)類似於第1章和第2章;它沒有包含任何真正新的內容。我無法理解為什麼第7章(編寫開源安全工具)出現在一本或多或少關於使用滲透測試live CD的書中。使用live CD的人和編寫自己工具的人的受眾似乎非常不同。

我也喜歡第8章(從Auditor運行Nessus)。像第5章一樣,它探討了使用live CD進行安全工作時遇到的獨特問題。例如,作者Johnny Long提供了多種將Nessus插件更新到USB驅動器的方法。這正是其他Nessus書籍中找不到的知識。他還深入研究了Nessus的背後。