[This was originally published on Enterprise Zone and mirrored on attrition.org.]
Hack Attacks Revealed
A Complete Reference with Custom Security Hacking Toolkit
047141624X, 960 Pages, Wiley Computer Publishing
Hack Attacks RevealedPartially
Hack Attacks Revealed begins with a solid technical foundation but soon unravels without revealing true hacking.
Hackers understand that the true art and spirit of hacking cannot be taught. Hacking is a mindset that goes way beyond textbook instructions or explanations. As such, even a well-written book on the subject generally covers only concepts and detailed examples, failing to examine true hacking. One such book, Hack Attacks Revealed: A Complete Reference with Custom Security Hacking Toolkit by John Chirillo, begins with a solid technical foundation as the basis for exploring the art of hacking but soon spirals downward into a mishmash of disparate topics that gives the reader the wrong impression of hacking.
The foundation of successful hacking is a strong knowledge of the inner workings of the systems the hacker is attacking. This means knowing not only operating systems and software but also the protocols that let the machines work together. Hack Attacks Revealed’s first three chapters do give a very thorough, technical explanation of communications protocols and the hardware involved. For the security professional the heavy opening chapters are a blessing of sorts; along with providing a good reference they likely will scare off would-be hackers who are under the illusion that hacking is easy.
Between each of the book’s major sections, Chirillo gives “insight” into the hacker mindset based on his own experience in the hacking world. While these excerpts provide more particulars about what hacking really is, they left me wondering how much is authentic and how much is just good material for a book on the subject.
A bulk of the chapters that deal with actual hacking seems repetitive and extremely lacking in detail. Rather than going into specifics about the methodology of breaking into a remote system, for example, Chirillo leaves the reader hanging after basic explanations of the most rudimentary network tools. Once you’ve learned simple network information about a system such as DNS and ‘whois’ info, then what? If we follow the author’s logic, launching a multitude of denial-of-service (DoS) attacks would be the next step. In reality, DoS attacks are rarely performed in hacking, be it open hacking without authorization or under contract as a professional penetration security engineer. As Chirillo moves into a new topic or method involved in hacking, he suddenly drops the previous one without further explanation, leaving the reader in the dark about the next step.
More Is Less
Hack Attacks Revealed is a formidable book, weighing in at just under 950 pages. Don’t let this intimidate you in any way. With more than 100 pages of useless source code, large-font tables of easily referenced material (outside of this book), and 200 pages of appendices, you easily can skip at least one third of this book in favor of the real content. Unfortunately, that real content falls short of truly “revealing” anything about what hacking really is.