Book Review: Counterhack Reloaded by by Ed Skoudis and Tom Liston
Shortly after having read Malware by Ed Skoudis, I decided I was willing to give any security book he wrote a reading. And, indeed, this was a good decision.
Counterhack Reloaded, an expansion of the original Counterhack (Mr. Skoudis likes the Matrix movies it seems),proves to be a great introduction into the techniques used by both black hat hackers and their white hat opponents, pen testers. Ever wonder what a buffer overflow was? It’s covered. How an attacker uses such an exploit to get a foothold into your machine? Covered. War driving? Social engineering? Using Nmap? All covered.
Of course, there is more structure to the book than just various topics jumbled together. Counterhack Reloaded is organized into six basic sections:
-
Background - three chapters at the beginning of the book are devoted to giving background into important components of most modern networks, first the network protocols themselves, then the Windows and Linux operating systems.
-
Phase 1: Reconnaissance - having covered the background, we start to get to the meat of things. There are five Phases in Counterhack Reloaded, starting with Reconnaissance. Here Skoudis explains both the need for an attacker to know as much as possible about a system before launching an attack, as well as both active and passive approaches to gaining this information. This section includes techniques for using search engines to dig up information on a target, social engineering, even dumpster diving.
-
Phase 2: Scanning - in the second phase, things start to get a bit more aggressive. Scanning reveals more detail about the network, including open ports (including how to use Nmap), mapping the structure of the network, war driving, vulnerability scanners and more. In some respects, this is like a more visible version of reconnaissance.
-
Phase 3: Gaining Access - here’s the part you’re most interested in. Learn about mechanisms for breaking into systems, from automated techniques using tools like Metasploit, buffer overflows, using sniffing to gather passwords, password hijacking and more. Included in the phase are also DoS attacks like ping of death and other nasty methods to take down systems.
-
Phase 4: Maintaining Access - once you’ve figured out how break into that system, you want to maintain control. The main thing you’ll find here are trojans, mostly rootkits. These are designed to hide the very tools that let you control a system from administrators.
-
Phase 5: Covering Tracks and Hiding - this is a phase that some pen testing books leave out, arguing a pen tester will never need these techniques. Fortunately for those who wish to ensure that they have systems which will retain evidence of an attack, Counterhack Reloaded does not take this approach. This section includes not only mechanisms for allowing repudiation of access or removing entries from logs altogether, but also how covert channels work across networks.