Thursday, March 09, 2006

Book review of Ed Skoudis "Counter Hack Reloaded"

Now, when I picked Ed Skoudis’s second edition of “Counterhack” – titled “Counterhack Reloaded” – my expectations were set on “high” :) Since I read the first edition, I was happy to find the “what’s new” section.

The book is structured similarly to the previous one with new material on wireless, Windows 2003, “Google hacking”, exploitation frameworks, new rootkits, ADS and a fun data theft scenario, to top it off. Pretty much all the things that came into relevance after the book came out in 2001 are added. In fact, when I was reviewing the first book I asked for “more web attacks, novel application hacking and wireless stuff” and it looks like Ed delivered!

Just like the previous edition, it is a very well written infosec book! It has all the components of a great book: logical presentation style, broad material coverage from concepts to command line switches, Ed’s characteristic humor, and of course, plenty of details on attacks and defenses. Years of teaching a SANS show and even the esoteric subjects are explained with uncanny clarity.

“Counterhack Reloded”, just as its predecessor, starts from networking, Unix/Linux and Windows primers. The book then presents a typical attack sequence (from recon to maintaining access) and goes into details on all its stages. A distinctive feature of the book is that the security tools descriptions are present not as the "man page rephrases" - a senseless stream of options and parameters - but instead woven into the fabric of the attack flow, thus making it much more interesting and fun to read. My favorites are chapters on covering the tracks and maintaining access and the scenarios in the end.

The book is still focused more on the attack side, while containing tips on protecting and blocking various described attacks. Overall, the book is a very useful addition to any security book library, even if you already have the first edition. The only criticism – which is highly likely specific to me – is that book seems more useful for the beginners than for seasoned pros. The latter will still find it useful, but more cutting edge stuff will be better (yeah, I am talking about virtual machines here… hint-hint)

No comments:

Dr Anton Chuvakin