Anti-Hacker Tool Kit, Fourth Edition

I reviewed the first edition "Anti-Hacker Tool Kit" (AHT:1E) in August 2002, and the second edition (AHT:2E) in June 2004. AHT:3E was published in February 2006. I continue to like AHT, because it addresses many of the tools an operational security professional should know how to use. I'll point out the differences between AHT:2E and AHT:3E, then offer some suggestions for AHT:4E. The introduction lists the same "changes in the third edition" that are listed in AHT:2E. I would expect this part of AHT:3E to be different from AHT:2E! Ch 1 adds Netcat6 and mentions SBD. Ch 3 adds Virtual PC and Gnoppix. Ch 4 drops NetScan Tools, SuperScan, and Udp_scan. Ch 5 is updated to talk about Win XP SP2 and Win 2k3 Server. Ch 6 drops HFNetChk but adds MBSAv2 and updates Winfingerprint to 0.6.2. Ch 7 adds Libwhisker and Burp, while dropping Stealth, Achilles, and WebSleuth. Ch 8 drops PassFilt.dll and adds PWDump3 and PWDump4. Ch 9 adds Clamav. Ch 12 drops STAT, Retina, and Internet Scanner, and adds Cain and Able. Ch 18 adds Shokdial. Ch 21 adds FTK Imager and SMART. Ch 22 adds Dcfldd and Split. Ch 24 adds ReadPST, ReadDBX, Encase Forensic, FTK, NetAnalysis, and Web Historian. Ch 25 drops Xvi32. Ch 26 is entirely new, albeit 8 pages. The following chapters were largely the same: 2, 10, 11, 13-17, 19, 20, and 23. A few may have had a new case study or a minor tweak. Security pro Mike Shema seems to have done a lot of the work revising old material. You can see his command prompt and tool output timestamps showing references to mid-2005. However, old material from AHT:1E remains, like talk of FreeBSD 4.3 BETA and Red Hat Linux 6.1 (kernel 2.2.12) in Ch 1. The Vnode discussion on pp 653-4 no longer works on FreeBSD, but I posted a new method to my blog. I believe AHT:3E would merit a fifth star if it dropped clearly old material and beefed up its newer sections. For example, AHT:3E spends 17 pages explaining Tripwire (free and commercial), despite the use of newer open source alternative like Osiris, AIDE, or Samhain. AHT:3E devotes almost 20 pages to really old back doors and remote access tools like Netbus, Back Orifice, SubSeven, and Loki. The book includes 10 pages on Ipchains, which went out of style years ago. I think sections like those should be cut entirely, or maybe moved onto a CD-ROM or Web site, to make room for more detail on Cain and Able and other newer projects. Overall, I still like AHT:3E, but I would like to see a more thorough scrub in AHT:4E. If you don't have AHT:2E or AHT:1E, you should buy AHT:3E. If you have either of those books, you might want to wait for AHT:4E.

If you are tired of cloudy, non-specific examples relating to security, this book is great. It details, with examples, exactly how to perform security functions. I use it for a research group I am heading (www.nmt.edu/~ccravens) and it is definitely an incredible find for our purposes. PS- A Reader, having never read the book, whenever you come out with your next best seller, lemme know, I might be interested! ;)

Anti Hacker Toolkit is one of the best security books which i came across.Being a beginner in the field of computer security, i was a bit apprehensive of goin thru this book.This is the most comprehensive guide which is worth every cent, if u ever read one of the hacking exposed series.

In just the few months since it has been published, I have used The Anti-Hacker Toolkit countless times as a reference...move over Webster! The book has been invaluable as it provides a comprehensive yet concise discussion on each tool. The Anti-Hacker Toolkit covers everything from installation to implementation and everything in between! Section IV on Forensics and Incident Response has been an especially useful guide in reconstructing e-mail and browsing history. It is an un-biased, get "down and dirty" guide to security tools that every computer security professional should read. Jones, Johnson and Shema are to Computer Security what Bob Vila is to Home Improvement.

'Hackers Beware', is a very useful book, no doubts. But its son: 'Anti-Hacker Toolkit' is by far, the most useful 'practical' book in the area of computer security. Tons. (I do mean Tons.) of cases and scenarios are thoroughly reviewed. Any relevant TOOL (offensive or defensive) is explored, lot of case studies are presented (in depth), and as an added bonus, almost every scenario is discussed both for Windows and UNIX.It is not a theoretical book, it is a real 'learn by understanding how to hack' book. However,even if no too much, you'll need some basic knowledge about the area, to take full advantage of this book.Needless to say the companion CD is, not only multi platform, but FULL of valuable tools.I have reviewed a lot of security books (good books), but this one really impressed me very much.The forensic chapters alone, justify buying the book !!