Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques [NOOK Book]

Overview

Ever thought of using the time-tested tactics and techniques of the ancient ninja to understand the mind of today’s ninja, the hacker? As a penetration tester or security consultant you no doubt perform tests both externally and internally for your clients that include both physical and technical tests. Throw traditional pen testing methods out the window for now and see how thinking and acting like a ninja can actually grant you quicker and more complete access to a company’s assets. Get in before the hacker ...
See more details below
Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$49.95
BN.com price

Overview

Ever thought of using the time-tested tactics and techniques of the ancient ninja to understand the mind of today’s ninja, the hacker? As a penetration tester or security consultant you no doubt perform tests both externally and internally for your clients that include both physical and technical tests. Throw traditional pen testing methods out the window for now and see how thinking and acting like a ninja can actually grant you quicker and more complete access to a company’s assets. Get in before the hacker does with these unorthodox techniques. Use all of the tools that the ninja has: disguise, espionage, stealth, and concealment. Learn how to benefit from these tools by laying your plans, impersonating employees, infiltrating via alarm system evasion, discovering weak points and timing, spyware and keylogging software, and log manipulation and logic bombs. And, really, don’t you want to be a ninja for a day just because they’re cool? Let this book be your excuse!

  • Discusses techniques used by malicious attackers in real-world situations
  • Details unorthodox penetration testing techniques by getting inside the mind of a ninja
  • Expands upon current penetration testing methodologies including new tactics for hardware and physical attacks
Read More Show Less

Editorial Reviews

From the Publisher

"The hacking community is fraught with Eastern military comparisons. Like the ninja, we are continuing to come out of the shadows of our communal origins and grow into respected members of a larger society. As our industry matures, it demands more formal education, strict regulations and an adherence to a code of ethics. Therefore it becomes increasingly difficult to incorporate the culture of the unconventional warrior into our new world. Enter Wilhelm and Andress, who make it safe to show off your fu again. By the end of this book, the security professional is given the philosophical foundation along with a practical framework from which to leverage the way of the ninja. What could be cooler?"--Donald C. Donzal, Editor-in-Chief, The Ethical Hacker Network

Read More Show Less

Product Details

  • ISBN-13: 9781597495899
  • Publisher: Elsevier Science
  • Publication date: 11/2/2010
  • Sold by: Barnes & Noble
  • Format: eBook
  • Pages: 336
  • Sales rank: 1,111,257
  • File size: 5 MB

Meet the Author

Thomas Wilhelm has been involved in Information Security since 1990, where he served in the U.S. Army for 8 years as a Signals Intelligence Analyst / Russian Linguist / Cryptanalyst. A speaker at security conferences across the United States, including DefCon, HOPE, and CSI, he has been employed by Fortune 100 companies to conduct risk assessments, participate and lead in external and internal penetration testing efforts, and manage Information Systems Security projects.Thomas is also an Information Technology Doctoral student who holds Masters degrees in both Computer Science and Management. Additionally, he dedicates some of his time as an Associate Professor at Colorado Technical University and has contributed to multiple publications, including both magazines and books. Thomas currently performs security training courses for both civilian and government personnel through Heorot.net, and maintains the following security certifications: ISSMP, CISSP, SCSECA, and SCNA.

Jason Andress (ISSAP, CISSP, GPEN, CEH) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.

Read More Show Less

Read an Excerpt

Ninja Hacking

Unconventional Penetration Testing Tactics and Techniques
By Thomas Wilhelm Jason Andress

Syngress

Copyright © 2011 Elsevier, Inc.
All right reserved.

ISBN: 978-1-59749-589-9


Chapter One

The Historical Ninja

In the news, we are constantly hearing about malicious hackers who were able to achieve incredible success against large corporations, stealing millions of dollars worth of data. Yet, we wonder why these large corporations succumb to the malicious attacks in the first place, considering the resources available. Government systems, with threats coming from across the globe, are successfully compromised; yet, the governments cannot put together an effective shield to prevent the attacks in the first place. These events should make us wonder how the extremely proficient malicious hackers could ever succeed — the answer is twofold:

1. They do not have to play by anyone's rules.

2. They think differently.

By not having to play by anyone's rules, they can try different types of attack vectors, without having to worry about scope statements and get-out-of-jail-free letters — they are free to try anything they want. The advantages of thinking differently mean that they can try unconventional attacks against targets; there are no limitations to their creativity and freedom to try new things, even if the attacks result in shutting down systems or destroying data. The truly talented malicious hackers are unique and quite a challenge to stop.

Because malicious hackers are real, it is critical for security engineers tasked with defending systems to understand how the "enemy" thinks ... and that is part of what this book is about. We will be taking a look at how to think unconventionally, learn how to conduct attacks against our own systems, and understand what can be done by malicious hackers against both corporate and government systems.

We will attempt to emulate the mind and follow the teachings of the ancient ninja, so that we can create and execute unorthodox attacks against computer networks, systems, and facilities. We will also attempt to understand how to better be prepared for such attacks, should they target our organization. While this seems like an odd task to attempt, we will find that there are numerous parallels between the philosophy of the ninja and the philosophy of some of the more successful hackers — both malicious and friendly.

To understand the ninja, we have to understand the samurai and the feudal system of ancient Japan, for the ninja were defined by their times and foes. Both the ninja and samurai stand out in history primarily because their culture was not significantly influenced by western society until the 1800s. As a result, their culture and philosophy was developed independent of foreign moralities and viewpoints (Chinese influence is the primary exception). Because of the lack of influence by western society, it is difficult for most Westerners to understand the mindset of the times when the ninja were influential in Japan. While this book is by no means meant to be an historical tome on the ninja, we will be looking at the history of both the samurai, feudal Japan, and how the ninja profession was shaped.

The samurai were the militaristic upper-class of ancient Japan and had far reaching authority to shape both history and the countryside of the nation. The samurai were considered the elite and would (theoretically) dole out justice within their community or across the countryside during their travels. Samurai could be hired on as mercenaries as needed or retained as part of a standing army by a warlord. Without a doubt, the samurai defined how war was conducted in ancient Japan and were considered a standard of chivalry. However, chivalry has its shortfalls — specifically the need to follow ethical standards. The ninja eschewed such shortcomings, which is why they became such an important force in Japanese politics and war.

Born out of necessity because of constraints in their ethical code, called Bushido, the samurai were unable to do some of the more nefarious types of attacks or clandestine political operations. The ninja were able to fill that vacancy; however, it should be understood that the job of a ninja was not something anyone ever aspired to become — ninja existed because there was no other choice, either because of the pressures of war, the Japanese culture, or their inability to compete with samurai directly. The life of the ninja was not considered glorious or honorable — in fact, the ninja were often despised by Japanese culture; yet, they were sometimes tolerated because of their usefulness by the ruling class. This tolerance was sometimes cast aside — there were more than one occasion when ninja strongholds were attacked solely on the desire to eradicate the threat the ninja posed to those in power.

The line between samurai and ninja weren't always well-defined, either. In some cases, samurai would also perform the duties of a ninja, as dictated by the needs of the ruling warlord. Because of the disgraceful nature of the ninja, all ninja would disguise their true nature with that of a different profession, whether it was as a farmer, an entertainer, a priest, a fisherman, a merchant — or even a samurai. There have been many famous samurai who were thought to have also performed duties as a ninja; the need for clandestine operations in times of conflict was simply unavoidable. Because of the militaristic training, the samurai were quite capable of performing this dual role.

In this chapter, we will look at the history of the ninja. But because of the interrelationships between the samurai and the ninja, we must also understand the samurai as well. Once we understand the histories of both cultures, we can then begin to understand how we might integrate the philosophy of the ninja into the modern world of information security.

THE HISTORICAL SAMURAI

Hollywood has portrayed the samurai in various lights — sometimes good and sometimes evil. As with everything in history, the samurai cannot be easily defined in such simplistic descriptions. There were certainly samurai who abused their power, just as there were samurai who upheld the "greater good." To understand the historical influence of the samurai, we have to examine the philosophy and writings of the time.

The dominant philosophy of the samurai was that of Bushido (Bu-shi-do), which literally translated means Military-Knight-Ways. In general, the samurai attempted to uphold the traditions of Bushido, even though there was no written version of this code of honor. However, there were some writings over the centuries that did have some influence on the samurai — both in terms of military conduct and philosophy.

Bushido

The samurai, and Bushido, were discussed in detail by Dr. Inazo Nitobé in his work titled Bushido, the Soul of Japan, originally written in 1900, intended for western audiences. Dr. Nitobé described Bushido as an ethical system that influenced all of Japan. For the samurai, Bushido was the "noblesse oblige of the warrior class" and provided the samurai with a moral compass in which to conduct their affairs.

Although Bushido was never formalized in written form, there were many scholars and warriors from Japan who wrote about their opinion and insight as to what it meant to be samurai. These writings, along with oral traditions, were used to teach newer generations of samurai what was required of them in service of their warlord. These teachings were restricted only to those things considered critical for a warrior, however. According to Nitobé, there were three areas that the samurai focused all their effort on: wisdom, benevolence, and courage. The samurai were "essentially a man of action. Science was without the pale of his activity. He took advantage of it in so far as it concerned his profession of arms. Religion and theology were relegated to the priests; he concerned himself with them in so far as they helped to nourish courage [...] literature was pursued mainly as a pastime, and philosophy as a practical aid in the formation of character, if not for the exposition of some military or political problem."

The Book of Five Rings

Similar to Sun Tzu's The Art of War, the Book of Five Rings is a treatise on military strategy. The Book of Five Rings, written by Miyamoto in the 1600s, broke the samurai strategy down into five elements or rings: Ground (strategy), Water (the warrior's spirit), Fire (fighting), see Figure 1.1, Wind (military traditions), and Void (balance of all things). As a way of thinking in order to properly follow "the Way" of Bushido, Musashi outlined the following nine tenets:

1. Do not think dishonestly.

2. The Way is in training.

3. Become acquainted with every art.

4. Know the Ways of all professions.

5. Distinguish between gain and loss in worldly matters.

6. Develop intuitive judgment [sic] and understanding for everything.

7. Perceive those things which cannot be seen.

8. Pay attention even to trifles.

9. Do nothing which is of no use.

These tenets, when applied to the different "rings," provided a path in which samurai could follow and stay within the moral guidelines of Bushido. While Musashi's treatise on strategy is worth reading in its entirety (even for those who are just interested in ninja hacking), we will focus on some specific excerpts.

The Ground Book

The Ground Book discusses strategy with regard to victory on the battlefield. Musashi summarized the job of the samurai as "the Way of the warrior is to master the virtue of his weapons." He then discusses the advantages and disadvantages of each weapon used during his period of Japanese military campaigns. This is in contrast with that of the ninja, in that the ninja had to learn how to use everyday items as weapons, since possession of military-type weapons would make them stand out if they were in the disguise of any profession, other than samurai.

The Water Book

The Water Book focuses on the samurai's spirit; although the book focuses primarily on the fighting spirit, the writings were applied to every aspect of a samurai's life — not just in combat. The idea behind water is that it is fluid, not rigid. When using the sword, although the attacks by samurai may seem stiff and regimented, the true mindset is that of calm and an absence of tenseness.

What distinguishes the samurai from the ninja regarding spirit is the emphasis on "the cut," which is discussed at length and can be summed up in the words "Although attitude has these five divisions, the one purpose of all of them is to cut the enemy. There are none but these five attitudes." While ninja may use diversion and attempt to avoid combat, depending on the situation, the spirit of the samurai is to win in combat.

The Fire Book

In the Fire Book, the author focuses on fighting, but expands into the fighting spirit of the samurai. The real crux of this book is in the following passage:

The training for killing enemies is by way of many contests, fighting for survival, discovering the meaning of life and death, learning the Way of the sword, judging the strength of attacks and understanding the Way of the "edge and ridge" of the sword.

As we can see, the emphasis is again on winning in combat, which is how battles were won on the battlefield. However, the Fire Book does not contain any information about feints or the use of deceit to trick the enemy, yet still let them seem the victors in battle. This absence of falsities in battle in the Book of Five Rings is because of the emphasis meeting in battle, instead of avoiding it. When we take a look at the ninja, we will see that the samurai and ninja have completely different viewpoints on the goals of battle.

The Wind Book

Understanding different schools of martial arts is an important part of the samurai's ability to be effective in combat, according to the Wind Book. However, the different schools referred to in the Wind Book focus on the same things found under the Water Book, which include the use of the long sword, the short sword, gaze, use of feet, and speed. The focus again is meeting an opponent in a battle to the death. This is in contrast with the ninja in that one of the goals of the ninja was to complete their mission, which was often that of a clandestine nature — face-to-face confrontations to the death were usually the rare exception, and would usually result in the compromise of the mission.

The samurai had a strong bond with their sword, which has been called the "soul of the samurai." According to Nitobé, the sword was the physical representation of his own loyalty and honor and wore them even in the most trivial of activities outside of his home. As we will see later, this is in contrast to how the ninja perceived their sword — as a tool.

The Book of the Void

The concept of void is an integral part of Japanese culture and is basically the belief in nothingness, whether it is emptiness or the unknown. The idea of void is included in both samurai and ninja teachings and is an essential part of their understanding of the world. According to Musashi, the Book of the Void requires samurai to understand other martial arts, but to never stray from "the Way." By doing so, the samurai understands multiple disciplines without deviating from Bushido.

Hagakure (In the Shadow of Leaves)

Another treatise in Bushido was written by Yamamoto Tsunetomo in the 1700s and varies dramatically from the teachings of Musashi in certain areas. Tsunetomo summarizes the role of the samurai early on in the writings: "For a warrior there is nothing other than thinking of his master. If one creates this resolution within himself, he will always be mindful of the master's person and will not depart from him even for a moment." The book, Hagakure, includes numerous stories of samurai, interspersed with explanations of what is Bushido. The examples in the Hagakure are a bit heavy-handed, compared to the descriptions of Bushido by Nitobé, and it describes many scenes in which the samurai committed (or should have committed) seppuku (Figure 1.2), in order to regain their honor over some grievance or mistake on the part of the samurai. According to Masaaki Hatsumi, the current grand master of Ninjutsu, or the art of the ninja, the examples in the Hagakure illustrate that the samurai "did not reach the highest level in martial arts, and their experiences and writings are mere illusion."

One area that the Hagakure matches with that of the Book of Five Rings is that a samurai should have the mindset of attacking one's foe. In the Hagakure, the author states that "it is a principle of the art of war that one should simply lay down his life and strike. If one's opponent also does the same it is an even match. Defeating one's opponent is then a matter of faith and destiny." In the case of the author's own views regarding how to best be samurai, he provided the following guidelines:

• Never to be outdone in the Way of the samurai

• To be of good use to the master

• To be filial to his parents

• To manifest great compassion and to act for the sake of man.

Surprisingly, these guidelines are similar to those of the ninja — what is different is how they are executed during their duties.

Samurai Weapons

The samurai were well versed in multiple weapons of their time, including even the gun. However, the primary weapon most associated with samurai is the katana, referred to by Musashi as the long sword, which could "be used effectively in all situations." Additionally, the companion (short) sword (also referred to as a wakizashi) was used in confined spaces, the bow at the commencement of battle, the spear used on the battlefield, the halberd as a defensive weapon, and the gun for inside fortifications.

(Continues...)



Excerpted from Ninja Hacking by Thomas Wilhelm Jason Andress Copyright © 2011 by Elsevier, Inc.. Excerpted by permission of Syngress. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Introduction Chapter 1. The Historical Ninja Chapter 2. The Modern Ninja Chapter 3. Strategies and Tactics Chapter 4. Exploitation of Current Events Chapter 5. Disguise Chapter 6. Impersonation Chapter 7. Infiltration Chapter 8. Use of Timing to Enter an Area Chapter 9. Discovering Weak Points in Area Defenses Chapter 10. Psychological Weaknesses Chapter 11. Distraction Chapter 12. Concealment Devices Chapter 13. Covert Listening Devices Chapter 14. Intelligence Chapter 15. Surveillance Chapter 16. Sabotage Chapter 17. Hiding and Silent Movement

Read More Show Less

Customer Reviews

Average Rating 4.5
( 2 )
Rating Distribution

5 Star

(1)

4 Star

(1)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Posted January 7, 2011

    Interesting approach to a security book

    I wasn't really sure how this was going to be based on the title, which really is a little goofy, but someone bought me a copy as a present, so I thought I would give it a go. This is definitely different than most of the security books that I have read because it has alot of history info on the ninja, particularly at the beginning of the book. It did take me a bit to get into the groove of the book, but I ultimately ended up enjopying it quite a bit. They do make some interesting comparisons between the ninja and pentesters and have some good ideas on how some of their methods could be used in the modern day. At the very least, it gives you a different way to look at attacks, even if they aren't all usable in normal pen testing. All in all a good read and reccomended if you're willing to get your heard around something different than most other security books.

    2 out of 2 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted April 14, 2012

    Llyod

    Soft serve frozen yogurt is DElicious.

    0 out of 2 people found this review helpful.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)