Ninja Hacking: Unconventional Penetration Testing Tactics and Techniquesby Thomas Wilhelm
Ninja Hacking offers insight on how to conduct unorthodox attacks on computing networks, using disguise, espionage, stealth, and concealment. This book blends the ancient practices of Japanese ninjas, in particular the historical Ninjutsu techniques, with the present hacking methodologies. It looks at the methods used by malicious attackers in real-world/i>
Ninja Hacking offers insight on how to conduct unorthodox attacks on computing networks, using disguise, espionage, stealth, and concealment. This book blends the ancient practices of Japanese ninjas, in particular the historical Ninjutsu techniques, with the present hacking methodologies. It looks at the methods used by malicious attackers in real-world situations and details unorthodox penetration testing techniques by getting inside the mind of a ninja. It also expands upon current penetration testing methodologies including new tactics for hardware and physical attacks.
This book is organized into 17 chapters. The first two chapters incorporate the historical ninja into the modern hackers. The white-hat hackers are differentiated from the black-hat hackers. The function gaps between them are identified. The next chapters explore strategies and tactics using knowledge acquired from Sun Tzu's The Art of War applied to a ninja hacking project. The use of disguise, impersonation, and infiltration in hacking is then discussed. Other chapters cover stealth, entering methods, espionage using concealment devices, covert listening devices, intelligence gathering and interrogation, surveillance, and sabotage. The book concludes by presenting ways to hide the attack locations and activities.
This book will be of great value not only to penetration testers and security professionals, but also to network and system administrators as well as hackers.
- Discusses techniques used by malicious attackers in real-world situations
- Details unorthodox penetration testing techniques by getting inside the mind of a ninja
- Expands upon current penetration testing methodologies including new tactics for hardware and physical attacks
- Elsevier Science
- Publication date:
- Sold by:
- Barnes & Noble
- NOOK Book
- Sales rank:
- File size:
- 4 MB
Read an Excerpt
Ninja HackingUnconventional Penetration Testing Tactics and Techniques
By Thomas Wilhelm Jason Andress
SyngressCopyright © 2011 Elsevier, Inc.
All right reserved.
Chapter OneThe Historical Ninja
In the news, we are constantly hearing about malicious hackers who were able to achieve incredible success against large corporations, stealing millions of dollars worth of data. Yet, we wonder why these large corporations succumb to the malicious attacks in the first place, considering the resources available. Government systems, with threats coming from across the globe, are successfully compromised; yet, the governments cannot put together an effective shield to prevent the attacks in the first place. These events should make us wonder how the extremely proficient malicious hackers could ever succeed — the answer is twofold:
1. They do not have to play by anyone's rules.
2. They think differently.
By not having to play by anyone's rules, they can try different types of attack vectors, without having to worry about scope statements and get-out-of-jail-free letters — they are free to try anything they want. The advantages of thinking differently mean that they can try unconventional attacks against targets; there are no limitations to their creativity and freedom to try new things, even if the attacks result in shutting down systems or destroying data. The truly talented malicious hackers are unique and quite a challenge to stop.
Because malicious hackers are real, it is critical for security engineers tasked with defending systems to understand how the "enemy" thinks ... and that is part of what this book is about. We will be taking a look at how to think unconventionally, learn how to conduct attacks against our own systems, and understand what can be done by malicious hackers against both corporate and government systems.
We will attempt to emulate the mind and follow the teachings of the ancient ninja, so that we can create and execute unorthodox attacks against computer networks, systems, and facilities. We will also attempt to understand how to better be prepared for such attacks, should they target our organization. While this seems like an odd task to attempt, we will find that there are numerous parallels between the philosophy of the ninja and the philosophy of some of the more successful hackers — both malicious and friendly.
To understand the ninja, we have to understand the samurai and the feudal system of ancient Japan, for the ninja were defined by their times and foes. Both the ninja and samurai stand out in history primarily because their culture was not significantly influenced by western society until the 1800s. As a result, their culture and philosophy was developed independent of foreign moralities and viewpoints (Chinese influence is the primary exception). Because of the lack of influence by western society, it is difficult for most Westerners to understand the mindset of the times when the ninja were influential in Japan. While this book is by no means meant to be an historical tome on the ninja, we will be looking at the history of both the samurai, feudal Japan, and how the ninja profession was shaped.
The samurai were the militaristic upper-class of ancient Japan and had far reaching authority to shape both history and the countryside of the nation. The samurai were considered the elite and would (theoretically) dole out justice within their community or across the countryside during their travels. Samurai could be hired on as mercenaries as needed or retained as part of a standing army by a warlord. Without a doubt, the samurai defined how war was conducted in ancient Japan and were considered a standard of chivalry. However, chivalry has its shortfalls — specifically the need to follow ethical standards. The ninja eschewed such shortcomings, which is why they became such an important force in Japanese politics and war.
Born out of necessity because of constraints in their ethical code, called Bushido, the samurai were unable to do some of the more nefarious types of attacks or clandestine political operations. The ninja were able to fill that vacancy; however, it should be understood that the job of a ninja was not something anyone ever aspired to become — ninja existed because there was no other choice, either because of the pressures of war, the Japanese culture, or their inability to compete with samurai directly. The life of the ninja was not considered glorious or honorable — in fact, the ninja were often despised by Japanese culture; yet, they were sometimes tolerated because of their usefulness by the ruling class. This tolerance was sometimes cast aside — there were more than one occasion when ninja strongholds were attacked solely on the desire to eradicate the threat the ninja posed to those in power.
The line between samurai and ninja weren't always well-defined, either. In some cases, samurai would also perform the duties of a ninja, as dictated by the needs of the ruling warlord. Because of the disgraceful nature of the ninja, all ninja would disguise their true nature with that of a different profession, whether it was as a farmer, an entertainer, a priest, a fisherman, a merchant — or even a samurai. There have been many famous samurai who were thought to have also performed duties as a ninja; the need for clandestine operations in times of conflict was simply unavoidable. Because of the militaristic training, the samurai were quite capable of performing this dual role.
In this chapter, we will look at the history of the ninja. But because of the interrelationships between the samurai and the ninja, we must also understand the samurai as well. Once we understand the histories of both cultures, we can then begin to understand how we might integrate the philosophy of the ninja into the modern world of information security.
THE HISTORICAL SAMURAI
Hollywood has portrayed the samurai in various lights — sometimes good and sometimes evil. As with everything in history, the samurai cannot be easily defined in such simplistic descriptions. There were certainly samurai who abused their power, just as there were samurai who upheld the "greater good." To understand the historical influence of the samurai, we have to examine the philosophy and writings of the time.
The dominant philosophy of the samurai was that of Bushido (Bu-shi-do), which literally translated means Military-Knight-Ways. In general, the samurai attempted to uphold the traditions of Bushido, even though there was no written version of this code of honor. However, there were some writings over the centuries that did have some influence on the samurai — both in terms of military conduct and philosophy.
The samurai, and Bushido, were discussed in detail by Dr. Inazo Nitobé in his work titled Bushido, the Soul of Japan, originally written in 1900, intended for western audiences. Dr. Nitobé described Bushido as an ethical system that influenced all of Japan. For the samurai, Bushido was the "noblesse oblige of the warrior class" and provided the samurai with a moral compass in which to conduct their affairs.
Although Bushido was never formalized in written form, there were many scholars and warriors from Japan who wrote about their opinion and insight as to what it meant to be samurai. These writings, along with oral traditions, were used to teach newer generations of samurai what was required of them in service of their warlord. These teachings were restricted only to those things considered critical for a warrior, however. According to Nitobé, there were three areas that the samurai focused all their effort on: wisdom, benevolence, and courage. The samurai were "essentially a man of action. Science was without the pale of his activity. He took advantage of it in so far as it concerned his profession of arms. Religion and theology were relegated to the priests; he concerned himself with them in so far as they helped to nourish courage [...] literature was pursued mainly as a pastime, and philosophy as a practical aid in the formation of character, if not for the exposition of some military or political problem."
The Book of Five Rings
Similar to Sun Tzu's The Art of War, the Book of Five Rings is a treatise on military strategy. The Book of Five Rings, written by Miyamoto in the 1600s, broke the samurai strategy down into five elements or rings: Ground (strategy), Water (the warrior's spirit), Fire (fighting), see Figure 1.1, Wind (military traditions), and Void (balance of all things). As a way of thinking in order to properly follow "the Way" of Bushido, Musashi outlined the following nine tenets:
1. Do not think dishonestly.
2. The Way is in training.
3. Become acquainted with every art.
4. Know the Ways of all professions.
5. Distinguish between gain and loss in worldly matters.
6. Develop intuitive judgment [sic] and understanding for everything.
7. Perceive those things which cannot be seen.
8. Pay attention even to trifles.
9. Do nothing which is of no use.
These tenets, when applied to the different "rings," provided a path in which samurai could follow and stay within the moral guidelines of Bushido. While Musashi's treatise on strategy is worth reading in its entirety (even for those who are just interested in ninja hacking), we will focus on some specific excerpts.
The Ground Book
The Ground Book discusses strategy with regard to victory on the battlefield. Musashi summarized the job of the samurai as "the Way of the warrior is to master the virtue of his weapons." He then discusses the advantages and disadvantages of each weapon used during his period of Japanese military campaigns. This is in contrast with that of the ninja, in that the ninja had to learn how to use everyday items as weapons, since possession of military-type weapons would make them stand out if they were in the disguise of any profession, other than samurai.
The Water Book
The Water Book focuses on the samurai's spirit; although the book focuses primarily on the fighting spirit, the writings were applied to every aspect of a samurai's life — not just in combat. The idea behind water is that it is fluid, not rigid. When using the sword, although the attacks by samurai may seem stiff and regimented, the true mindset is that of calm and an absence of tenseness.
What distinguishes the samurai from the ninja regarding spirit is the emphasis on "the cut," which is discussed at length and can be summed up in the words "Although attitude has these five divisions, the one purpose of all of them is to cut the enemy. There are none but these five attitudes." While ninja may use diversion and attempt to avoid combat, depending on the situation, the spirit of the samurai is to win in combat.
The Fire Book
In the Fire Book, the author focuses on fighting, but expands into the fighting spirit of the samurai. The real crux of this book is in the following passage:
The training for killing enemies is by way of many contests, fighting for survival, discovering the meaning of life and death, learning the Way of the sword, judging the strength of attacks and understanding the Way of the "edge and ridge" of the sword.
As we can see, the emphasis is again on winning in combat, which is how battles were won on the battlefield. However, the Fire Book does not contain any information about feints or the use of deceit to trick the enemy, yet still let them seem the victors in battle. This absence of falsities in battle in the Book of Five Rings is because of the emphasis meeting in battle, instead of avoiding it. When we take a look at the ninja, we will see that the samurai and ninja have completely different viewpoints on the goals of battle.
The Wind Book
Understanding different schools of martial arts is an important part of the samurai's ability to be effective in combat, according to the Wind Book. However, the different schools referred to in the Wind Book focus on the same things found under the Water Book, which include the use of the long sword, the short sword, gaze, use of feet, and speed. The focus again is meeting an opponent in a battle to the death. This is in contrast with the ninja in that one of the goals of the ninja was to complete their mission, which was often that of a clandestine nature — face-to-face confrontations to the death were usually the rare exception, and would usually result in the compromise of the mission.
The samurai had a strong bond with their sword, which has been called the "soul of the samurai." According to Nitobé, the sword was the physical representation of his own loyalty and honor and wore them even in the most trivial of activities outside of his home. As we will see later, this is in contrast to how the ninja perceived their sword — as a tool.
The Book of the Void
The concept of void is an integral part of Japanese culture and is basically the belief in nothingness, whether it is emptiness or the unknown. The idea of void is included in both samurai and ninja teachings and is an essential part of their understanding of the world. According to Musashi, the Book of the Void requires samurai to understand other martial arts, but to never stray from "the Way." By doing so, the samurai understands multiple disciplines without deviating from Bushido.
Hagakure (In the Shadow of Leaves)
Another treatise in Bushido was written by Yamamoto Tsunetomo in the 1700s and varies dramatically from the teachings of Musashi in certain areas. Tsunetomo summarizes the role of the samurai early on in the writings: "For a warrior there is nothing other than thinking of his master. If one creates this resolution within himself, he will always be mindful of the master's person and will not depart from him even for a moment." The book, Hagakure, includes numerous stories of samurai, interspersed with explanations of what is Bushido. The examples in the Hagakure are a bit heavy-handed, compared to the descriptions of Bushido by Nitobé, and it describes many scenes in which the samurai committed (or should have committed) seppuku (Figure 1.2), in order to regain their honor over some grievance or mistake on the part of the samurai. According to Masaaki Hatsumi, the current grand master of Ninjutsu, or the art of the ninja, the examples in the Hagakure illustrate that the samurai "did not reach the highest level in martial arts, and their experiences and writings are mere illusion."
One area that the Hagakure matches with that of the Book of Five Rings is that a samurai should have the mindset of attacking one's foe. In the Hagakure, the author states that "it is a principle of the art of war that one should simply lay down his life and strike. If one's opponent also does the same it is an even match. Defeating one's opponent is then a matter of faith and destiny." In the case of the author's own views regarding how to best be samurai, he provided the following guidelines:
Never to be outdone in the Way of the samurai
To be of good use to the master
To be filial to his parents
To manifest great compassion and to act for the sake of man.
Surprisingly, these guidelines are similar to those of the ninja — what is different is how they are executed during their duties.
The samurai were well versed in multiple weapons of their time, including even the gun. However, the primary weapon most associated with samurai is the katana, referred to by Musashi as the long sword, which could "be used effectively in all situations." Additionally, the companion (short) sword (also referred to as a wakizashi) was used in confined spaces, the bow at the commencement of battle, the spear used on the battlefield, the halberd as a defensive weapon, and the gun for inside fortifications.
Excerpted from Ninja Hacking by Thomas Wilhelm Jason Andress Copyright © 2011 by Elsevier, Inc.. Excerpted by permission of Syngress. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
Meet the Author
Thomas Wilhelm has been involved in Information Security since 1990, where he served in the U.S. Army for 8 years as a Signals Intelligence Analyst / Russian Linguist / Cryptanalyst. A speaker at security conferences across the United States, including DefCon, HOPE, and CSI, he has been employed by Fortune 100 companies to conduct risk assessments, participate and lead in external and internal penetration testing efforts, and manage Information Systems Security projects.Thomas is also an Information Technology Doctoral student who holds Masters degrees in both Computer Science and Management. Additionally, he dedicates some of his time as an Associate Professor at Colorado Technical University and has contributed to multiple publications, including both magazines and books. Thomas currently performs security training courses for both civilian and government personnel through Heorot.net, and maintains the following security certifications: ISSMP, CISSP, SCSECA, and SCNA.
Jason Andress (CISSP, ISSAP, CISM, GPEN) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. Jason has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.
Most Helpful Customer Reviews
See all customer reviews
I wasn't really sure how this was going to be based on the title, which really is a little goofy, but someone bought me a copy as a present, so I thought I would give it a go. This is definitely different than most of the security books that I have read because it has alot of history info on the ninja, particularly at the beginning of the book. It did take me a bit to get into the groove of the book, but I ultimately ended up enjopying it quite a bit. They do make some interesting comparisons between the ninja and pentesters and have some good ideas on how some of their methods could be used in the modern day. At the very least, it gives you a different way to look at attacks, even if they aren't all usable in normal pen testing. All in all a good read and reccomended if you're willing to get your heard around something different than most other security books.
Soft serve frozen yogurt is DElicious.