The parlous state of software and IT infrastructure security is also a career opportunity, with malware analysts, security researchers, penetration testers and red teams all in demand. Defenders need to know how attackers think, and what tools they use, so they can assess their own infrastructure for vulnerabilities and learn to detect malicious activity in the network.
In Ethical Hacking: A Hands-on Introduction to Breaking In, Daniel G Graham sets out to deliver a practical guide for learning hacking techniques, and you jump straight into the hands-on guide by creating a set of Linux VMs to host the environment you’re going to break into (since you can’t ethically hack someone else’s environment). You then work through some known vulnerabilities, progressing to capturing traffic, building a botnet and a ransomware server, generating phishing emails and deepfakes.
Although you’ll need to know how to write and run Python code, you don’t need a great deal of expertise to get started because the step-by-step instructions are clear and detailed. Along the way, complex concepts are explained well: if you want to execute ransomware or try to bypass TLS, you need to understand encryption first, you need to understand syscalls and the underpinnings of Linux for rootkits, and likewise hashing for cracking passwords.
Graham steps through common hacking techniques, creating deepfake video and audio, exploring how publicly available information is interconnected with Maltego to reveal information about an organisation’s staff and infrastructure, downloading databases of cracked and breached passwords, looking for exposed vulnerable devices with Masscan, Shodan and Nessus, building Trojans and Linux rootkits (you’ll need to know C coding for this), using SQL injection to extract usernames and passwords from websites, cross-site scripting attacks and privilege escalation once you get into a network. You’re unlikely to discover your own zero days, but you will learn fuzzing, and how to exploit the OpenSSL Heartbleed vulnerability.
Along the way, Graham introduces other hacking tools like King Phisher, the swaks SMTP auditing tool in Kali Linux, John the Ripper for password cracking, Hydra for automating brute force password attacks, and many others.
The chapter on attacking domain servers, Active Directory and Kerberos on large Windows networks could probably be expanded to fill a book of its own, but if you’re a Windows network admin and you don’t already know how to use Mimikatz, even this quick survey of the approaches hackers will take should be something of a wake-up call. (Microsoft has extensive guidance on remediating many of the issues covered here.)
While this book will help even a relative beginner to become familiar with a wide range of tools that are useful to hackers, it is — as promised — a hands-on introduction. Readers will be in a position to explore further, and the final chapter talks you through hardening a hosted VM that you can use for actual ethical hacking. It also mentions some tantalising advanced targets like industrial systems and cellular infrastructure, although readers won’t immediately be in a position to go after those without doing quite a bit of extra work.
Even if you don’t plan to do any active ethical hacking, it should be a salutary warning to anyone in IT that hacking tools are both sophisticated and widely available. There are plenty of tutorials aimed at using them maliciously, so the detail in this book doesn’t increase the risk to those with vulnerable systems. If you do want to pursue this as a career, Ethical Hacking will guide you through the first steps.
Read more book reviews