I was surprised a week or two ago when Hacking: The Next Generation showed up on Amazon. I generally anxiously await most new security titles months ahead of time. But this one stayed under the radar. Hacking immediately got my attention both because of the title and because the lead author, Nitesh Dhanjani, wrote Network Security Tools. The latter book is an excellent work with practical examples and lots of code that will enable you to quickly jump into the internals of many security tools.
Hacking sets ambitious goals. The premise seems to be evolving the art of penetration testing to include recent blended attacks. If you’re familiar with HD Moore’s Tactical Exploitation or other similar talks you’ll see a lot of familiar material. Additionally, the book covers ‘blended’ or ‘chained’ attacks. Overall, the book succeeds in articulating conceptual attack vectors. Unfortunately, it falls short in execution. The book lacks details. Excluding Chapter 2, there’s very little code. So while the concepts are great, the book doesn’t enable the reader to readily execute the discussed attacks.
Several of the chapters have extremely interesting topics. Chapter 6: Abusing Mobile Devices could have been awesome. But rather than discussing mobile software security, it focuses on web sites of mobile provider websites and theoretical security weaknesses. There’s very little sustenance that the reader can use to hack or evaluate a particular mobile device.
Chapter 7: Infiltrating the PhishingUnderground is similar to the previous chapter. It looks at real-world attacks, but it doesn’t give a security professional the tools to go execute phishing attacks. The chapter belongs more in the book Crimeware.
Overall, I’m disappointed in the book. If you’re new to penetration testing or the security community this might be a good book. But if you’re looking for something that can immediately be hands on to execute the latest types of attacks, Hacking falls short. I think the cover accurately describes the book… it’s a cool looking pirate ship. However, if you look closely, you’ll see that the ship is taken-aback (meaning it’s sailing too close to the wind and the captain has lost control), and is in danger of being dismasted. Likewise, the book looks cool, and could be cool, but something went wrong.
Note: the book isn’t available in paperback yet. It is available on safari.oreilly.com and on the Kindle.