Copyright
Acquiring Editor: Rachel Roumeliotis
Development Editor: Matthew Cater
Project Manager: Laura Smith
Designer: Alisa Andreola
Syngress is an imprint of Elsevier
30 Corporate Drive, Suite 400, Burlington, MA 01803, USA
2011 Elsevier, Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
Application submitted
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
ISBN: 978-1-59749-588-2
Printed in the United States of America
11 12 13 14 15 10 9 8 7 6 5 4 3 2 1
Typeset by: diacriTech, India
For information on all Syngress publications visit our website at www.syngress.com
About the Authors
Thomas Wilhelm has been involved in Information Security since 1990, where he served in the U.S. Army for 8 years as a Signals Intelligence Analyst/Russian Linguist/Cryptanalyst. A speaker at security conferences across the United States, including DefCon, HOPE, and CSI, he has been employed by Fortune 100 companies to conduct risk assessments, participate and lead in external and internal penetration testing efforts, and manage Information Systems Security projects.
Thomas is also an Information Technology Doctoral student who holds Masters degrees in both Computer Science and Management. Additionally, he dedicates some of his time as an Associate Professor at Colorado Technical University and has contributed to multiple publications, including both magazines and books. Thomas currently performs security training courses for both civilian and government personnel through Heorot.net, and maintains the following security certifications: ISSMP, CISSP, SCSECA, and SCNA.
Jason Andress (ISSAP, CISSP, GISP, GSEC, CEH, Security+) is a seasoned security professional with a depth of experience in both the academic and business worlds. He is presently employed by a major software company, providing global information security oversight, and performing penetration testing, risk assessment, and compliance functions to ensure that the company's assets are protected.
Jason has taught undergraduate and graduate security courses since 2005 and holds a Doctorate in Computer Science. His research is in the area of data protection, and he has contributed to several publications, writing on topics including data security, network security, and digital forensics.
About the Ninjutsu Consultant
Bryan R. Garner (CHT, fifth-degree black belt in Bujinkan Budo Taijutsu/Ninjutsu, Security Specialist)holds a Shidoshi level teaching license in the Bujinkan Martial Arts system and has trained in Ninjutsu for more than 10 years. He has been involved in martial arts since he was 5 years old, receiving two Shodan ranks previously in other martial art styles. Sensei Garner has trained in Japan, as well as attended many seminars throughout the United States to further his training. He currently runs his own Ninjutsu Martial arts school in Colorado Springs and works as a full-time Security Specialist for a large corporation.
About the Technical Editor
Joshua Abraham (aka Jabra) joined Rapid7 in 2006 as a Security Consultant. Josh has extensive IT Security and Auditing experience and has worked as an enterprise risk assessment analyst for Hasbro Corporation. Josh specializes in penetration testing, web application security assessments, wireless security assessments, and custom code development. He has spoken at Black Hat, DefCon, ShmooCon, Infosec World, CSI, OWASP Conferences, LinuxWorld, and the SANS Pentest Summit. In his spare time, he contributes code to open source security projects such as the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ.
Introduction
Book Overview and Key Learning Points
This work is not what most people would expect to read when they pick up a hacking book. Rather than showing the reader how to perform traditional penetration test attacks against networks and systems, we will be taking an unusual journey, intended to expand the mind of the reader and force them to see system and network security from a completely different perspective.
Ninja Hacking provides the reader with a unique perspective of how to conduct unorthodox attacks against computing networks using disguise, espionage, stealth, and concealment. Many books on hacking discuss traditional methods used to gather information from corporate networks and systems. However, there are many infiltration techniques that are unconventional, which can yield greater access into a target network. By blending ancient practices of the Japanese ninja with current hacking methodologies, additional attack vectors can be realized.
Ninja Hacking explores historical Ninjutsu techniques and relates them to real-world penetration tests and hacking efforts in a manner that expands the mindset, tools, and methods of information of security experts who are intent on covertly assaulting a target network.