Title: Live Hacking: The Ultimate Guide to Hacking Techniques and Countermeasures for Ethical Hackers & IT Security Experts
Author: Dr. Ali Jahangiri
Reviewer: John Forrester
I’d never be so presumptuous as to label myself a hacker but I am an IT security guy so I know the subject matter pretty well. The allure of Dr. Jahangiri’s book was that it would educate me to think like a hacker, so helping me better understand how the bad guys operate and how they gain unauthorized access to our computer systems and networks. As Sun Tzu once wrote, “To know your enemy you must become your enemy.” So, I was really quite excited to get my hands on this book, especially after reading the back cover blurb on Amazon.com and seeing the rave review that a previous reader (or friend) had given it. However, when the package arrived (courtesy of DFM), I was really disappointed. It’s obviously self-published – no problem with that as long as it’s done well – and it shows. There are a bunch of grammatical and spelling errors in the text that really detract from the overall quality of the book and at 49.99UD$ I had serious reservations about ‘value for money’. If I wasn’t writing a review for DFM I’d have considered sending the book right back to where it came from any demanding a refund. However, I ploughed on regardless, and here’s what I found. Firstly, a criticism again on value is that the book is full of (and I mean packed tight with) screen grabs from websites where the page is so condensed that it’s virtually impossible to read or interpret the detail, so the impact of showing the reader the tool is completely lost with such bad reproduction. The first chapter on essential terminology is sparse and did not deliver the glossary I was hoping for, while chapter 2 on reconnaissance simply lists a plethora of websites that you might be able to glean some information about your target from (the bulk of this chapters content is screen grabs). Chapter 3 on Google hacking is ok for a stratospheric overview of a complex subject, but after reading an excellent treatment on exactly this subject just a few months ago (Google Hacking by Johnny Long; published by Syngress) this chapter left me somewhat flat. Chapters 4, 5 and 6 on scanning, enumeration and password cracking again were ok, not fantastic, just ok. What these chapters offer are simplistic, high-level overviews of three subjects that each deserve (and have already got) books in their own right – some at lower price points, I might add. Chapter 7 delivers a whopping 11 whole pages on Windows hacking. Now, I have some experience with penetration testers trying to hack into my systems and I’d guess they had more than 11 pages worth of experience at hand. Maybe I’m wrong, but I’d probably even take a bet on it. Uncommonly in this book, I was pleasantly surprised with chapter 8 on malware as the author covers a good range of nefarious technologies. Aside from an unnecessary abundance of full sized screen captures (yawn, I do go on) from Spytector (there are 8 back-to-back across just 5 pages) the author does a good job of providing an overview of the various forms of ‘bad code’ that can gain access to your systems and data. I was fairly unimpressed with the rest of the book, with the highlight being chapter 10’s treatment of a SQL injection attack – I’d always wondered how that works. So, with 185 pages of useful (?) content, many of which are crammed with illegible screen grabs, I was not impressed. Sorry, Dr. JahanGri, I’m sure you are a very clever man and very proficient in teaching this stuff to your students, but maybe you should consider looking for a professional publisher next time rather than the DIY option.