You probably already know this, but Johnny Long is a really great guy. He’s donating the proceeds of this book to the AOET:
AOET is an independent, indigenous non-governmental organization with the prime mandate of providing an education (formal and/or vocational) to desperately poor, neglected and forgotten orphans whose parents have died of AIDS. AOET assists children with AIDS and widows that have lost their spouses to AIDS and most of them HIV+themselves.
In addition to being an excellent cause, this is also a great way for an author to make a reviewer feel bad about saying anything negative about a book 
. Luckily it’s a very entertaining read, a must buy for its target audience, and definitely something to consider for others. If you do wind up buying the book, buy it through Johnny’s refferal link, so that the maximum amount possible makes its way through to the AOET. If you wind up not buying the book because of this review, please consider donating or assisting the AOET directly.
This was a fun book to read. If you’re in a position where you have to worry about physical security, it will certainly open your eyes up to some of the threats. Most of the book is made up of stories of real-world situations and observations by Johnny Long, and they definitely entertain and inform. If it gets you to thinking about how people access your facilities physically, how attackers can gather information over the phone, and how your employees should protect themselves while
traveling, then the book is well worth its cover price.
If you are a penetration tester looking to expand your ability to attack physical security, there may be times when you’re left hanging and wanting more. Johnny occasionally (and intentionally) stops short of giving all the details needed for someone to do bad things. If you’re thinking adversarially, you’ll likely have to follow up on the information in “No Tech Hacking” with some supplemental reading and research. Where it lacks in detail, it does make up for in getting you into the right mindset to perform good reconnaissance and in-person ops.
If you’ve already read Johnny’s other book, “Google Hacking For Penetration Testers”, you may be disappointed to find out that 74 of “No Tech Hacking”‘s 280 pages are reprinted from the former book’s chapter, “Google Hacking Showcase”. This chapter also focuses more on screenshots and examples of dangerous things that have been found using search engines, rather than techniques for finding these things in your own organization. The author even admits that it’s not really no-tech, and while the material is interesting, it seemed a little out-of-place.
The book is written and formatted very informally, with plenty of photographs reproduced in-line with the text that describes and makes reference to them. For the most part, the photos are well-printed and it’s easy to see the point, although a handful might leave you squinting. Sometimes it feels like the book has been written as a transcription of notes from Johnny’s conference presentations on the topic, but the style of the book suits the content well.
To summarize, “No Tech Hacking” has a few flaws and might be a little rough around the edges, but it strikes an excellent balance between entertainment and information. I highly recommend it if you’re interested in an overview of threats to physical security. I’d also recommend it as a gift to someone who needs their eyes opened about these threats. A technical background isn’t necessary to follow most of the book. For those looking to add skills to their penetration testing toolbelt, my recommendation is weaker, but it is definitely worth looking at to see if it’s new material for you. It’s probably worth it just for the excellent stories and anecdotes .
If you’re wanting more of an idea about the book, here’s a video from last year’s Defcon, where Johnny Long presented on the topic. If you enjoy it, then it’s a pretty safe bet you’ll get a kick out of the book:
Recent Comments