Last year, I reviewed Jayson Street’s Dissecting The Hack: The F0rb1dd3n Network, uncovering a massive amount of plagiarism that resulted in the book getting pulled, pending a revision.  Here are the posts that chronicle those events:

  • The original review – …before I realized the extent of the plagiarism.  To summarize: I enjoyed the book’s fictional section, despite some flaws.  I had far more complaints with the “Security Threats Are Real” (STAR) section, which seemed very disjointed and unfocused.
  • Amending My F0rb1dd3n Network Review – …upon a closer look, it became apparent that readers (and reviewers) were misled.  The vast majority of the STAR section (comprising of all but 120 pages of the book’s total of 400) turned out to be plagiarized from various sources (primarily Wikipedia).  I documented it and made this post to warn potential readers.  The authors responded, pointing to the technical editor as the cause.
  • Syngress Response to Plagiarism in Dissecting the Hack: The F0rb1dd3n Network – Syngress released a statement confirming the authors’ take on what happened, and announced that there would be a revised release of the book.

On July 15th, a revised edition was released, and I requested a review copy so that I could see what had changed, and provide this new review.

What do you get?

The book has the same basic appearance as the previous version, with the addition of a third author, Brian Baskin, on the cover.  On the title page, Marcus Carey is added (in a smaller font) as an author, and Dustin D. Trammell is listed as the new technical editor.  Apart from “Revised Edition”, there is no discussion or acknowledgment of the book’s past.

The book has gone on a bit of a diet, roughly 70 pages.  This is a good thing, however, as the old STAR section was mostly irrelevant filler.  The fiction remains, virtually untouched from the previous version, at about 120 pages of the book’s 330 page.  The new STAR section is original content now, which is, of course, a dramatic improvement.

The Fiction

My comments from my first review mostly stand here.  The fictional F0rb1dd3n Network story was always an original creation of Jayson and Kent’s.  I am a big fan of the concept of “hacker fiction”, the likes of which you’ll find in another Syngress series, Stealing the Network.  I am definitely supportive of any attempts at writing new material in this genre.

As a story, I enjoyed this section of the book, but found it to be very short.  The plot is very much what one would expect out of a techno-thriller TV show (perhaps an episode of Leverage) and you get about the same degree of character development.  Unlike the Stealing The Network series, explanations of the attacks are saved for the STAR section, rather than given in-character in the story.  While I can see that this helps moves the story along, I think it makes the fiction seem quite short.  When it ends, you’re left wondering about some things that probably could have been wrapped up within this story, particularly an incident of “dark-grey-hat” hacking the protagonists vow to atone for, but that is never revisited.  It may be something that’s saved for a sequel, but it reads like the authors simply forgot about it by the end of the story.

I’m being critical here, but I really did like the story, as a whole, and I hope that there is an opportunity for the authors to continue it.  If you liked Stealing the Network, you’ll definitely enjoy it.  It ranks right up there with the best writing in that series.

(As an aside, if you want some awesome hacker fiction, check out Daniel Suarez’ Daemon and its sequel Freedom(TM))

While one of the selling points of the book is that all of the attacks discussed in the fiction are real and documented in greater detail in STAR, there are some minor quibbles with that.  There are times in the story where it seems as though the authors have hit the limits of their own experience with attacks, on more difficult topics like reverse engineering and exploit development.  In the handful of times this comes up, artistic license is taken, hands are waved, meaningless phrases are thrown around (“pop the sled on that buffer”) and the story moves on without one of those STAR references.  Only once does a technical error directly impact the story, and honestly it’s not something even most security professionals would have caught.  These are small issues, though I would have liked it if some outside help would have been brought in to lend some authenticity to those points and document them in STAR.

The “Security Threats Are Real” (STAR) section

The STAR section is greatly improved.  Gone are the page-chewing screenshots of blogs and descriptions of unrelated tools.  There is a greater focus on describing the attacks that are in the story than in the previous edition.  Overall, it reads as being much more professional.

It’s a good first-read for people interested in computer security.  There are some technical issues and organizational issues (some topics don’t really fit with the phase of attack they’re classified in), but it’s good for someone who’s gauging their potential interest in security.  Experienced readers might be slightly disappointed.  There is a lot of material on hacker culture that is heavily skewed to the authors’ experiences with various events, people, and conferences, which the uninitiated might take as gospel for the entire scene.  I think that a lot of this could have been trimmed down (perhaps placed on the website) to give a more in-depth and complete coverage of the attacks in the fiction section.

Should you buy it?

I believe that most of the regular readers of this site are the more technical members of the security community: penetration testers, folk who do forensics and incident response.  Readers in these are similar areas that are already “in” security will get a fun read out of this book (and it’s worth it for that, especially if you’re pining for more Stealing the Network) but are not likely to pick up any new skills.

If you’re new to this stuff, or if you’re testing the waters to see if security even catches your interest in the first place, this book might be an entertaining way to learn some basic concepts.  You’ll pick up a few simple skills, and you’ll have some points at which you can start researching something that interests you.  While I don’t see this book as keeping the attention of non-technical people that wish to stay non-technical, if you’re a motivated learner, it’s a decent place to start.

Overall:  It’s a great book for the audience it should be marketed to.  Good work and congratulations to Jayson, Kent, Brian, Marcus, and Dustin Trammell for fixing up the book and seeing it through to the end.

http://www.mcgrewsecurity.com/2009/10/12/book-review-dissecting-the-hack-the-f0rb1dd3n-network/
 

The results are in for the sixth Network Forensics Puzzle contest, and I won first place!  You can see my writeup, along with many of the other winner’s entries, at the forensicscontest.com blog:

Big thanks to everyone who put this contest together, as well as the prize sponsors for making it well worth my time to put in an entry.

I wrote a tool for my entry, pcapline.py, which generates an HTML report for a pcap file that an investigator can use to navigate around the various conversations and inspect the data being sent back and forth.  Here are some of the features I describe in my writeup:

  • HTML reports that allow for easy navigation/importing into a larger report
  • Generates a summary of flows between hosts on the network
  • Flows are broken up by segments representing parts of the conversation
  • Segments are dissected, carved, hashed. Currently, Pcapline supports HTTP GET requests and responses and the malware file transfers seen in challenge #6

While pcapline is developed and tuned for answering the questions from this challenge, it’s still a very useful starting point for examining other packet data as well.  You can view the report generated by pcapline here:

(NOTE: Files and data are carved out that some signature-based IPS will detect as being malicious.  I observed this on one computer where Sophos blocked access to this site on that computer after clicking the wrong link in this report.  You’re not likely in any danger, as pcapline renames things in such a way that they shouldn’t be executed or viewed in their native formats, but do take care)

Here’s the script itself.  It’s a slightly newer version than the one on forensicscontest.com .  I fixed a couple of places where it was generating terrible HTML that non-firefox browsers choked on.

Enjoy!

 

I really enjoy reading non-infosec books, audiobooks, articles and the like, consuming them with a mental exercise: finding out what lessons could be learned and applied to security.  My specific interests are in forensics, penetration testing, vulnerability analysis, exploit development, and profiling attackers.  Currently, as an occasional escape from technical material, I’m looking at some of Paul Ekman’s books on deception, with an eye for how it applies to topics like social engineering engagements, and even interactions with others in the infosec community.  Even with the controversy surrounding the research, there are some lessons to be learned, tricks to pick up, and things to think about.

As much as infosec professionals quote Sun Tzu’s The Art of War, I thought that I ought to check it out.  I downloaded a translation of it onto my iPod Touch and read through it in my spare time.  I felt as though I must have missed something, as I really didn’t see how most of it applied to security in anything more than a superficial way.

Now, at least I know that if I missed something, attrition.org missed it too.  They’ve posted a very well-reasoned analysis of the use of Sun Tzu’s work in infosec, pointing out all the places that it really doesn’t make sense.  Many of these are sticking points I also had when I tried to make the connection myself.  I especially agree with a fundamental point that the Attrition.org folk make: Defenders in infosec are strictly defenders, with their hands tied behind their backs when it comes to attacking the other side.  This is kind of a buzzkill for much of Tzu’s advice.

As with most Attrition.org articles, they pull no punches and call out people specifically.  This makes some readers uncomfortable, though I do think that it’s a fair and honest assessment.  Give it a shot if you’re looking for a good (and very different) read.

(Disclaimer: I have cooperated with the attrition.org guys on a couple of their writeups (though nothing compared to their original research), and I am pretty partial towards them and many of their views.  I just hope that if I ever stray into the danger zone of their “charlatan” list that I’ll have earned some kind of warning first ;) )

© 2012 McGrew Security Suffusion theme by Sayontan Sinha