Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques
Thomas Wilhelm, Jason Andress
Format: PDF / Kindle (mobi) / ePub
Ninja Hacking offers insight on how to conduct unorthodox attacks on computing networks, using disguise, espionage, stealth, and concealment. This book blends the ancient practices of Japanese ninjas, the historical Ninjutsu techniques in particular, with the present hacking methodologies.
The first two chapters incorporate the historical ninja into the modern hackers. The white-hat hackers are differentiated from the black-hat hackers. The function gaps between them are identified. The next chapters explore strategies and tactics using knowledge acquired from Sun Tzus The Art of War applied to a ninja hacking project. The use of disguise, impersonation, and infiltration in hacking is then discussed.
Other chapters cover stealth, entering methods, espionage using concealment devices, covert listening devices, intelligence gathering and interrogation, surveillance, and sabotage. The book concludes by presenting ways to hide the attack locations and activities.
This book will be of great value not only to penetration testers and security professionals, but also to network and system administrators.
- Discusses techniques used by malicious attackers in real-world situations
- Details unorthodox penetration testing techniques by getting inside the mind of a ninja
- Expands upon current penetration testing methodologies including new tactics for hardware and physical attacks
misconceptions were typically interested in tactics popularized in the movies, including use of poisons, deadly traps, and brutal techniques designed to severely hamper pursuing enemies (Garner B. personal communication, December 14, 2000). Although, historically, the ninja used such techniques, the essence of ninja training was not one of aggression, but of evasion, as stated by Hatsumi, which unwaveringly precludes the use of deadly force unless absolutely necessary. Although Hatsumi succinctly
someone specific can be useful during an attack. Ninja were quite skilled at impersonation. Gisojutsu, or impersonation, according to Steven K. Hayes, is used by the ninja as a “way of assuming another personality or identity in such a way as to operate in full sight or even with the cooperation of the enemy.”1 Based on Hayes’ definition, we can assume correctly that impersonation comes with additional danger of discovery since we now have to interact with and influence our victims in order to
want to challenge the injured, particularly when it could aggravate the condition of the injured to do so. Physical Traffic Patterns Traffic patterns are an excellent tool for the Zukin to use when needing to physically either enter or exit a facility. In larger facilities, there are generally times of the day that see a considerably higher amount of foot traffic, specifically shift changes and meal breaks. In many companies, shift changes happen, at a minimum, at the beginning and end of the
other information-rich resources. Although restrictions on disposal of data containing personal information have tightened in recent years due to HIPAA, FERPA, and other such data protection acts, people still have a tendency to be lazy and careless. Even though the disposal of such data may not be of immediate use as an aid in penetrating our target, it can serve the Zukin well as a distractor. If we were to find a printout of customer data and expose such information to a news agency, this
to journey home. In this chaos, we can find many distractions. Attacking during Maintenance Maintenance of facilities or networks also provides us with distractors. During network maintenance, the operation of the network may be decreased or absent, allowing us to plant equipment, take systems offline, or send unusual network traffic without drawing attention. We may also find that administrators and network security personnel are distracted by the maintenance taking place and may not be paying