Last month, I reviewed Tribe of Hackers Security Leaders: Tribal Knowledge from the Best in Cybersecurity Leadership, and referenced the classic hacking series Hacking Exposed: Network Security Secrets & Solutions by Stuart McClure, Joel Scambray and George Kurtz.
Obviously, there has been a tremendous amount of change in the past 20 years of hacking tools and techniques. In Hunting Cyber Criminals: A Hacker's Guide to Online Intelligence Gathering Tools and Techniques (Wiley 978-1119540922), Vinny Troia has written a splendid guide on hacking, with a focus on its investigative techniques.
Troia is well-known in the security world and has a habit of finding massive sets of highly confidential data in highly unsecured locations. From All American Entertainment to Exactis and others, Troia has found large buckets of unsecured data in the cloud.
The book goes through not only a vast amount of hacking tools, but it also details how to use them to perform a thorough investigation. The goal is not to simply download the most tools and run them; instead, it is to use them in a structured manner to perform effective intelligence gathering and investigations.
Troia also details his mission to discover the real-life identity of The Dark Overlord (TDO). TDO was an international hacker group that targeted high-profile targets and threatened to release embarrassing data and pictures of the victims unless they were paid. If the victims didn't pay, TDO put the data up for sale and also shared it via numerous forums.
As I write this, there are tens of thousands of brilliant scientists working to find a cure for COVID-19. But there might be just as many attackers attempting to use COVID-19 as a means to launch attacks. From phishing emails, malicious COVID-19 information websites with malware and more, hackers are using the current crisis to further their goals.
For those who have been a victim of such attacks, the book shows numerous ways and details many tools to discover clues to identify who the attackers were.
From a more proactive perspective, the book shows the many ways in which to test systems, identify data flow, test web applications and more to ensure that vulnerabilities are fixed before they can be exploited.
Rather than rely on him alone, Troia includes many expert tips from industry luminaries such as Chris Roberts, Troy Hunt, Chris Hadnagy and others. With these tips, the experts show how to more effectively use the specific tools, and avoid many of the pitfalls they first ran into.
I have always disliked webinars and articles with titles such as To Beat a Hacker, You Have to Think Like a Hacker and How to Think Like a Hacker. The truth is that most people simply do not know how to think like a hacker. That is not their fault; they also don’t know how to think like a neurosurgeon or civil engineer. With that, Hunting Cyber Criminals, in fact, does a great job of showing how it is possible to think like a hacker, except a white hat in this case. And you want to do that to make sure you do not become a victim of a black hat.