Aggressive Network Self Defense Book Review : Network Self Defense Explored : Poised Solutions Library

Aggressive Network Self Defense Book Review

Aggressive Network Self Defense

Author:: Neil Archibald
dedhed
Seth Foige
Chris Hurley
Dan Kaminsky
Johnny Long
Luke McOmie
Haroon Meer
Bruce Potter
Roelof Temmingh
Publisher:: Syngress
Published:: 2005
Pages:: 383

Aggressive Network Self Defense is a set of short stories, that uses the infotainment style of story telling to entertain whilst imparting information. Aggressive Network Self Defense takes the stance of both the attacker and the victim turned attacker, this is quite a common scenario in cyber security, where victims seek revenge or retribution against those who they think may have attacked them.

Aggressive Network Self Defense has a number of twists and turns and is useful both for Penetration Testing and System Hardening. There is an elements of ethics or morality in the stories but of course they are fictional and as such they are open to the authors' own whims as to what they perceive as a fitting outcome.

Quite a few cracks are explained, and also how to harden against them, which is normal for most Cyber Security offering the antidote with the poison is the standard way of dealing with the explanation of Penetration Testing techniques.

Overall I enjoyed reading Aggressive Network Self Defense, all the stories by the various authors are well written, and there is a lot of thought provoking material in the book, Aggressive Network Self Defense is one of the best books on the idea of active network self defense.

Aggressive Network Self Defense Chapters

PDA Perils: Revenge from the Palm of Your Hand
- The Attacker
- The Administrator
- The Infection
- The Detection
- Windows Mobile Forensics
- ARM Assembly Tutorial
  - ARM registers
  - Opcodes
    - CMP
    - MOV
    - B
    - LDR/STR
- Code Tracking
  - Verification with a Debugger
  - Finding the Keylogger
- The Plan
  - Phase One Overview
  - Phase Two Overview
- Creating Trojanbob.exe
  - Adding Code
  - Understanding the CreateFile Function
  - Turning Bobsvr.exe into Trojanbob.exe
  - The Alert
  - File Type Test
    - LSL: Logical Shift Left
    - Creating an Import Subroutine
    - Emulating an Import Subroutine
- The Polymorphic Infector Trojan
  - Adding the Virus Component
  - Adding the Copy Routine
  - Matiing Viruses and Trojans
  - Redirecting Suspicion with Calc.exe
  - Polymorphic Updates
- Attacking the Attacker
- The Attacker, Part II
  - Joe Strikes Back
  - The Reverse Attack
  - Karma
- Just Joe: 10 Weeks Later
The Case of a WLAN Attacker: In the Booth
- The Interview
- I Just Needed a Job
- An Unsuccessful Attempt
- A Workable Plan
- Becoming the Man in the Middle
- Collecting the Credit Card Information
- Routing the User to the Internet
- The Crime Begins
- The Interrorgation Ends
- The Overzealous Administrator
- The Hunt Begins
- Escalating Privilege
- Opening a Backdoor
- The Aftermath - It All Goes Wrong
MD5: Exploiting the Generous
- Gravity and Gravitas
- c0j0nes
- J'Accuse
- Dependency Checking
- The Plan
- Nmap Sweeps and Cache Snoops
- Snooping the DNS Caches
- Port Knocking
- Exposing the Intruder
- Smokescreen
- Struck
A VPN Victim's Sotry: Jack's Smirking Revenge
- Busted
- Tyler and the Handler
  - The Job
- Jump-Boxing
  - Tyler's Arsenal
- Tyler Attacks!
  - Squeaking Right Past Squid
- I am Jack's Inflamed Sense of Rejection
- Jack Goes Digging
  - Tracking Logs
  - Launching a Sniffer
  - Hunting with a Honeypot
- Following the Attacker's Trail
  - Programmer's Delight
- Jack Plans His Revenge
  - Assembling a Strike-Back Exploit
- I Am Jack's Smirking Revenge
- The Interrogation
- Return on Investment
Network Protection: Cyber Attacks Meet Physical Response
- Becoming a Lab Admin
- Something Doesn't Smell Right
- Continuing Problems
- The Investigation
- More Problems
- Hardware Findings
- On the Offensive
- Putting It Together
- Installing the Keylogger and Waiting
- Time for Revenge
Network Insecurity: Taking Patch Management to the Masses
- Eric the Read
- Feeding the Addiction
- Intruder in the Light
- Watching the Watcher
- Violation
- Striking Back
- Confusion
- Dull No More
The Fight for the Primulus Network: Yaseen vs Nathan
- Yaseen's Recruitment
- Nathan's Recruitment
- Nathan's Environment
- Nathan Gathers Intelligence
- The Game Begins
- Nathan Enter Primulus' Zone
- Yaseen's Trace-Route Trickery and Vitality Scans
- Nathan's Ping Sweep
- Yaseen Message Nathan
- Nathan Responds
- Yaseen's Mild Panic
- The Battle
- Yaseen's Final Touches
- Nailing Vito
- Epilogue
- Related Links
Undermining the Network: A Breach Trust
- Mr. Torrence's Virus
- The Auditors
- The Anomaly
- The Hunt
  - Strike Back
  - Epilogue
ADAM: Active Defense Algorithm and Model
- Abstract
  - Introduction
- Active Defense
  - Planning
    - Active Defense Policy
    - Escalation Ladder
  - Detection
  - Evaluation
  - Decision
  - Action
  - Analysis
  - Escalation
  - Maintenance
- Goals and Assumptions
- Escalation Stages
- An Active Defense Algorithm and Model (ADAM)
  - Asset Evaluation
    - Scoring Chart
    - Asset Identification
    - Threat Identification
    - Risk Identification
  - Action Evaluation
    - Action Identification and Classification
    - Utility Modifiers
    - Risk Identification
- Escalation Ladder
  - Ladder Creation
- Algorithm
  - Contingency Plan
- Analysis
  - Generalizable
  - Useful
  - Expandable
  - Mitigate Legal Risk
  - Mitigate Ethical Risk
  - Minimize Unintended Consequence
  - Consistent
  - Thorough
  - Automated
- Conclusion
- Acknowledgements
- Notes
- References
Defending Your Right to Defend
- Introduction
- Mission Statement
- The Technology: Identifying the Attack
- The Technology: Neutralizing the Attack
- Method One (NC #1): Instantiate Named Mutex
- Method Two (NC #2): IPSec Rule Injection
- Post-Neutralization
- The Standards Body
- Conclusion
MD5 to Be Considered Harmful Someday
- Abstract
- Introduction
- MD5 How-To
- The Discovery: joux and Wang's Multicollision Attack
- Extending the Attack
- Stripwire
  - Demo
- Caveats
- Digital Signatures and DRM
- Multicollision Unleashed
- HMACStrikeback: Traitor Tracing
  - MP3
  - Executables
- Conclusions
- References
When the Tables Turn: Passive Strike-Back
- Introduction
- Analogies for Passive Strike-Back
  - Analogies from Nature
  - Analogies from Warfare
  - Analogies from Ideology
- A Cross Section of a Typical Attack
  - Reconnaissance and Footprinting
  - Network Mapping
  - Host Mapping
  - Vulnerability Discovery
  - Vulnerability Exploitation
  - Web Application Hacking
- Observable trends in 'Hacking
  - People Are Lazy
  - You're Only as Good as your Toolbox?
  - A Mechanics Car is Often Broken
  - Hacking is Really Just Data Analysis
  - Summary
  '
- Why We Control the Hacker
- There Are No Rules
  - We Own the Information
    - Summary
- Introducing Passive Strike Back
  - Strike-Back at Different Levels
  - Types of Strike-Back
    - Strike-Back That Stops Individual Attacks
    - Strike-Back That Creates Noise and confusion
    - Strike-Back That Attacks a Specific Tool
    - Strike-Back That Attacks the Attacker's Host or Network
    - Identifying Malicious Activity
    - Summary
  - Striking Back at Footprinting
    - Attack Tools
    - Strike-Back Strategy
    - Strike-Back Tools
    - Strike-Back Action
  - Striking Back at Network Reconnaissance
    - Attack Tools
    - Strike-Back Strategy
    - Strike-Back Tools
    - Strike-Back Action
  - Striking Back at Vulnerability Scanners
    - Attack Tools
    - Strike-Back Strategy
    - Strike-Back Tools
    - Strike-Back Action
  - Striking Back at Exploit Code
    - Attack Tools
    - Strike-Back Strategy
    - Strike-Back Tools
    - Strike-Back Action
  - Striking Back Web Application Scanners
    - Attack Tools
    - Strike-Back Strategy
    - Strike-Back Tools
    - Strike-Back Action
  - Summary
- Conclusion