This book must surely have been written with a subversive gleam in Ramachandran's eye. It is the equivalent of the Anarchist's Handbook from the 1960s. Granted, the Preface has the statutory disclaimer about how the book is really meant for someone learning to be a penetration tester for a wireless network. Where you then have the expertise to help network administrators secure their networks. Or maybe you are a network administrator yourself. All this is indeed possible with the text.
So really the main aboveground audience is probably sysadmins. The book describes how to use freely available network programs like Wireshark to probe a wireless net. More potently, it gives examples of using Man In The Middle techniques to insert yourself as the invisible intermediary in a conversation between a user surfing the Internet and a targeted web server. Once you see this, you can be likely impressed by why MITM is often thought to be a gold standard of attack vectors.
Another strong aspect of the book is how it demonstrates that it is all too easy for an experienced attacker with the right hardware and software tools to detect and intrude on an insecure WEP or WPA network. Turns out that a WPA network is usually stronger than a mere WEP-using network. But don't get complacent. For both types, the lesson of the book is that the simplest countermeasure is to beef up your users' passwords and, of course, your sysadmin password. The speed of modern computers means that brute force dictionary attacks often suffice to find weak passwords.
Was this review helpful to you?
Most Helpful Customer Reviews on Amazon.com (beta)
38 of 40 people found the following review helpful
A Must-Have Tutorial on Backtrack 5 and Its ToolsSept. 26 2011
- Published on Amazon.com
An amazing book. This one wastes no time with a long pre-amble or justifying why you'd need to know how to pen-test; it just tells you what you need to know. You're sniffing wireless traffic right from the start, injecting packets by page 40 or so, and then you're off spoofing MAC addreses, cracking WPA (even shared authentication), and doing man-in-the-middle attacks.
This is not a book that explains a lot of theory and then expects you to figure out how to apply it. It's a finely-tuned set of clear, intentional tutorials that explains how to use the tools, how to get results, and then explains what happened and why. It covers some of the basics (like ifconfig, iwconfig, ping, and a little bit about packet specifications), and then moves on to the heavy-lifters like airmon, aireplay, airodump, wireshark, and others.
While all of these tools have tutorials and manuals online, the way they work together is seldomly explained, and even more rarely are they explained with the clarity and focus of this book. The situations the book covers are realistic wireless network setups that you'll find at businesses, cafes, and homes. There are screenshots on nearly everypage, so it doesn't just explain what to do - it actually shows you.
If you're completely new to pen-testing, this book is where you should start. You should try to learn at least a little bit of Linux before delving into this (but you should be learning that anyway) but this book doesn't assume that you are a pro. It guides you through all of the basic essentials, such as setting up a pen-testing lab environment (configuring your access point, making sure your wireless card is open enough to be configured, and so on), and even how to install Backtrack Linux itself. You will need a good lab environment to use this book effectively, so make sure you have access to a router, two laptops with wireless cards (one to use and one to be the victim), and a usb wireless card to perform packet injection (the book recommends the Alfa AWUS036H).
All in all, whether you're learning this stuff because you're angry at the world and want to mess up wireless networks or because you're a sys admin and need to protect your network from intruders, this is easily the best book on the subject I have found. Too many books on this topic assume that the reader is a "security professional" and uses jargon and lingo without explaining anything. This book sits down with you, gives you the information you need, and you get the results that you wanted. Considering that courses from Backtrack's website start at around $750, this book feels like a hack in itself.
25 of 26 people found the following review helpful
Best book to master Wi-Fi Kung FuOct. 31 2011
- Published on Amazon.com
Disclaimer: I have received this book from the publisher for special review. And author is good friend of mine. However the review remains genuine and unbiased.
This book is highly technical & written completely from practical perspective. To get the best out of this book you need to parallely follow it up with your own setup as shown in first chapter. And at the end of it, there will be one more Wi-Fi ninja in the air.
Here is the complete chapter by chapter review,
First chapter starts with the famous line from `Abraham Lincoln' pressing on the importance of setting up the play ground,
"If I had eight hours to chop down a tree, I'd spend six hours sharpening my axe."
It lists both hardware/software requirements with 2 Wi-Fi enabled laptops, one injectible Wi-Fi card (Alfa AWUS036H) & a access point. Some more listing of alternative injectible Wi-Fi cards would have been better though. It is often difficult to get the right one especially for those who are outside USA/UK. In my initial days of wardriving, I remember waiting for entire year to get my first injectible USB dongle. And without the right card, you are on the back foot as you can't perform most of the attacks.
Remaining portion of first chapter shows how to install BackTrack, Setting up access point and wireless cards in detail with screenshots. Next one explains in brief about wireless frames and shows how to capture the Wi-Fi packets in the air and inject your own packets using Alfa card.
It goes more interesting with chapter 3 showing how to bypass various wireless security restrictions such as hidden SSIDs, defeating MAC filters, bypassing WEP authentication etc. Next it shows how to really crack those 128 bit WEP keys using aircrack-ng tool. Finally it describes how we can use these cracked WEP/WPA passphrase to decrypt wireless data packets and directly connect to WEP/WPA network.
Chapter 5 explains various Denial of Service (DoS) attacks including De-Authentication, Dis-Association, CTS-RTS attack & spectrum jamming. It also shows how one can perform `Evil Twin' attack against legitimate Access point and how to setup rogue access point to gain backdoor entry into the network.
Often the weakest point lies at the client side, so the chapter 6 goes to describe all those attacks one can perform on wireless clients including Honeypot and Mis-Association attacks, Caffe Latte attack, De-Authenticaton and Dis-Association attacks, Hirte attack, AP-less WPA-Personal cracking etc. Next one shows how to perform wireless based Man-in-the-Middle (MITM) attacks and then use it for sniffing and hijacking of user sessions.
Chapter 8 focuses on WPA-enterprise based attacks such as exploiting the weakness in PEAP, EAP-TLS protocols. It ends with recommendation on secure wireless configuration using `WPA2-PSK with a strong passphrase' for smaller/medium size organizations and `WPA2-Enterprise with EAP-TLS' for larger organizations.
Final chapter touches very briefly on pen testing methodologies and then goes more into wireless pen testing using the attacks explained in previous chapters. It starts with step by step of discovery of wireless devices, finding unauthorized clients, rogue access points and then cracking the wireless encryption using the attacks demonstrated in previous chapters.
Highlights of the Book
* Very well written and enjoyable to read * Practical and includes latest stuff from wireless field * Every attack technique is very well shown with complete technical details and illustrative screenshots. * Includes action items for reader to explore more and gain more expertise * Pop Quiz at the end of each chapter ensures that you were not dozing off
After reading this book completely, one thing is sure that you would like to change its title from "Beginners guide" to "Not just Beginners guide". Even though its his first book, I am amazed with his style of writing and `connecting with reader' mentality making it easier to grasp and enjoyable to read on.
And here comes the final verdict,
"Written by wireless expert, this book goes beyond the words and highly recommended to anyone willing to master Wi-Fi Kung Fu."
25 of 30 people found the following review helpful
Not What I ExpectedMarch 31 2012
- Published on Amazon.com
I was very disappointed with the content of this book, and in some cases that was my fault for having incorrect expectations about the content, and other times it was the book's fault (blame can be spread to the author, proofreader, etc.). I had expected theory based coverage of many of the tools present in the Backtrack distribution, along with examples of what they exploit and how to implement them. What I got was coverage mostly of the aircrack suite (along with a few other tools supplementing it along the way) that was based largely upon copying the code that was on the page while changing a few variables. There is plenty of implementation of the attacks, but the space in the book could have been far better used.
As another reviewer pointed out, the pages regularly consist of 50-90% screenshots of commands being run and the resulting output. In general I think this is a good idea, as it lets the reader know exactly what the command should look like when it is typed in and what they should expect to see for output. This is taken to ridiculous extremes, such as when the author instructs to change the wireless protection on the AP, there are repeated screenshots of his setup. Maybe the first one had purpose, but showing it every time is just padding.
And for as little content I feel was covered in the book, there sure was a lot of padding, and I mean beyond the "make sure packets are being collected by running Wireshark" with an accompanying picture of a Wireshark capture (repeatedly). De-authentication attacks are used twice prior to being introduced as a means of a DoS attack, and yet instead of covering something new (such as the Dis-Association attack which is left to the reader to figure out on their own) the author decides to plow through and describe how to send de-authentication packets for a third time. Using aircrack to implement the Caffe-Latte and Hirte attacks are both covered separately, despite the fact that they differ by a single command line argument. It genuinely baffles me why the author chose to recover extremely similar attacks and in some cases the exact same material, while leaving others as assignments for the reader.
I am also a bit confused about the level of experience the reader is expected to have before entering. While the book clearly says it is for beginners and the vast majority of its material is presented at a good hand-holding pace for beginners (not an insult at all), there are other times when knowledge is assumed that I am not sure it is safe to be assumed. When I bought a book on Wireshark, it assumed the reader had knowledge of packet structure, yet still gave a very thorough chapter to covering the vital aspects in case the reader was not familiar. This book for beginners assumes a knowledge of how WLAN frames are organized, and gives a cursory 2 pages to explaining it for the uninitiated. In a section on creating network bridges, the ability to use WLAN's on both sides of the bridge is mentioned and left for the reader to implement themselves. However, I have found it to be very different from the method required by ethernet that is covered in the book, and a helpful weblink would have been great if the author did not see fit to actually cover the steps himself.
And there is my criticism with the book. It hammers home and repeats concepts which are mostly summed up as "type exactly what is on the page" and skips over the cryptographic and networking theory, as well as techniques that are constantly mentioned but never actually covered beyond leaving them as an exercise for the reader. I am not opposed to doing external research, but when I feel that I could have just done the research (mostly via aircrack-ng.org) and gained the same practical knowledge of how to implement the attacks as well as a more firm understanding of the theory behind them, I cannot say I am happy to have spent $50 on this book.
Again, not all of this falls on the author or the book, as some of it was that my expectations were not in line with what was presented. A lot of topics are covered, a handful of tools (notably aircrack and Wireshark) are given varying degrees of coverage. There are helpful links to get to other material, and the pacing is great for a beginner. But for $50 I expect a lot more content, and a lot less repetition and unnecessary pictures.
8 of 9 people found the following review helpful
An Excellent TutorialDec 1 2011
Philip A. Polstra
- Published on Amazon.com
I am slated to teach an ethical hacking class this summer (with a trip to Defcon 20 at the end). I originally planned on using a CEH prep book for a text, but decided to go with a couple of real world hacking texts instead. I wanted to have a mix of vulnerability exploitation and wireless pen testing in the course. I immediately thought of looking at this new book by Vivek (@SecurityTube) for the wireless context. Vivek is the founder of SecurityTube and also the author of a 40+ part video series known as the Wireless Security Megaprimer. This megaprimer serves as a basis for the recently introduced SecurityTube Wireless Security Expert (SWSE) certification.
This book is published by Packt Publishing. I was sent an ebook version of the book. I must say that I really appreciate Packt's way of sending a nice non-DRM version of the book for my evaluation. What's to stop me from reselling the book or handing it down to my students (aside from CISSP mofo code of ethics)? At the bottom of every page there is a statement saying this book was created for my sole usage. As a professor, I really like this solution. So many other publishers refuse to send e-books because they are overly concerned about DRM, and don't realize that I can just as easily scan or copy a paper book to hand out if I'm ethically challenged.
So what's in this book anyway? Vivek starts the book with a chapter telling you how to set up an appropriate lab to do all of the things discussed in the book. His directions are straightforward. Vivek recommends an Alpha wireless adapter. I did all the labs in the book with a Hawking HWU8DD high-gain wireless-G dish adapter that I had available and everything seemed to work well. I'm sure that there are other adapters out there that would also work well for anyone using this book.
In the second chapter, Vivek provides a comprehensive overview of why wifi is inherently insecure. From here he goes on to discuss ways of bypassing authentication. In the fourth chapter, Vivek discusses encryption. The conversation goes well beyond what is wrong with WEP and includes ways to speed up WPA/WPA2 cracking as well.
In chapter 5, Vivek talks about attacking the infrastructure. Topics covered include default accounts and DoS attacks. From here the focus is shifted to attacking the client. Naturally, some attention is given to the Caffe Latte attack against WEP that Vivek discovered some years ago. For the record, I think this is one of the cooler attacks given the ability to attack a network that is potentially miles and miles away.
Chapters 7 & 8 deal with more advanced attacks such as man-in-the-middle and attacks against WPA-Enterprise. While not too many people (at least in the USA) seem to be using WPA-Enterprise, it certainly doesn't hurt to know how to attack it should the need arise.
The final chapter discusses wireless pen testing methodology. Concluding thoughts and answers to pop quizzes are found in the appendices.
What do I like about this book? This book is very approachable. Vivek doesn't assume you are starting this book as a wifi or even networking expert. Anyone with half a clue about how networking and wifi work could successfully learn from this book. The book emphasizes doing over theory. Activities to actually try and see for yourself are everywhere in the book. Instead of droning on and on about the theory of this and that and having some exercises at the the end of the chapters, Vivek says do this and see what happens, now do that, then he discusses what has just been seen. I like his teaching style.
I'm sure someone out there will say "Why should I drop $50 on this book, when it essentially parallels the freely available megaprimer on SecurityTube?" My response to this is: first of all, shame on you. Stop being such a cheapskate. Vivek has obviously put a lot of work into developing an excellent tutorial and the man deserves a little compensation. Secondly, even if you have a problem giving up a few dollars for the book over just watching the video, some times you just want to have a book. It is a lot easier to check or refresh your knowledge on something using the book than it is to try and figure out which of the 40+ videos a topic was discussed in. Because the book essentially parallels the video, I would recommend you read the book and watch the videos, especially if you are going through the book on your own.
Now for the bad news. What didn't I like about this book. I thought about it for a while and nothing really comes to mind. I think this is an excellent book for anyone wanting to learn more about wireless security. When you consider that there are 12+ hours of video available to supplement the book (not that I feel this is necessary) $50 is a good deal for this book.
2 of 2 people found the following review helpful
Amazing introductory resource!Feb. 22 2013
- Published on Amazon.com
This is the book that first introduced me to network security. Actually all I wanted to do was learn how to hack my router, and I learned that and so much more. This single book has made me decide to pursue a career in information security. The book itself is written elegantly in very easily understandable terms. It assumes no prior knowledge to the topics included and it is very beginner friendly (as the title suggests.) The author is absolutely brilliant and it is worth noting that this author is the "security tube wifi security expert" course instructor (which I just enrolled in not long ago.) I think I've read this book twice from cover to cover, and probably 10 times over using it for reference. You start the book with no assumed knowledge of linux, backtrack, or wireless pentesting at all, and end the book with the knowledge to conduct a full penetration test on a wireless network from beginning to end. Highly recommend to anyone who wants to learn more about wireless network security. If there was a 10 start option i would have selected that.