Thursday, August 16, 2012

Hacking Exposed 7: Changing the Game

Summer time in the internet security community tends to be hot and busy, and this summer has been no exception for many of us!  It was great to see many of you at Black Hat in Las Vegas recently as my new company CrowdStrike continues to attract worldwide interest and is blossoming daily. We really appreciate everyone’s support and interest in our mission. However, this blog is not about CrowdStrike, it is about continuing the tradition of helping to educate and connect with the security community. It is with great pleasure that I announce the release of the seventh edition of Hacking Exposed: Network Security Secrets & Solutions.
A lot has changed since the first edition of the Hacking Exposed series was written in 1999. Besides having a little bit more hair than I have today, it was a time before the term targeted attacks even existed.  Persistence was a novelty, and a virus wrecked your computer rather than sucking out billions of dollars of intellectual property from your company.   The attacks were numerous and varied, and there was a much smaller pool of attackers coming at your digital defenses.  It was before Metasploit even existed, and netcat and Back Orifice were the best Remote Access Tools (RATs) around.  Fast forward 12 years and we live in the age of the constant cyber adversary. If you step back and really analyze the current environment, the adversary’s tools and techniques have not really evolved all that much. Netcat, once the Swiss army knife of the skilled pen tester, has been replaced with Poison Ivy. Pass the hash is now automated, and lateral movement within a network looks like a carbon copy of Chapter 4 Hacking Windows.

So as the seventh edition of Hacking Exposed hits the shelves this summer, our new daily reality is that targeted attackers are attempting to rain on your picnic at the beach by attempting to kick digital sand in your face.   Hacking Exposed was designed to provide that extra confidence builder that every good guy needs to help understand how to fight the cyber bully attempting to plant a flag on your digital beachfront.  The increase in stories over the last three years alone about the wholesale loss of intellectual property is startling. As our own Shawn Henry, President of CrowdStrike Services says “It is time to stop taking punches, and let's change the game.  It’s time for a major shift in the way we secure our networks, and Hacking Exposed 7 can help you return the pain to your cyber adversary.” More than ever there seems to be a growing and unified agreement in the security community that today’s information security teams absolutely must have an inside track on the ways to beat the adversary and change the game.

So What’s New In the 7th edition?

We spent many late nights making sure the series is armed with the latest cutting edge information.  We updated each chapter to get rid of the old and focus on the new.  Some of the new items include:
  • Addressing Targeted Attacks also known in some circles as Advanced Persistent Threats (APT).
  • Embedded Hacking a topic near and dear to my heart.  This section includes techniques used to strip circuit boards of all its chips and reverse engineer them.
  • Database Hacking We added an entire section on hacking and protecting your most precious commodity data.  Hey, it is all about the data, right?
  • Mobile Hacking We dedicated an entire chapter to mobile hacking, which couldn’t be more timely in today’s ever connected society.

Lastly, we have created a new website to help accompany the latest release of the book:  Along with the new website, we have geared up our CrowdStrike team to provide quarterly webinars with exciting topics that are relevant to the community of security professionals we serve.  

The first webinar hosted by CrowdStrike will be on Wednesday, September 12th from 11am PT/ 2pm ET and will be a one hour format titled
Hacking Exposed: Mobile Targeted Threats The Next Wave of Attack.  This session will focus on mobile threats that have been observed in the wild and the next wave of threat actors. It will conclude with a demo of a seamless targeted attack against an Android ICS device.  I hope you can join Georg Wicherski and myself for this informative webinar. Georg is one of THE top mobile security researchers in our space. You may be familiar with his work if you attended Charlie Miller's recent Black Hat talk.

I am looking forward to continuing both doing Hacking Exposed Live seminars and giving live Webcasts that focus on timely and relevant information.  I will leave you with a quote from a good friend of mine, Patrick Heim, CISO of
“I once heard an avid video gamer say, ‘If you are not moving, you’re dead!’ Use this book to move your security game and stay alive.”  That exact sentiment conveys the pride I feel being involved with the Hacking Exposed series and giving back to the community so that you can “change your game” and live to fight another day!

A big thanks to all the contributing authors who helped make this the best Hacking Exposed yet!

For daily updates, you can follow me on Twitter @george_kurtz.

To join our Hacking Exposed 7 mailing list and receive updates on the latest webinars, please sign up directly at website.