What do you think?
Rate this book
Hacking Exposed: Network Security Secrets & Solutions
The world's bestselling computer security bookfully expanded and updated
"Right now you hold in your hand one of the most successful security books ever written. Rather than being a sideline participant, leverage the valuable insights Hacking Exposed 6 provides to help yourself, your company, and your country fight cyber-crime." From the Foreword by Dave DeWalt, President and CEO, McAfee, Inc.
"For security to be successful in any company, you must ‘think evil' and be attuned to your ‘real risk'...Hacking Expose 6 defines both." Patrick Heim, CISO, Kaiser Permanente
"The definitive resource to understanding the hacking mindset and the defenses against it." Vince Rossi, CEO & President, St. Bernard Software
"Identity theft costs billions every year and unless you understand the threat, you will be destined to be a victim of it. Hacking Exposed 6 gives you the tools you need to prevent being a victim." Bill Loesch, CTO, Guard ID Systems
"This book is current, comprehensive, thoughtful, backed by experience, and appropriately free of vendor-bias-prized features for any security practitioner in need of information." Kip Boyle, CISO, PEMCO Mutual Insurance Company
"The Hacking Exposed series has become the definitive reference for security professionals from the moment it was first released, and the 6th edition maintains its place on my bookshelf," Jeff Moss, Founder of the popular Black Hat Security Conference
Meet the formidable demands of security in today's hyperconnected world with expert guidance from the world-renowned Hacking Exposed team. Following the time-tested "attack-countermeasure" philosophy, this 10th anniversary edition has been fully overhauled to cover the latest insidious weapons in the hacker's extensive arsenal.
New and updated material:
New chapter on hacking hardware, including lock bumping, access card cloning, RFID hacks, USB U3 exploits, and Bluetooth device hijacking Updated Windows attacks and countermeasures, including new Vista and Server 2008 vulnerabilities and Metasploit exploits The latest UNIX Trojan and rootkit techniques and dangling pointer and input validation exploits New wireless and RFID security tools, including multilayered encryption and gateways All-new tracerouting and eavesdropping techniques used to target network hardware and Cisco devices Updated DoS, man-in-the-middle, DNS poisoning, and buffer overflow coverage VPN and VoIP exploits, including Google and TFTP tricks, SIP flooding, and IPsec hacking Fully updated chapters on hacking the Internet user, web hacking, and securing code692 pages, Paperback
First published October 11, 2000
108 people are currently reading
1797 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 35 reviews
May 17, 2013
Not a hacking how to per se but more like a really good resource for securing your network. Some people object to titles like this one because they naively and mistakenly believe it helps the bad guys. But in reality, without knowing black hat techniques there is no possible way that you can secure your network. Period. The authors do an outstand job of walking the uninformed reader through the process of the hack from initial surveillance up to and including the attack. Highly recommend this book if you have even a slight interest in learning the how's of hacking.
August 15, 2012
Complete guide concerning security. I think this is the bible of hacking!
December 12, 2011
I had a friend who is an IT who recommended this book when I asked how he was able to track me down no matter where I got on the internet. This was a very well written book that was easy for me to understand. It made it a lot easier for me to understand how the internet works and how to properly secure my digital life. I would definitely recommend this book to more than just IT's and computer hacks.
January 28, 2008
HE is required reading for anyone with a network to secure. Also some of the attacks are quite interesting from an engineering standpoint.
Only drawback is that it doesn't go far enough. I would prefer to see more packet level information. Don't tell me it's an arp spoof, show me.
Only drawback is that it doesn't go far enough. I would prefer to see more packet level information. Don't tell me it's an arp spoof, show me.
March 25, 2008
i very like
February 9, 2010
A good desk reference.
May 20, 2017
Basic and outdated
November 15, 2017
This is a REALLY DAMN GOOD BOOK. Definitely worth reading.
Still relevant.
Still relevant.
August 18, 2018
Incredibly esoteric (read abstruse). Not sure if I believe their remedies
May 16, 2019
Very thorough
November 15, 2019
The second edition introduced me to the world of computer security. Maybe a bit outdated but this is a must read for everyone interested in the topic.
February 23, 2021
kind of old but still very useful in some topics
June 30, 2022
I can finally hack my girlfriend's accounts. Nice!
April 7, 2013
Case Study - An example of someone probing a system - use of the TOR network and an onion router for anonymity (torproject.org)
1 - Footprinting
- discovering the domain names, network blocks, subnets, routers and individual IP addresses on an entity
- publicly available information - company website, etc. - use phonenumber.com, yellowpages.com to look up physical addresses
- WHOIS and DNS enumeration
- DNS interrogation - using nslookup - determine mail exchange (MX) records using host commands
- network reconnaissance - using traceroute
2 - Scanning
- use of ping, fping (ICMP ECHO packets) and nmap (TCP/IP) to determine live IP addresses - also hping2 for greater packet control
detection of ping sweeps is an important countermeasure (cm) - look at scanlogd, protolog, others
- attackers can tunnel using a program such as loki2 (phrack.,org)
- use of icmpquery
- port scanning - the different scan types, including TCP ACK which can map out the firewall and determine whether it is stateful
- identifying the services running, using strobe, udp-scan, netcat, nmap - again scanlogd is a cm
- probes to determine the OS type using nmap
- cheops brings all of the network mapping utilities into one package
3 - Enumeration
- probing the identified services for more information and weaknesses
- use of telnet, netcat for banner grabbing
- enumeration of ftp, smtp, DNS, tftp, finger, MS RPC endpoint mapper, NetBIOS name service - cm = block udp port 137
- discussion of the NetBIOS null session enumeration - cm = block TCP ports 139 and 445
- snmp enumeration with snmpget, snmpwalk, onesixtyone, Solar Winds IP browser - cm = block TCP port 161
- enumeration of WIndows LDAP, Novell Netware, unix rpc
Case Study - poisoning a DNS server
4 - Hacking Windows
5 - Hacking Unix
ROOT ACCESS - the main objective is to get root access
-brute force attacks consist of password guessing for open services such as telnet, ftp, rsh, ssh, snmp, pop, http, cvs, using automated guessers such as hydra - cm = strong passwords
- buffer and heap overflow allow execution of an egg - if the service is run as root, it provides root access - cm = secure programming of the services (gcc can be run with -fstack-protect and -fstack-protect-all), disable all unneeded services, disable stack execution (on Linux use ExecShield and PAX)
- format string attacks use the printf function to read or write to memory - cm are as previous - also in Linux FormatGuard is an enhancement to glibc providing wrapped functions for printf
- input validation attacks rely on incorrect passing of logins to the password check - cm = white list validation with a default deny policy
- integer overflow and dangling pointer attacks - cm as previous
- reverse telnet and back channels allow access through awstats - cm = disable telnet, or run as nobody with tight permissions - also proxy based firewall
- anonymous ftp allows site exec - cm = disable the ftp server or ensure it is patched
- sendmail has mail exploits - cm = use qmail
- rpc can allow root access - cm = disable any rpc not needed, use Secure RPC, if possible
- snmp - cm = disable snmp if not needed
- NFS - cm = disable
- X insecurities - avoid using xhost +, disable ports 6000-6063, use ssh only at access X server remotely
- DNS poisoning - cm - if not running a DNS server, remove bind, else use only a fully patched bind9, run named as an unprivileged user from a chrotted environment
- SSH insecurities - use the latest openssh, fully patched, and run it chrooted
- SSL overflow attacks - run only the latest fully patched SSL
- Apache attacks - run only the latest fully patched version
- Promiscuous mode attacks - ensure tcpdump is the latest
LOCAL ACCESS - gaining non-root access
- password vulnerabilities - gaining access to the password file can provide information on the encryption of passwords, making John the Ripper a feasible approach for working out a password
- a variety of programming issues, addressable by best programming methods
- core files provide significant detail on the core memory - cm = turn off core dumps with ulimit
- shared libraries - issue with SUID root binaries
- kernel flaws - ensure up to date
- SUID and SGID permissions are a huge hole - inventory all such files and remove as many as possible
- world writable files - as above
AFTER HACKING ROOT
- trojans - can use a hacked version of login - can also install Rathole - cm = tripwire
- sniffers - allow packet capture - tcpdump, Snoop, Dsniff, Wireshark - cm = switched networks, sniffer detectors such as Anti-Sniff, sniffdet and sentinel, use of encryption with ssh
- log cleaning such as Logclean-ng - cm = log using append only, log to a secure host
- rootkits - cm = Carbonite, use of the Linux Intrusion Detection System (LIDS)
Other Chapters:
6 - Remote Connectivity and VoIP Hacking
7 - Network Devices
8 - Wireless Hacking
9 - Hacking Hardware
10 - Hacking Code
11 - Web Hacking
12 - Hacking the Internet User
- PortSentry is covered in Chapter 7 - Network Devices
1 - Footprinting
- discovering the domain names, network blocks, subnets, routers and individual IP addresses on an entity
- publicly available information - company website, etc. - use phonenumber.com, yellowpages.com to look up physical addresses
- WHOIS and DNS enumeration
- DNS interrogation - using nslookup - determine mail exchange (MX) records using host commands
- network reconnaissance - using traceroute
2 - Scanning
- use of ping, fping (ICMP ECHO packets) and nmap (TCP/IP) to determine live IP addresses - also hping2 for greater packet control
detection of ping sweeps is an important countermeasure (cm) - look at scanlogd, protolog, others
- attackers can tunnel using a program such as loki2 (phrack.,org)
- use of icmpquery
- port scanning - the different scan types, including TCP ACK which can map out the firewall and determine whether it is stateful
- identifying the services running, using strobe, udp-scan, netcat, nmap - again scanlogd is a cm
- probes to determine the OS type using nmap
- cheops brings all of the network mapping utilities into one package
3 - Enumeration
- probing the identified services for more information and weaknesses
- use of telnet, netcat for banner grabbing
- enumeration of ftp, smtp, DNS, tftp, finger, MS RPC endpoint mapper, NetBIOS name service - cm = block udp port 137
- discussion of the NetBIOS null session enumeration - cm = block TCP ports 139 and 445
- snmp enumeration with snmpget, snmpwalk, onesixtyone, Solar Winds IP browser - cm = block TCP port 161
- enumeration of WIndows LDAP, Novell Netware, unix rpc
Case Study - poisoning a DNS server
4 - Hacking Windows
5 - Hacking Unix
ROOT ACCESS - the main objective is to get root access
-brute force attacks consist of password guessing for open services such as telnet, ftp, rsh, ssh, snmp, pop, http, cvs, using automated guessers such as hydra - cm = strong passwords
- buffer and heap overflow allow execution of an egg - if the service is run as root, it provides root access - cm = secure programming of the services (gcc can be run with -fstack-protect and -fstack-protect-all), disable all unneeded services, disable stack execution (on Linux use ExecShield and PAX)
- format string attacks use the printf function to read or write to memory - cm are as previous - also in Linux FormatGuard is an enhancement to glibc providing wrapped functions for printf
- input validation attacks rely on incorrect passing of logins to the password check - cm = white list validation with a default deny policy
- integer overflow and dangling pointer attacks - cm as previous
- reverse telnet and back channels allow access through awstats - cm = disable telnet, or run as nobody with tight permissions - also proxy based firewall
- anonymous ftp allows site exec - cm = disable the ftp server or ensure it is patched
- sendmail has mail exploits - cm = use qmail
- rpc can allow root access - cm = disable any rpc not needed, use Secure RPC, if possible
- snmp - cm = disable snmp if not needed
- NFS - cm = disable
- X insecurities - avoid using xhost +, disable ports 6000-6063, use ssh only at access X server remotely
- DNS poisoning - cm - if not running a DNS server, remove bind, else use only a fully patched bind9, run named as an unprivileged user from a chrotted environment
- SSH insecurities - use the latest openssh, fully patched, and run it chrooted
- SSL overflow attacks - run only the latest fully patched SSL
- Apache attacks - run only the latest fully patched version
- Promiscuous mode attacks - ensure tcpdump is the latest
LOCAL ACCESS - gaining non-root access
- password vulnerabilities - gaining access to the password file can provide information on the encryption of passwords, making John the Ripper a feasible approach for working out a password
- a variety of programming issues, addressable by best programming methods
- core files provide significant detail on the core memory - cm = turn off core dumps with ulimit
- shared libraries - issue with SUID root binaries
- kernel flaws - ensure up to date
- SUID and SGID permissions are a huge hole - inventory all such files and remove as many as possible
- world writable files - as above
AFTER HACKING ROOT
- trojans - can use a hacked version of login - can also install Rathole - cm = tripwire
- sniffers - allow packet capture - tcpdump, Snoop, Dsniff, Wireshark - cm = switched networks, sniffer detectors such as Anti-Sniff, sniffdet and sentinel, use of encryption with ssh
- log cleaning such as Logclean-ng - cm = log using append only, log to a secure host
- rootkits - cm = Carbonite, use of the Linux Intrusion Detection System (LIDS)
Other Chapters:
6 - Remote Connectivity and VoIP Hacking
7 - Network Devices
8 - Wireless Hacking
9 - Hacking Hardware
10 - Hacking Code
11 - Web Hacking
12 - Hacking the Internet User
- PortSentry is covered in Chapter 7 - Network Devices
May 6, 2016
I'm going to start this review by giving this book credit where credit is deserved. This book is packed with tons of information for those in security (whether it be pen testing, or system architects). There is a lot of outside learning that I should have done before reading, but I did it while reading. This book is 800 some pages, so stick with it. As for those that say "it's outdated," of course it is! This was published in 2000! The sad thing is that most of the techniques described in this book are still being used.
What I liked about this book is that it takes you through the steps of a hacker. It starts with simple ping sweeps then moves all the way up to high level DoS attacks. Each techniques has a rating on it that shows the usefulness, severity, and the popularity rated from 1-10. There are at least three or four different techniques for each chapter. Another important factor to note is that both Linux Terminal and Microsoft CMD prompts are used in running the attacks (I prefer bash, but I liked the variety that was offered).
Okay, now for the stuff I didn't like. First, the book is huge. I remember my English teacher giving me weird looks when I carried it into his class because the cover has "HACKING EXPOSED" in gigantic letters on the cover with "Network Security Solutions" in tiny font on the bottom. I understand that the cover is meant to attract people, so they buy it, but in today's age, any form of "hack" comes with weird looks from the people around you. Second, the book gives an introduction to these attacks. I understand that publishing a book with the ability to bring a business to its knees is frowned upon, but I would have liked to see more examples of businesses that got hit with these attacks. These are probably in the newest edition, but I'm cheap and prefer hand-me-downs to paying $50+ for a somewhat equal option.
Before I end this review, I would like to point out that as a high school student looking to build a career in cyber security, this was recommended to me by the Chief Information Security Officer of a major health insurance provider. This guy has a laundry list of certifications, qualifications, and experience, and he claims this book was the best place to start learning. The second edition is very cheap, so anybody wanting to learn more, go ahead and buy this book. It's worth every penny.
What I liked about this book is that it takes you through the steps of a hacker. It starts with simple ping sweeps then moves all the way up to high level DoS attacks. Each techniques has a rating on it that shows the usefulness, severity, and the popularity rated from 1-10. There are at least three or four different techniques for each chapter. Another important factor to note is that both Linux Terminal and Microsoft CMD prompts are used in running the attacks (I prefer bash, but I liked the variety that was offered).
Okay, now for the stuff I didn't like. First, the book is huge. I remember my English teacher giving me weird looks when I carried it into his class because the cover has "HACKING EXPOSED" in gigantic letters on the cover with "Network Security Solutions" in tiny font on the bottom. I understand that the cover is meant to attract people, so they buy it, but in today's age, any form of "hack" comes with weird looks from the people around you. Second, the book gives an introduction to these attacks. I understand that publishing a book with the ability to bring a business to its knees is frowned upon, but I would have liked to see more examples of businesses that got hit with these attacks. These are probably in the newest edition, but I'm cheap and prefer hand-me-downs to paying $50+ for a somewhat equal option.
Before I end this review, I would like to point out that as a high school student looking to build a career in cyber security, this was recommended to me by the Chief Information Security Officer of a major health insurance provider. This guy has a laundry list of certifications, qualifications, and experience, and he claims this book was the best place to start learning. The second edition is very cheap, so anybody wanting to learn more, go ahead and buy this book. It's worth every penny.
March 22, 2016
When I bought this book I was a bored and lazy 14 ys-old who wanted to become the Power Ranger of Computer Science. I mean if just by reading a thick and expensive book you can become a fucking ranger, wouldn't you buy it?
Nonetheless, it had been on my TO-READ-ASAP-YOUDUMB for more than 6 years, and I always wondered why. I mean the Art of Exploitation is a bit hard to follow, but you can read this without having to know about networks, memory or x32 Intel assembly. The problem is that it's very very boring. I mean now I finished in about one day (a good job compared to 6 years right?) and the problem is that it's just a bunch of "how-to-use-nmap to do this" or generic descriptions of outdated exploits.
Can you hack your Grandma's cookie recipes blog with this? I doubt it.
Can you protect your uni portals against armies of script-kiddiots? Nope, for sure.
Do you even get a generic description of how IT Security work(ed)? Yes but you only need to read the index and stop there.
Really some of the old "HOW-TOHACK-TEH-NASA-.txt" files on some random pre-2000 mailing list are just useful and instructive as this.
Nonetheless, it had been on my TO-READ-ASAP-YOUDUMB for more than 6 years, and I always wondered why. I mean the Art of Exploitation is a bit hard to follow, but you can read this without having to know about networks, memory or x32 Intel assembly. The problem is that it's very very boring. I mean now I finished in about one day (a good job compared to 6 years right?) and the problem is that it's just a bunch of "how-to-use-nmap to do this" or generic descriptions of outdated exploits.
Can you hack your Grandma's cookie recipes blog with this? I doubt it.
Can you protect your uni portals against armies of script-kiddiots? Nope, for sure.
Do you even get a generic description of how IT Security work(ed)? Yes but you only need to read the index and stop there.
Really some of the old "HOW-TOHACK-TEH-NASA-.txt" files on some random pre-2000 mailing list are just useful and instructive as this.
July 5, 2025
Para cuando lo compré de pequeño (en realidad, se titulaba Hackers 4, pero no está en Goodreads), ya estaba un poco desfasado. Aún así, fue un libro revelador, ya que no tenía ningún mentor y este era la única fuente que yo tenía para aprender sobre el mundillo hacking sin temor a que me introdujeran un troyano en mi ordenador personal. Fue un antes y un después, y me ayudó a tener más vista acerca de temas de seguridad, además de aumentar mi curiosidad por estos temas que ya de por sí me atraían bastante.
August 8, 2014
Too broad
covers a lot of topics on the expense of detailed and practical discussion. The book title gives the impression that you are about to uncover the secrets of network security, instead it barely touches on the surface by naming and counting famous network security tools. I like to think of this book as a general reference for information security
covers a lot of topics on the expense of detailed and practical discussion. The book title gives the impression that you are about to uncover the secrets of network security, instead it barely touches on the surface by naming and counting famous network security tools. I like to think of this book as a general reference for information security
April 14, 2008
Good reference book to learn how to protect yourself. One thing I was hoping to get out of this book a how to do the hacks myself to myself own network and servers but that wasn't there. Safety precautions and legal liabilities I guess.
August 1, 2011
Very good for beginners. I picked up a few things I didn't know, it also helped me with my sorely lacking Windows hacking skills. Wished I found this book earlier. But I guess I benefited more from learning the hard way in the end.
December 14, 2016
Hacking exposed 7
I liked that the book had covered a wide range of hacks - windows, wireless, mobile.
However, the book was lacking in the depth of techniques used for each attack. Would have preferred that the book described how each technique can be performed.
I liked that the book had covered a wide range of hacks - windows, wireless, mobile.
However, the book was lacking in the depth of techniques used for each attack. Would have preferred that the book described how each technique can be performed.
July 3, 2008
As far as these types of books go this book offers I think the widest range of exploits, tools, and analysis for the money.
Read
September 7, 2009Neat computer tricks
July 25, 2010
Good read, lots of informative information on well... Hacking of course!
January 5, 2011
Great overview book on information security in general.
December 10, 2013
Comment...
February 26, 2014
Comprehensive as always. Good book for broad security topics and hackers techniques. Not that much new stuff from older editions and still have some outdated information, but anyway good book.
November 29, 2014
I was hoping that it would help me be a better server administrator but the software in the book is older than what I have. It did explain things well and what part I read was interesting. Thumbs up!
July 13, 2014
By the date it was released the best non fiction hacking books full of examples. A must read for those who are interested in basics.
March 9, 2015
overall, it was a good 1900 page book. my maon problem was the constant for more information, buy this book from the same people inatead of just including it in thw book itself
Displaying 1 - 30 of 35 reviews