I am a senior engineer for network security operations. I have attended Eric Cole's excellent SANS classes and consider him a professional acquaintance. "Hackers Beware" is a welcome contribution to the security community. Although some of the material is redundant, you're bound to gain new insights on network intrusions by reading this book.
The message of "Hackers Beware" is clear: prevention is preferred, but detection is mandatory. To discover intrusions, one must understand the tools and tactics of the adversary. To this end, "Hackers Beware" devotes chapters to information gathering, spoofing, session hijacking, denial of service, buffer overflows, password security, access preservation, and log cleaning. Some of the material in these chapters is based on the "practicum" required of SANS students.
My favorite section, without doubt, was chapter 17: "Other Types of Attacks." It features many valuable essays by SANS students on BIND NXT exploitation, cookie-based overflows, SNMP enumeration, and other topics.
Publishing student material has its drawbacks, however. "Hackers Beware" is repetitive, a sin given the book's page count (778). Why include yet another explanation of buffer overflows in chapter 14, for example, when a whole chapter (7) already discusses them? (Actually, Brent Hughes' work in chapter 14 is more enlightening!) Furthermore, the "fundamentals" of UNIX and NT chapters are much less informative compared to Ed Skoudis' chapters in "Counter Hack."
I also recommend New Riders help the author overcome his addiction to "three phrase sentences," such as "Now the Internet is very popular, and everyone is using Linux because it is powerful and inexpensive, so the number of people beating on the system is very high." (p. 480.)
Future editions should reduce the number of vulnerabilities described in favor of more thorough explanations of sample exploits. For example, a virtual reprint of cDc's advisory on a NetMeeting weakness teaches me very little; providing background on the coding, system calls, and principles of this exploit is more useful. I would also pare the student-based material down to the essential core, removing generic material discussed elsewhere.
I'd almost buy "Hackers Beware" for chapter 17 alone, so I'm sure security professionals will find many reasons to enjoy this book.
(Disclaimer: I received a free review copy from the publisher.)