Shop now Learn more Shop now Up to 50% off Fashion Cloud Drive Photos Shop now Learn More Shop now Halloween Pets Shop now Shop Fire Shop Kindle Voyage Listen in Prime Learn more Shop now
Start reading Hacker's Challenge 2: Test Your Network Security & Forens... on your Kindle in under a minute. Don't have a Kindle? Get your Kindle here or start reading now with a free Kindle Reading App.

Deliver to your Kindle or other device


Try it free

Sample the beginning of this book for free

Deliver to your Kindle or other device

Sorry, this item is not available in
Image not available for
Image not available

Hacker's Challenge 2: Test Your Network Security & Forensic Skills: Test Your Network Security and Forensic Skills: v. 2 (Hacking Exposed) [Kindle Edition]

Mike Schiffman , Bill Pennington , David Pollino , Adam O'Donnell
3.0 out of 5 stars  See all reviews (2 customer reviews)

Kindle Price: £25.30 includes VAT* & free wireless delivery via Amazon Whispernet
* Unlike print books, digital books are subject to VAT.

Free Kindle Reading App Anybody can read Kindle books—even without a Kindle device—with the FREE Kindle app for smartphones, tablets and computers.

To get the free app, enter your e-mail address or mobile phone number.


Amazon Price New from Used from
Kindle Edition £25.30  
Paperback --  
Kindle Daily Deal
Kindle Daily Deal: Up to 70% off
Each day we unveil a new book deal at a specially discounted price--for that day only. Learn more about the Kindle Daily Deal or sign up for the Kindle Daily Deal Newsletter to receive free e-mail notifications about each day's deal.

Book Description

Do you have what it takes to keep the bad guys out of your network? Find out with the latest edition of this best-selling book featuring 20+ all new hacking challenges for you to solve. Plus, you'll get in-depth solutions for each, all written by experienced security consultants.

Customers Who Bought This Item Also Bought

Page of Start over
This shopping feature will continue to load items. In order to navigate out of this carousel please use your heading shortcut key to navigate to the next or previous heading.

Product Description

From the Back Cover

"Awesome....Incredibly informative, insightful, as well as a lot of fun to read. Recommended for anyone who values the integrity and security of their network." --Shawn Bracken, Principal Research Engineer, Cenzic, Inc.

Do you have what it takes to keep hackers out of your network? This unique volume tests your computer forensics and response skills with 20 brand-new, real-life security incidents as told by top-tier security experts. In an entertaining and informative style, this book addresses key security topics, including Denial of Service, malicious code, Web application attacks, wireless technologies, insider and outsider attacks, and more. Each challenge unfolds like a chapter from a novel and includes details of the incident--how the break-in was detected, evidence, and background such as log files and network diagrams--and is followed by a series of questions for you to solve. In Part II, you'll find a detailed explanation of exactly what was happening in each incident and the answers to the questioned posed in Part I, along with prevention and mitigation techniques.

Excerpt from "One Thing Leads to Another":

The Challenge: John is the I.T. Manager for a movie company working on the special effects for a hit film.... But the fan site has just posted an unauthorized clip of one of the most anticipated scenes in the movie.... A postproduction team member put the clip on the server but no one accessed it after that, at least not via FTP.... Then it happened again: more footage was released.... The Web master of the fan site supplied the e-mail address from which he received the files. John checked the ssh logs and the Web server logs.... He found an IP address he had not seen before.... He pinged the IP address then checked his arp table to get the machine's MAC address.... He began tracing the cable back to its source: the proxy server, which had not been used in 8 months....

The Solution: After reviewing the log files included in the challenge, propose your assessment: How could the employees have approached the initial investigation differently that may have helped them get to the culprit sooner? What does the lack of evidence in the ftp and ssh logs reveal? Was John's method of tracking down the proxy server the best method? What is the best solution to solve the vulnerability? Then, turn to the experts' answers to find out what really happened.

About the Author

Mike Schiffman, CISSP, has been involved in most every technical arena computer security has to offer. He has researched and developed many cutting edge technologies including tools such as firewalk and tracerx as well as the ubiquitously used low-level packet shaping library libnet. Mike has led audit teams through engagements for fortune 500 companies in the banking, automotive and manufacturing industries. He has spoken in front of several institutions and government agencies such as: NSA, CIA, DOD, AFWIC, SAIC, and army intelligence. Mike is the lead author of Hacker’s Challenge, and has written for numerous technical journals such as Software Magazine and has written articles for, and authored many security white papers. Currently, Mike is the Director of Security Architecture for @stake, the leading provider of professional security services. Previous to @stake, Mike was the Director of Research and Development for Guardent, Inc.

Bill Pennington, (CISSP), is a Principal Security Consultant with Guardent Inc. Bill has five years of professional experience in information security, ten in information technology. He is familiar with Linux, Solaris, Windows, and OpenBSD, and is a Certified Information Security Systems Practitioner, Certified Cisco Network Administrator (CCNA), Certified Internet Security Specialist (CISS), and a Microsoft Certified Product Specialist, Windows NT 4.0. He has broad experience in computer forensics, installing and maintaining VPNs, Cisco Pix firewalls, IDS, and in monitoring systems. Bill was a contributing author to several chapters of the original Hacker’s Challenge.

David Pollino Director of the Wireless Center of Excellence at @stake, Inc., conducts leading research into wireless security issues. He is a respected information security consultant with an extensive networking background. His wireless and network security expertise is published in magazines and books. David speaks on security issues at several industry events. David was a contributing author to several chapters of the original Hacker’s Challenge.

Product details

  • Format: Kindle Edition
  • File Size: 9460 KB
  • Print Length: 352 pages
  • Simultaneous Device Usage: Up to 4 simultaneous devices, per publisher limits
  • Publisher: McGraw-Hill Education; 2 edition (8 Jan. 2003)
  • Sold by: Amazon Media EU S.à r.l.
  • Language: English
  • Text-to-Speech: Enabled
  • X-Ray:
  • Word Wise: Not Enabled
  • Enhanced Typesetting: Not Enabled
  • Average Customer Review: 3.0 out of 5 stars  See all reviews (2 customer reviews)
  • Amazon Bestsellers Rank: #1,173,077 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
  •  Would you like to give feedback on images?

More About the Author

Discover books, learn about writers, and more.

Customer Reviews

4 star
3 star
2 star
3.0 out of 5 stars
3.0 out of 5 stars
Most Helpful Customer Reviews
5 of 5 people found the following review helpful
1.0 out of 5 stars Thoroughly disappointed 23 Nov. 2004
I bought this book in excitement from that the first book brought me. After reading the first two chapters, I was already thoroughly disappointed. The rest of the book didn't improve much as I went on. Pages after pages of repetitive logs, which only illustrate some elementary facts that the server received a 'buffer overflow attack', or 'oh no! someone logged in at 3am!' (that's it!). No more details given. For anyone ever read anything about computer security, most 'challenges' posed in this book you can simply glance up the 5-pages long logs for a second and you'd be able to figure out what's going on.
And that's this book, which only tells you what happened, but not how (well, mostly easily obtainable popular script-kiddie tools) and why, leaving you high and dry. You'd bemuch better get the 'Stealing the Network' serie.
Comment | 
Was this review helpful to you?
1 of 8 people found the following review helpful
5.0 out of 5 stars Quality Book 2 Feb. 2003
A very, and i'll say it again - very intresting book. Just like the first one it's well writen and well organised. Material is very original, like nothing you've seen before. Of course it is a sequel, and that scares some people off. But i promise you that Hacker's Challenge 2 is nearly as good as the first one. Some sleepless nights are included in the packedge.
One of the most intresting thing that i've found is a buffer overlow attack exaple. That's a very hard topic to find some good information on. Very original, won'r find it anywhere else.
If you are in doubt, don'be just buy it. If you havn't read the first one get it too.
Comment | 
Was this review helpful to you?
Most Helpful Customer Reviews on (beta) 4.3 out of 5 stars  13 reviews
19 of 21 people found the following review helpful
4.0 out of 5 stars Always entertaining, always educational 11 Jan. 2003
By Richard Bejtlich - Published on
I read and reviewed the original "Hacker's Challenge" in Nov 01, and gave that book four stars. Mike Schiffman and crew have recaptured the magic and published another winner: "Hacker's Challenge 2" (HC2). This is the sort of book that needs to be used when interviewing new hires or promoting technical staff. If the candidate has read the book and knows the answers to the challenges, she at least demonstrates her commitment to learning, as well as an ability to remember what she reads. If she can solve the challenges without having read the book, she shows a higher level of skill. If she has no clue how to respond to the challenges, you can move on to the next candidate.

The majority of HC2 involves three subjects. Challenges 1,3,7, and 16 revolve around wireless insecurities. Challenges 2,5,6,15, and 17 discuss network-based attacks. Solving the mysteries of challenges 4,11,12,14,18, and 19 require log analysis. A few other issues are sprinkled through the text: social engineering (ch. 8), host-based digital forensics (ch. 9), a man-in-the-middle attack against SSH (ch. 13), and a crafty buffer overflow tutorial (ch. 10). None of the material struck me as being exceptionally original, although this accurately reflects the sorts of cases handled by most consultants! I was impressed by the level of explanation offered by challenge 17, where vulnerabilities associated with VLAN 1 were exposed.

HC2 has a few weaknesses. I was sorry to see Peter Lemonjello fired in challenge 5, but he appeared to strike again in challenge 11. Pages 126-8 featured some of the oddest techno-babble in print, offering obscure references to Rabindranath Tagore and condescending dialogue with a tech support staffer. I've given up on seeing Mike Schiffman correctly abbreviate the Air Force Information Warfare Center as "AFIWC" in his biography. His use of "AFWIC" must refer to the UN's AFrican Women In Crisis program and not the talk he gave to the AFIWC in Apr 99!

HC2 is the first must-buy of 2003, but it leaves some room for improvement. Future editions should provide greater details in the solutions, like explanations of the fields in various firewall logs. I'd also like to see the author's names on the challenges, as appeared in the first HC book. The bottom line is that HC2 is a fast read that will entertain, and more importantly, educate.
11 of 11 people found the following review helpful
5.0 out of 5 stars Awesome book, great reading 12 Jan. 2003
By Dr Anton Chuvakin - Published on
The second "The Hacker's Challenge" brought with it another sleepless night of fun security reading. 19 attack cases with solutions and mitigation and prevention strategies are described by a team of known expert authors led by Mike Schiffman.
Impressive wireless DoS attack, social engineering penetrations (including one case with no technical penetration whatsoever), mysterious web defacements, SQL injection, DNS tunneling case and router attack inform and educate, just as the first book did. Authors' mildly perverse sense of humor keeps the reader in a good mood. The book begs to be read in one helping (and then reread, as needed)! "The Challenge 2" again covers a wide range of victims and attack methods.
An interesting case asks for writing an exploit and provides a walkthrough for a simple local buffer overflow attack, a novel feature of this edition.
At about scenario 12, things start to heat up and solving the case starts to require some thinking. Harder to crack cases and more sophisticated attackers up the fun level and value of information learned. Just as in the first book, solving the case usually takes some log analysis, some security knowledge and careful reading about character actions and observations.
In addition to technology-astute readers, the book will also satisfy the hard-core security policy fans. Some of the questions asked about the cases involve policy decisions.
As for the book minor blemishes, it suffers a bit from a "sequel syndrome". Namely, since the first book was so amazingly good, it is very hard to beat it and most people will compare it to the first one. Let's say that "The Challenge 2" is almost as good as its predecessor. A couple of scenarios sound somewhat ridiculous (e.g. one on "wireless terrorists"). Another couple is painfully obvious (few people are impressed by a /bin/sh bound to a port in inetd.conf or by a default router password nowadays). In addition, the scenario names often give out a hint that spoils the fun of "cracking" the story ("Freeloader" and some others).
Overall, the book is a must have, both for its educational and entertainment value. The Hacker Challenge books fuse fun storyline, mystery and technical information in one great package, that makes for awesome reading for all technical readers, in security field and beyond. It was clearly a great idea to invent such a "security thriller" book.
Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal
4 of 4 people found the following review helpful
5.0 out of 5 stars Test Your Skills With These Hacker Puzzles 10 Feb. 2005
By sixmonkeyjungle - Published on
Hacker's Challenge 2 is a sort of practical exam for the Hacking Exposed series. Hacker's Challenge was a terrific book for putting some incident response and forensic skills to use and practicing for the real thing. Hacker's Challenge 2 continues the tradition and should be a must read for anyone who works with network security and incident response. The style of the challenges is fairly entertaining and the plots are so engaging you may not want to put the book down. Its like a best-selling mystery novel for network security techies. It may not affect the quality of the book overall, but I preferred having the authors of the individual challenges identified as they were in Hacker's Challenge. However, you should definitely buy this book!

6 of 7 people found the following review helpful
4.0 out of 5 stars Excellent review of essential skills 6 Jan. 2003
By Nicholas Harring - Published on
Hacker's Challenge 2 is a great review course for anyone in the security industry, or just a sysadmin who needs to know basic security skills (that means all of you sysadmins). The challenges range in ease of forensic review from really simple (DoS attacks and packet sniffing) to very challenging to diagnose.
Probably the best part of the book is that along with every explanation of what happened, is an accompanying explanation of how it happened and what could be done to prevent it.
I strongly recommend this book to anyone who wants to test or expand their network and host security skills.
7 of 10 people found the following review helpful
4.0 out of 5 stars Slightly better. . . 31 May 2003
By Marco De Vivo - Published on
Format:Paperback|Verified Purchase
Yes, Slightly better than the first edition.
However, if you need or like this kind of books give first a try to "Stealing the Network: How to Own the Box" by Ryan Russell, the same idea, but a lot more illustrative and easy to read (still with the same level of very up to date information).
Some extra bucks to spend ?. . . OK, then try both, they complement each other very well.
Were these reviews helpful?   Let us know
Search Customer Reviews

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
First post:
Prompts for sign-in

Search Customer Discussions
Search all Amazon discussions

Look for similar items by category