In February of 2010, Dr. Ali Jahangiri released his "Live Hacking" CD, a bootable CD with tools to assist in penetration testing. The idea of bootable media (e.g., CD, DVD or USB drive) being used for penetration testing is not new, most notably due to the widespread use and popularity of the BackTrack Linux Distribution. After the release of "Live Hacking", several people called the value of the new distribution into question. What did it offer that BackTrack or others did not?
A brief conversation occurred on the PaulDotCom mail list about this topic, and ended up with a brief review by Andrew Ellis. When Attrition.org challenged Jahangiri via Twitter on the value of the tool, (href="http://twitter.com/dralijahangiri/status/13527657543 now 404) he replied saying "Live Hacking CD is much easier than BackTrack and its tools are updated." This prompted Wesley McGrew to conduct a more thorough review of the distribution, as compared to BackTrack. After the review work, McGrew concluded:
The Live Hacking CD is a disc designed as a companion to a class, and I'm sure it fits that purpose well. There are good reasons for developing custom live CD's for classes. It does, however, have limited use outside of the class.
Outside of the classroom, Backtrack 4 is a much better choice, in my opinion. It has a much more comprehensive set of tools, a system for updating them, and a team of developers that are committed to keeping it relevant. Unless you have a very specific need for something else, BT4 is as good as it gets for pen-testing Live CDs.
Gary Sims replied to McGrew's review saying he is a contributor to the Live Hacking CD project. He emphasizes that "competition is good for everyone" and confirms "they are two very different beasts". This is a logical reply on the surface, but really contradict Jahangiri's claims that the Live Hacking workshop (based on the CD) is "the next must-have", "definitive" and "comprehensive".
In looking at the Table of Contents of the Live Hacking book, several things are obvious. Books that attempt to cover all related topics to penetration testing or hacking were useful ten or more years ago. The amount of information available back then could more reasonably be summarized in a book with enough depth to be useful. In recent years, the amount of tools and techniques has dramatically increased, yet the books attempting to cover the topics have not grown in size. The Live Hacking book is no exception, attempting to cover too many topics in a mere 214 pages.
The second thing that is immediately obvious is just how outdated this book already is upon release. The process of publishing a book will subject the author to being outdated by months due to the process of getting the material to print. However, Live Hacking appears to cover some material that is over a decade old and not relevant in the capacity of teaching someone about penetration testing. Looking at chapter 11 as an example:
CHAPTER 11: DENIAL OF SERVICE (DOS)
PING OF DEATH
TEARDROP ATTACK
SYN FLOODING
LAND ATTACK
SMURF ATTACK
FRAGGLE ATTACK
SNORK ATTACK
OOB ATTACK
MAIL BOMB ATTACK
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACK
TARGA HACKING TOOL
NEMESY
PANTHER 2
In October of 2009, Jahangiri's book attempts to cover Denial of Service (DoS) attacks by talking about very specific tools and attacks. Instead of spending a chapter talking about the concepts of DoS attacks, it is a simple laundry list of outdated attacks. Comparing the tools and attacks with the date each was released becomes very telling as to the timeliness of this book:
Tool / Attack | Date Published | Comments |
Ping of Death | 1997-01-01 | N/A |
Teardrop | 1997-11-13 | N/A |
SYN Flood | 1996-10-01 | N/A |
Land | 1997-12-16 | N/A |
Smurf | 1997-10-01 | N/A |
Fraggle | 1998-03-15 | N/A |
Snork | 1998-09-28 | N/A |
OOB | 1997-05-07 | Assuming this is the classic "winnuke" attack. |
Mail Bomb | 1999 or earlier | CERT covered mail bombs in 1999, but this attack had been used for years before. |
DDoS | (timely) | While a timely topic, the chapter breakdown and 214 book page count suggests this would get 2 pages or less, when an entire chapter could be written. |
Targa | ?? | The second hit on Google is Jahangiri's page, suggesting this tool is not popular or widely used. |
Nemesy | 2007? | Google suggests it is a tool to generate 'random packets'. |
Panther 2 | 2008? | This tool is found in several 'hacking tools' archives. |
This list doesn't suggest it was written by an "expert". Picking mostly specific DoS attacks from over 10 years ago doesn't give the impression that this book is current, or that the author has any real understanding of today's security threats.
Skimming through the other chapter breakdowns, this book appears to be no different than the dozens of security books released each year that are glorified cut-and-paste jobs with their material largely taken from the net. His choice of organization such as 'L0phtcrack' under "Password Cracking", but 'John the Ripper' under "Windows Hacking" suggests Jahangiri doesn't fully grasp the tools he discusses. The Chapter 10 breakdown on "Web Server & Web Application Hacking" is curious, with "large number of open ports" and "Metasploit" in this section.