[Dailydave] Book Review : Network Attacks & Exploitation : A Framework

[Darkpassenger]

how long ago was my last book review ? doubtful . maybe around 10 years 
ago at the time Pedram Amini's OpenRCE was relevant and rootkit.com an 
openre had happy contributors . so i write this review for a book on 
Cyberwar , which is small in size but rich enough for content..as 
somebody who's been involved with actual cyberwars his whole adult life 
- no kidding . i hope you read the review , then read the book and find 
more advanced steps after that trusting you have been show the right 
direction and language and basics to form strategies of your own in 
perhaps more complex frameworks - although very similar to the one 
discussed in the book . all boiled down from experience -- and dudes , 
trust me , Cyber is young and you can simple get ahead by listening and 
looking at what folks has done in relatively recent years..and reach to 
a level of wisdom using the book and there it is ..real life - you and 
your decisions toward CNA/CNE/CND..

Specifics :
Network Attacks & Exploitation
by Matthew Monte
tech edit Dave Aitel
Published by
John Wiley & Sons, Inc.
Published simultaneously in Canada
ISBN: 978-1-118-98712-4
very late of 2015
192 pages
25.8 MB in PDF
the names of CIA and NSA is mentioned in the first pages for various 
reasons . some are ass-covering some are funny law practice by people 
hungry for a chair in some building . all that aside this tells me the 
author and his editor and adviser were in ranks of SPY . yeah , of 
course we are cool with that :>

A.audience : this is a small book . its good . fit the profile of many 
courses in university or in-job training courses where people got to 
understand --WITHOUT BULLSHIT -- what is Cyberwar and Why would they 
care about that . i assume computer students , young hackers who have 
lost their soul yet , policy makers , think-tanks , military courses , 
governmental education programs official handbook , a must for 
Journalists and also for whoever is in Media , a requirements for people 
involve in strategic decision in other domains whether Senior or Junior 
-- again this is a relatively small book . i realize this book will have 
good impact on these social groups .

B. what do i get from reading , honestly ?
here are headlines , chapter by chapter :

1.CHAPTER 1 : understanding what an ATTACK really is and what roles does 
it play in our warfare
you will learn about CNA and CNE and also the possibility of attacks 
from cyber get Kinetic or not -- and what values any of those situations 
may or may not have based on our cyberwar strategy .

2.CHAPTER 2 : here you get a through analysis of an ATTACKER , his 
standard operations and digestion of the operations into the separate 
parts of PHASE of an Attack  . here its also discussed why each phase 
takes place and what are the outcomes --which one is tactical and which 
strategic .

3.CHAPTER 3 : talks about the DEFENDER . against the force of attacker . 
what would be the life-cycle of a defender and what are the primitives 
in defense a defender must pay too much attention .

4.CHAPTER 4 : discusses the various angles of ASYMMETRIES in Cyber . you 
gotta know how to think as an attacker or defender to handle the 
asymmetry effect of cyber in the op you are dealing with . if you are 
into use or abuse this characteristic of Cyber then this chapter is 
definitely yours to read .

5. CHAPTER 5&6 : if you are an attacker u most certainly want to know 
about your possible FRICTIONS . same is true for defenders , although 
with different point of views but still about possible FRICTIONS . there 
is a strong saying goes like " you knowww... shit happens" - and if you 
have faced one of these situations , read these two chapters .

6. CHAPTER 7 : is all about Offensive Strategy . here you learn the 
steps required to come at a good strategic understanding of your planned 
offense  - what info and resources you gonna need and what are the 
typical pitfalls ,,,
in this part of the book , the word "Framework" is taking shape and real 
meaning .

7. CHAPTER 8 : obviously about defense Strategy . a 15 pages short 
discussion how to develop a defense strategy shows one of the two things 
: either Author didnt want to get dirty in technological side of defense 
which is very big business and folks livelihood depends on it -- or , he 
thinks the tone of this book calls for about this amount of defense data 
not much more . well , its up to you to read the book and make judgments 
i suppose .

8. CHAPTER 9 : is an interesting collection of very latest Cyber 
incidents some could be translate to war and you read all the facts here 
in one place without disruptions . its important you get facts with less 
propaganda and business or politics disruptions . i assume the author 
did tried for this to happen . this chapter is interesting for 
college-type people or law practitioners who may get in different sides 
of cyber conflict . this is the experience and skill you are gonna need 
out there

Final notes : this is a small 200-ish mages book with easy and fresh 
language not complicated for average and above to understand and 
comprehend . at the same time , it teaches about having strategies and 
making moves based on a Framework . which makes it different than the 
usual hack/cyber book . its not about tools and its not about 
philosophical thoughts -- its a in-between book for a easy read about 
Cyberwar and what could be defined around it now that we are slowly 
getting more and more into it , every time with names and shapes and 
angles and different motivations.. this book hopefully help the reader 
to analyze a cyber event or if planning one , do it like professionals 
in recent history done some won some failed and there are lessons to be 
learned .

judgement : good book . above average . tell your friend specially with 
average or less experience in cyberwar ..or as we used to call it netwar 
back in university ;) to buy it

objections : obviously not every book is perfect . across the book 
author has chosen to place a SHARK picture whenever he wants to 
demonstrate an attacker . well , i have been an attacker my whole adult 
life and even if i would want it couldn't be possible to list the sort 
of mass or targeted damages i caused or my strategies led to them..now 
when i see that a nice and very "delicious" fish , the lovely shark is 
set to be the attacker i am insulted ! dude i hope you edit the second 
edition and put a human as the attacker..human with pink 
heart..motivations..intelligence and GREED . it would be much more fair 
and wont bother animal lovers like me :)

i have things to add to this mail . they are coming in the next one .
-dp