Book Review: "Offensive Countermeasures: The Art of Active Defense"
This inexpensive security book was an interesting, fun, and overall a short but eye-opening read! I'de recommend this book for any hobbyist computer scientist, web developer, or penetration tester. While not always practical, this book has several novel and exciting techniques that promote a deeper understanding of computer science and computer security, despite a few spelling errors. Ultimately, I give this book 6 / 10 stars, because I really enjoy the concepts but its a bit impractical and just goes over the surface of of the ADHD tool suite.
The entire book is based on the ADHD tool suite, The Active Defense Harbinger Distribution, which is based on tools for 'hacking back', or setting traps for attackers. Before you blow a fuse over the term 'hacking back', you should read how John Strand writes a compelling set of needs, ethics, case law, and guidelines for the modern defender. In fact, he devotes an entire chapter, Legal Issues, and clearly states if you plan to implement any of these techniques in production you should always talk to management and legitimate legal council before hand (Neither him, nor myself, are lawyers). The following chapters are Annoyance, Attribution, Attack (all dealing with tools in the ADHD suite), and wrapping up with Core Concepts. I'm of the opinion that Core Concepts should be read first, such that everyone has a clear understanding that the techniques discussed in the bulk of the book are auxiliary to solid patching, defense in depth, and security awareness. The meat of the book goes through a massive list of tools in ADHD, showing how to install, use, and a bit of theory behind each tool.
The chapters are fairly self descriptive. Annoyance deals with slowing and adding false positives to automated tools. Attribution deals with using many phone-home tools, to report the location of attackers. Attribution also deals heavily with using honeypot software. Finally, Attack deals with using tools such as BeEF, Metasploit, and SET to create client side attacks, to get a foothold (when you have the right to get such access) on an attacker's machine. Strand takes efforts to emphasize a 'do no evil' approach, where he advises only using the foothold to get evidence, then get off! For more details, Strand's talk below actually goes over a lot of the same information:
