The first 175 pages of the book provide an excellent introduction to the world of software cracking. After an introduction to assembly, they focus on reverse code engineering Windows, Linux and Windows CE platforms. The authors live examples coupled with their ability to clearly explain this science/art allow one to experience first hand the reversing process. They go on to explain both buffer and heap overflows with a live challenge to execute only reachable via proper manipulation of a buffer overflow condition. This section provided new experiences for me and was great fun.

The book continues to discuss threats through the eyes of an attacker, while providing guidance on defending against these attacks. Topics such as network stalking, wireless security, Unix, Windows attacks, SQL and SOAP threats are covered. Although more general in nature, I found these sections helpful in that the authors have an excellent way of explaining concepts such as the Window's Kerberos implementation and packet analysis. The information provided in these chapters has something for both introductory and advanced security professionals.

What I really took away from these chapters was awareness. Awareness that whatever your specific job functionality, be it security admin, system admin, network admin or application developer, we all must continually strive to assess the threats with which were are faced and make determinations as to how to defend against them. There will never be an end to that which we need to learn and like true warrior we must evolve and train to face these challenges.

The book ends with defense tactics such as ids and honeypot deployment as well as incident response and forensic analysis. They also included some methods of deterring the IR process which gives added insight to the process. Again, these chapters are full of very useful, practical information such as means of determining the efficacy of in IDS. As one who diligently studies the honeynet's Challenge of the Month, I really enjoyed the information provided as more insight how we can sanely assess and manage the ever mounting threats against us.

For an individual working in or planning a career in information security this book would be very valuable. It provides an overview of all the various technologies one must understand with vast amounts of granular information. The references at the end of each chapter, the hands on approach to the examples, and the authors' ability for clear explanation made this an incredibly fun and practical book.

Contents
This is a detailed guide on how to reverse-engineer and analyze software and systems for vulnerabilities and exploits.

The book is divided into five parts:

Part 1 - Software Cracking - Assembly Language; Windows Reverse Engineering; Linux Reverse Engineering; Windows CE Reverse Engineering; Overflow Attacks

Part 2 - Network Stalking - TCP/IP Analysis; Social Engineering; Reconnaissance; OS Fingerprinting; Hiding The Tracks

Part 3 - Platform Attacks - Unix Defense; Unix Attacks; Windows Client Attacks; Windows Server Attacks; SOAP XML Web Services Security; SQL Injection; Wireless Security

Part 4 - Advanced Defenses - Audit Trail Analysis; Intrusion Detection Systems; Honeypots; Incident Response; Forensics and Antiforensics

Part 5 - Appendix

Review
"Know Your Enemy". This phrase is on the cover of the book Security Warrior, and it is an apt subtitle for the book. Very few security books on the market today do more than just tell you about the types of software and network attacks that exist. Peikari and Chuvakin go beyond the "what" of attacks and show you "how" to exploit systems and software.

This book is definitely geared to the experienced developer or network administrator. For instance, the first eight pages is an explanation of assembly language, registers, stacks and the like. Each following chapter on reverse engineering then takes that knowledge and walks you through how to analyze an executable using tools that you can purchase or download. Obviously, if you have absolutely no assembler language knowledge, you'll be lost here. But if you have that background, you'll start to learn how hackers develop exploits, and how you can build more secure software once you understand the vulnerabilities.

At the end of each chapter, the authors list a number of additional references (both books and websites) that can help you to further your understanding of the material presented. This is a great addition if you are looking to focus in on a particular type of attack, like those related to wireless security. At the website for the book, they have also made sample programs available that can be used by the reader to work through exercises in the book. For instance, when they present information on reverse engineering, they also provide a sample program that you can analyze and crack. A perfect way to lead the reader from theory to practical knowledge.

The argument could be made that this book could be used by crackers to learn how to break software. The reality is that this information is already out there. A book like this will help those who are trying to prevent break-ins understand the methods that are being used against them. And henceforth, the sub-title "Know Your Enemy".

One caveat about the book... Be very careful with the material presented in the reverse engineering section. Under the Digital Millennium Copyright Act (DMCA), reverse engineering can be considered a crime in certain circumstances. The authors acknowledge this, and that's probably why they provide their own sample programs for you to work on. Still, just remember that this knowledge, if misused, could land you in some very hot water.

My only complaint about the book... The sumo wrestlers on the cover really needed to be bigger... :-)

Conclusion
This is one of the few books that goes beyond the "what" and deals with the "how" of system and software security. A thorough reading and study of this book will arm you with the tools and knowledge you need to analyze and bight back against software

Many security books only get to the juicy stuff around page 150.

Security Warrior gets there on about page 4.

This is an intense advanced book and is one of the best around.

This is an amazing book, covering an incredible amount of ground. I had a little trouble following some of the details on IDA Pro, but the authors were very responsive and helpful. This is the kind of book You'll want to read and re-read. I've got the chapters on software Reversing dog-eared already. The book is very well organized and well worth the investment.

This is the book's main purpose, to show the reader computer security from the perspective of the person trying to attack and invade your computer or network. This is clearly not a book for beginners, as the book's introduction states this. It is for system admins and others interested in learning all they can about computer security. It truly provides a wealth of information in its 500 pages about different ways those so inclined can wreak havoc on your computer system or network.

There are chapters on "reverse engineering" programs (after a brief introduction to assembly language which the book points out gives you lots of control over a computer's CPU). These are ways you can reverse engineer programs in Windows, Windows CE (interesting how before reading this book I'd never given thought to how handheld devices could also be attacked and/or infected with virii or worms), and Linux. This of course proves that even the Linux OS is not as secure as some might think.

I liked the chapter on social engineering because it proves how you can infiltrate a system by researching the company for specific names and charm your way into getting sensitive information, which leads into "online reconnaissance" and also ways to hide your tracks (or is this known as "covering your ass?) so you don't get caught?

There's a whole section of the book that describes attacks on various platforms (Unix, Windows Client & Windows Server, SQL and Wireless) and the book's last section describes methods of defense against them.

This is a book with an amazing amount of information that at first glance may scare the living daylights out of some sys admins when they learn of the relative ease with which a system can be compromised. Then again, most security experts know of the risks and dangers involved with computer security. And I've always felt that to defend yourself against an attack, you should "know the enemy." This book offers lots of ways and "tricks" to do just that.