Excellent Book with lots of resources.
One of my hobbies is suing Telemarketers, and this book gave me an entire arsenal of information I can use to track them down. (I sued one Telemarketer in federal court for $5 million and they settled!) There was one chapter dedicated to Google Dorks which I ran on my own website, and found some exposed PDF files, which I have since removed off the public domain! (oops!) Very extensive book worth the read. Hoping to see future books from this author.
White Hats Only
Troiaâs book is much needed new blood in investigative tools and techniques. This is the first of these types of books I have read with a real investigative scenario which was very helpful to follow along.
Great book
Learned a lot of techniques and ideas from this book it’s very up to date and offers a lot using almost entirely free and open source resources.
Excellent practical guide
Last month, I reviewed Tribe of Hackers Security Leaders: Tribal Knowledge from the Best in Cybersecurity Leadership, and referenced the classic hacking series Hacking Exposed: Network Security Secrets & Solutions by Stuart McClure, Joel Scambray and George Kurtz.Obviously, there has been a tremendous amount of change in the past 20 years of hacking tools and techniques. In Hunting Cyber Criminals: A Hacker’s Guide to Online Intelligence Gathering Tools and Techniques, Vinny Troia has written a splendid guide on hacking, with a focus on its investigative techniques.Troia is well-known in the security world and has a habit of finding massive sets of highly confidential data in highly unsecured locations. From All American Entertainment to Exactis and others, Troia has found large buckets of unsecured data in the cloud.The book goes through not only a vast amount of hacking tools, but it also details how to use them to perform a thorough investigation. The goal is not to simply download the most tools and run them; instead, it is to use them in a structured manner to perform effective intelligence gathering and investigations.Troia also details his mission to discover the real-life identity of The Dark Overlord (TDO). TDO was an international hacker group that targeted high-profile targets and threatened to release embarrassing data and pictures of the victims unless they were paid. If the victims didn’t pay, TDO put the data up for sale and also shared it via numerous forums.As I write this, there are tens of thousands of brilliant scientists working to find a cure for COVID-19. But there might be just as many attackers attempting to use COVID-19 as a means to launch attacks. From phishing emails, malicious COVID-19 information websites with malware and more, hackers are using the current crisis to further their goals.For those who have been a victim of such attacks, the book shows numerous ways and details many tools to discover clues to identify who the attackers were.From a more proactive perspective, the book shows the many ways in which to test systems, identify data flow, test web applications and more to ensure that vulnerabilities are fixed before they can be exploited.Rather than rely on him alone, Troia includes many expert tips from industry luminaries such as Chris Roberts, Troy Hunt, Chris Hadnagy and others. With these tips, the experts show how to more effectively use the specific tools, and avoid many of the pitfalls they first ran into.I have always disliked webinars and articles with titles such as To Beat a Hacker, You Have to Think Like a Hacker and How to Think Like a Hacker. The truth is that most people simply do not know how to think like a hacker. That is not their fault; they also donât know how to think like a neurosurgeon or civil engineer. With that, Hunting Cyber Criminals, in fact, does a great job of showing how it is possible to think like a hacker, except a white hat in this case. And you want to do that to make sure you do not become a victim of a black hat.
The subject of this investigation is from Canada…
To those reading this, it is quite a coincidence that the person at the center of the investigation in this book happens to be a âchildâ from Canada. Perhaps if people do not want books written about them, they should consider not committing crimes.
Scatterbrained
According to the introduction, this book was supposed to show the real work behind open-source intelligence, in contrast to other titles purportedly showing just dull lists of tools and listings. The narrative is based on Vinny Troiaâs largest investigation – against The Dark Overlord hacker group – which took two years of work to attribute malicious actions to physical persons. âHunting Cyber Criminalsâ tries to illustrate how the author set about this task, showing his techniques, thought processes and emotions. In my humble opinion, the result is kind of messy.Vinnyâs computer skills are self-taught and it shows during various tools descriptions. Listings are usually left with no explanations or only shallow ones. Sometimes, a given tool is run multiple times with different settings and all the reader gets is a notice that results changed, without a hypothesis why that happened. Perhaps it is all intentional to show the authorâs interests in results and not in processes behind them, making the book allegedly easier to digest, but for me it was a bit off-putting. One example of such an oversimplification is a comment on searching for âsimilarâ hash values. Similar hashes donât prove anything, you need exact matches! Writing about âthe sameâ hashes would take the same space and be factually correct.The story is not really engaging. Perhaps it would be for someone with insiderâs knowledge; to me it was a hodge-podge of random remarks and chat transcripts. But hey, maybe its jaggedness correctly illustrates the work of an OSINT investigator, juggling multiple forum handles and identities, trying to remember who lied to him about what. I have a strong conviction, though, that the book would be equally legible with even less details presented. Also, the author too often shows disregard towards threat actors which I find unprofessional.I believe the book gives a good impression on Vinnyâs work style and ethics, but – having little background in cybersecurity intelligence in general – I am curious if it pertains to other specialists in the area. The lecture gave me a mental image of an investigator frantically collating data from multiple tools (most of them paid), with not so much a method but rather a perseverance to parse it all. Perhaps it is the only way; what I know is that this book could do much better.
The book itself is great, the storing of it and delivery from Amazon is not. For the price of the book you donât expect it to be damaged whatsoever. Yet I returned and replaced this three times. In the end I gave up and just kept the one with the least damage.
Excellent Book with lots of resources.
One of my hobbies is suing Telemarketers, and this book gave me an entire arsenal of information I can use to track them down. (I sued one Telemarketer in federal court for $5 million and they settled!) There was one chapter dedicated to Google Dorks which I ran on my own website, and found some exposed PDF files, which I have since removed off the public domain! (oops!) Very extensive book worth the read. Hoping to see future books from this author.
I’m coming for u!
Bwahaha
White Hats Only
Troiaâs book is much needed new blood in investigative tools and techniques. This is the first of these types of books I have read with a real investigative scenario which was very helpful to follow along.
Great book
Learned a lot of techniques and ideas from this book it’s very up to date and offers a lot using almost entirely free and open source resources.
Excellent
Highly detailed instructions
Excellent practical guide
Last month, I reviewed Tribe of Hackers Security Leaders: Tribal Knowledge from the Best in Cybersecurity Leadership, and referenced the classic hacking series Hacking Exposed: Network Security Secrets & Solutions by Stuart McClure, Joel Scambray and George Kurtz.Obviously, there has been a tremendous amount of change in the past 20 years of hacking tools and techniques. In Hunting Cyber Criminals: A Hacker’s Guide to Online Intelligence Gathering Tools and Techniques, Vinny Troia has written a splendid guide on hacking, with a focus on its investigative techniques.Troia is well-known in the security world and has a habit of finding massive sets of highly confidential data in highly unsecured locations. From All American Entertainment to Exactis and others, Troia has found large buckets of unsecured data in the cloud.The book goes through not only a vast amount of hacking tools, but it also details how to use them to perform a thorough investigation. The goal is not to simply download the most tools and run them; instead, it is to use them in a structured manner to perform effective intelligence gathering and investigations.Troia also details his mission to discover the real-life identity of The Dark Overlord (TDO). TDO was an international hacker group that targeted high-profile targets and threatened to release embarrassing data and pictures of the victims unless they were paid. If the victims didn’t pay, TDO put the data up for sale and also shared it via numerous forums.As I write this, there are tens of thousands of brilliant scientists working to find a cure for COVID-19. But there might be just as many attackers attempting to use COVID-19 as a means to launch attacks. From phishing emails, malicious COVID-19 information websites with malware and more, hackers are using the current crisis to further their goals.For those who have been a victim of such attacks, the book shows numerous ways and details many tools to discover clues to identify who the attackers were.From a more proactive perspective, the book shows the many ways in which to test systems, identify data flow, test web applications and more to ensure that vulnerabilities are fixed before they can be exploited.Rather than rely on him alone, Troia includes many expert tips from industry luminaries such as Chris Roberts, Troy Hunt, Chris Hadnagy and others. With these tips, the experts show how to more effectively use the specific tools, and avoid many of the pitfalls they first ran into.I have always disliked webinars and articles with titles such as To Beat a Hacker, You Have to Think Like a Hacker and How to Think Like a Hacker. The truth is that most people simply do not know how to think like a hacker. That is not their fault; they also donât know how to think like a neurosurgeon or civil engineer. With that, Hunting Cyber Criminals, in fact, does a great job of showing how it is possible to think like a hacker, except a white hat in this case. And you want to do that to make sure you do not become a victim of a black hat.
The subject of this investigation is from Canada…
To those reading this, it is quite a coincidence that the person at the center of the investigation in this book happens to be a âchildâ from Canada. Perhaps if people do not want books written about them, they should consider not committing crimes.
Scatterbrained
According to the introduction, this book was supposed to show the real work behind open-source intelligence, in contrast to other titles purportedly showing just dull lists of tools and listings. The narrative is based on Vinny Troiaâs largest investigation – against The Dark Overlord hacker group – which took two years of work to attribute malicious actions to physical persons. âHunting Cyber Criminalsâ tries to illustrate how the author set about this task, showing his techniques, thought processes and emotions. In my humble opinion, the result is kind of messy.Vinnyâs computer skills are self-taught and it shows during various tools descriptions. Listings are usually left with no explanations or only shallow ones. Sometimes, a given tool is run multiple times with different settings and all the reader gets is a notice that results changed, without a hypothesis why that happened. Perhaps it is all intentional to show the authorâs interests in results and not in processes behind them, making the book allegedly easier to digest, but for me it was a bit off-putting. One example of such an oversimplification is a comment on searching for âsimilarâ hash values. Similar hashes donât prove anything, you need exact matches! Writing about âthe sameâ hashes would take the same space and be factually correct.The story is not really engaging. Perhaps it would be for someone with insiderâs knowledge; to me it was a hodge-podge of random remarks and chat transcripts. But hey, maybe its jaggedness correctly illustrates the work of an OSINT investigator, juggling multiple forum handles and identities, trying to remember who lied to him about what. I have a strong conviction, though, that the book would be equally legible with even less details presented. Also, the author too often shows disregard towards threat actors which I find unprofessional.I believe the book gives a good impression on Vinnyâs work style and ethics, but – having little background in cybersecurity intelligence in general – I am curious if it pertains to other specialists in the area. The lecture gave me a mental image of an investigator frantically collating data from multiple tools (most of them paid), with not so much a method but rather a perseverance to parse it all. Perhaps it is the only way; what I know is that this book could do much better.
I found it informative and helpful
The book itself is great, the storing of it and delivery from Amazon is not. For the price of the book you donât expect it to be damaged whatsoever. Yet I returned and replaced this three times. In the end I gave up and just kept the one with the least damage.
The cover looks worn and a bit greasy, some of the pages are wrinkled. I was quite surprised by it. I did not read the book yet.