Book Review of “Hunting Cyber Criminals: A Hacker's Guide to Online Intelligence Gathering Tools and Techniques”

Posted on by Ben Rothke

Last month, I reviewed Tribe of Hackers Security Leaders: Tribal Knowledge from the Best in Cybersecurity Leadership, and referenced the classic hacking series Hacking Exposed: Network Security Secrets & Solutions by Stuart McClure, Joel Scambray and George Kurtz. 


Obviously, there has been a tremendous amount of change in the past 20 years of hacking tools and techniques. In Hunting Cyber Criminals: A Hacker's Guide to Online Intelligence Gathering Tools and Techniques (Wiley 978-1119540922), Vinny Troia has written a splendid guide on hacking, with a focus on its investigative techniques. 


Troia is well-known in the security world and has a habit of finding massive sets of highly confidential data in highly unsecured locations. From All American Entertainment to Exactis and others, Troia has found large buckets of unsecured data in the cloud. 


The book goes through not only a vast amount of hacking tools, but it also details how to use them to perform a thorough investigation. The goal is not to simply download the most tools and run them; instead, it is to use them in a structured manner to perform effective intelligence gathering and investigations. 


Troia also details his mission to discover the real-life identity of The Dark Overlord (TDO). TDO was an international hacker group that targeted high-profile targets and threatened to release embarrassing data and pictures of the victims unless they were paid. If the victims didn't pay, TDO put the data up for sale and also shared it via numerous forums.


As I write this, there are tens of thousands of brilliant scientists working to find a cure for COVID-19. But there might be just as many attackers attempting to use COVID-19 as a means to launch attacks. From phishing emails, malicious COVID-19 information websites with malware and more, hackers are using the current crisis to further their goals. 


For those who have been a victim of such attacks, the book shows numerous ways and details many tools to discover clues to identify who the attackers were. 


From a more proactive perspective, the book shows the many ways in which to test systems, identify data flow, test web applications and more to ensure that vulnerabilities are fixed before they can be exploited.


Rather than rely on him alone, Troia includes many expert tips from industry luminaries such as Chris Roberts, Troy Hunt, Chris Hadnagy and others. With these tips, the experts show how to more effectively use the specific tools, and avoid many of the pitfalls they first ran into.


I have always disliked webinars and articles with titles such as To Beat a Hacker, You Have to Think Like a Hacker and How to Think Like a Hacker. The truth is that most people simply do not know how to think like a hacker. That is not their fault; they also don’t know how to think like a neurosurgeon or civil engineer. With that, Hunting Cyber Criminals, in fact, does a great job of showing how it is possible to think like a hacker, except a white hat in this case. And you want to do that to make sure you do not become a victim of a black hat.

Ben Rothke

Senior Information Security Manager, Tapad

RSAC Insights Hackers & Threats

hackers & threats

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community