Hello friends and welcome to HaXeZ where today I will be giving my opinions on the book Cyberjutsu. It’s written by Ben McCarty and published by no starch press. As as soon as I learned of its existence, I had to purchase it. I found it used on eBay for around £10 which isn’t bad considering it’s a recent publication.
I’ll be honest, the main reason I wanted to purchase this book was because of its association with ninjas. Ancient Japan and the Samurai and Shinobis is a fascinating subject. However, I thought this book was going to be a novelty read with no real relation between Cybersecurity and Shinobi. I genuinely thought It was going to be a gimmick used to sell a book. I was very wrong!
Ben McCarty does an incredible job of demonstrating how modern cybersecurity tactics can be compared with ancient Shinobi. Whether you’re a feudal lord of a medieval castle trying to prevent shinobi infiltrations. Or a computer hacker trying to compromise an evil organization’s computer network. This book does an excellent job of helping you visualize how to approach offensive and defensive security.
Times To Attack
This book covers a vast number of scenarios including situations like knowing what time to attack. The author explains how the ancient Shinobi scrolls categorize the different times of the day. The Hour of the Hare is between 05:00 am and 07:00 am and is when users first log on. Furthermore, the Hour of the Horse is between 11:00 am and 01:00 pm and is when users take their lunch. It explains how the Hour of the Tiger (03:00 am and 05:00 am) is when batch jobs are running and most users are logged off. The ancient scrolls would detail the best times to attempt infiltrating the enemy castle and the risks associated with each time.
The author explains how Shinobi used specific tools for the task that they have been assigned. It wouldn’t be feasible for them to carry a huge tool kit with them on their infiltration missions so they would have to live off the land. This could involve utilizing farming tools as weapons. This is then compared to a computer hacker infiltrating a computer network and only having the built-in tools of the operating system at their disposal. He explains how hackers could utilize tools like PowerShell to elevate their privileges and slowly take over the network.
Chapter 9 discusses how ancient castle lords would use sensors such as smelling scouts, listening scouts, and outdoor foot scouts to try and catch Shinobi that were attempting to infiltrate the castle. Furthermore, it explains how Shinobi would employ tactics and techniques to evade and defeat these sensors. These ancient sensory techniques were used to describe modern network sensors and how threat actors can evade them.
According to Ben McCarty, Shinobi used social engineering tactics much like today’s hackers. Hackers use social engineering to trick users into providing the hacker access to sensitive information. Shinobi would do the same. They would impersonate different people in order to bypass castle defenses. They would disguise themselves as merchants or presents, people who wouldn’t draw much attention. This would allow them to slip through the first-line defenses.
The Shinobi would use so-called fire attacks to distract guards. This could allow the Shinobi to then perform some other nefarious task like breaking into a restricted building. It could also be used as a distraction before the Shinobi’s allies attack the castle. For example, there was one method where they would attach a fire stick to a horse and set the horse free. The horse would round around the castle setting everything on fire. The author compares this distraction method to how malicious threat actors attack computer networks. Hackers use attacks like denial of service attacks to distract system administrators. While their denial of service attack is targeting one system and keeping the administrators busy, the threat actor would exploit another target.
Command and Control
In Cybersecurity, Command and Control or C2’s are applications that allow the threat actor to control multiple machines. Furthermore, It allows them to send instructions to these machines and can be done in a number of different ways. Some examples given in the book were C2’s that used public forums like the Microsoft forum, or Twitter to send instructions to the affected machines. This is then compared to the way in which Shinobi’s communicated with the outside world. The Shinobi would listen out for signals from the outside world. These signals could have been drums in the distance. The drum beats would allow the Shinobi to receive instructions.
One chapter of the book discusses the best methods of hiring people in the cybersecurity industry and how it can be compared dot how Shinobi were recruited. It explains that rather than recruiting for talent, the focus should be on hiring people with certain character attributes. These attributes include intelligence, patience, capability, loyalty, and eloquentness. The TTPs of the Shinobi could then be taught to the individual later. As with cybersecurity, it is important to employ people with certain character traits rather than recruiting the most skilled hackers. You never know, you could be recruiting a spy for a nation-state.
After each chapter, Ben McCarty includes excellent thought exercises where you play the role of a Daimyo or Lord of a castle. You’re given a scenario and are asked to come up with ideas on how best to defend the castle against such a scenario. While this is an excellent exercise for blue teams, I feel there is an opportunity for a second book that focuses specifically on offensive security. I had a lot of fun thinking about ways in which to attack the castle rather than defend it. I guess that was the author’s intention, getting the reader to visualize scenarios and how best to go about your role as either blue team or red team.
I had a lot of fun reading this book. It is by far one of the easiest technical books that I have read in a while. I’m not sure whether that was due to the comparisons to Shinobi holding my interest. Or whether it was due to the authors writing style that made it easy to read. Either way I blitzed through this book quickly and have recommended it to a few of my colleagues in the Cybersecurity industry. I wish I could do a better job of explaining why you should pick this book up but I don’t want to spoil the contents. I will leave you with an excellent quote from the book which can easily be reworded for the modern Cybersecurity professional.
Although there are millions of lessons for the shinobi, that are both subtle and ever-changing, you cant teach them in their entirety by tradition or passing them on. One of the most important things for you to do is always try to know everything you can of every place or province that is possible to know… If your mind is in total accordance with the way of things and it is working with perfect reason and logic, then you can pass through “the gateless gate”. The human mind is marvelous and flexible. It’s amazing. As time goes by, clearly or mysteriously, you will realize the essence of things and understanding will appear to you from nowhere… On (the path of shinobi) you should master everything and all that you can. You should use your imagination and insight to realize and grasp the way of all matters.Unknown