Review: Redefining Hacking – Help Net Security

Redefining Hacking takes a look at how red teaming and bug bounty hunting are changing, especially now that AI is becoming a bigger part of the job.

About the authors

Omar Santos is a Distinguished Engineer at Cisco focusing on AI security, research, incident response, and vulnerability disclosure. Savannah Lazzara is a Security Engineer at Amazon, and co-lead of Red Team Village. Wesley Thurner is a Principal Security Engineer at Intuit.

Inside the book

The early chapters explain the differences between penetration testing, red teaming, and bug bounty programs. They also show how these three areas can support each other. The authors don’t treat them as separate boxes. Instead, they explain how the techniques often overlap and why that matters for defenders.

Red teaming gets the most attention, with sections on building infrastructure, avoiding detection, using C2 frameworks, and working through physical and social engineering scenarios. The book also covers purple teaming, adversary emulation, and how red teams can help improve detection and response, not just find problems.

AI is a major part of the book. The authors look at how red teams are targeting AI systems and also how they are using AI to automate tasks. There is a section about creating malicious AI models and using them to trick researchers into downloading backdoors. Other parts explain how tools like ChatGPT, LLMs, and data poisoning work in real scenarios.

Each chapter ends with questions or exercises. That format makes the book useful for people who are new to red teaming or looking to build a training plan.

Who is it for?

Redefining Hacking is a good book for anyone who wants to understand offensive security. It shows how red teaming, bug bounties, and AI are coming together, and it does so without overcomplicating the message.