#TripwireBookClub – Go H*ck Yourself | The State of Security


After a busy start to the year, we were finally able to settle down and take a look at a new book. This time around, we’re looking at Go H*ck Yourself: A Simple Introduction to Cyber Attacks and Defense by Bryson Payne. The No Starch Press page describes the book as “an eye-opening, hands-on introduction to the world of hacking, from an award-winning cybersecurity coach.” In some ways, the book reminds me of a simplified version of Gray Hat Hacking: The Ethical Hacker’s Handbook, a book I used as a textbook for courses I taught about 10 years ago. I’m not sure that I could see myself using this book as a textbook for a college class, but I think this is an excellent book to hand to high school students and I want to discuss that a bit further before I jump into some of the team’s comments.

As I’ve discussed on here before, I love teaching. I’ve developed and taught multiple college courses over the years, I’ve taught programming to high school students, and I love the opportunity to speak to high school and college classes, even if I’m not teaching. One thing that I’ve found over the years is that students aren’t quite sure what to expect when they dive into cybersecurity. This is equally true for high school students and first year college students, many of whom are shocked when they dive into the actual curriculum. I think that this book could be the perfect book to start preparing individuals that are new to the field. This isn’t a book that you read and suddenly get yourself a job in the industry. It’s the book that you read because you want to introduce yourself to the topic and get your toes wet. This is the book that you buy for a curious kid – I could easily see myself gifting this to my niece or nephew. It is a book that should be available in every high school library. Is it groundbreaking? No. Is it going to teach you anything new if you’ve spent a few years in the industry? Probably Not. Is it going to excite and energize those that are interested in the field and want to start exploring cybersecurity? Definitely!

I think that is probably the most important thing to take away from this book. Don’t buy this book for OSCP prep or because you want a job working in a SOC. Buy this book because someone in your life wants to know more about what you do or more about a future career in cybersecurity. Buy this book because it could potentially change a young person’s life and introduce them to technology and concepts that they have never before considered. That’s my opinion though, let’s see what other members of the team thought.


REviewing Go H*ck Yourself

I recently read the book Go H*ck Yourself by Bryson Payne. The book is a bit wide on the topics with not a lot of deep discussion of each topic. As a result, I would only recommend the book to folks that have almost no knowledge of security such as one wanting to enter the field who has a basic background of operating systems and installing and using application software. The book ranges in topics from browser passwords to hacking simulated automotive systems. I think one of the better chapters was “Chapter 7: Stealing and Cracking Passwords”. The book does a decent job of showing the tools and techniques needed for this aspect of security. Also, “Chapter 11: Ten Things You Can Do Right Now to Protect Yourself Online” was a good closing piece, especially since is relevant to users that are new to security.

Rating: 3.5/5

Lane Thames

Principal Security Researcher

Tripwire


Go H*ck Yourself by Bryson Payne explains the basic and intermediate concepts for exploiting systems. Bryson explains how to do some physical exploitation concepts and how to protect against them. For example, Bryson explains how to use sticky keys to gain access to a command prompt. Bryson explains why BIOS passwords are useless and why it is necessary to encrypt the file system. Bryson mentions why it is necessary to have proper social media hygiene and why it is necessary not to over share personal information. “Go H*ck Yourself” also explains to the basic methods for exploitation such as SQL injection, Mimikatz, and hash cracking.

Rating: 4.0/5

Andrew Swoboda

Senior Security Researcher

Tripwire


This book is laid out in a straightforward manner and has steps that can be easily followed by anyone. This is a great introduction level book for someone looking to get a feel for hacking on various platforms. The information was easy to follow, and the phrasing made clear what to do from the beginning. I appreciated that the chapters were finished with a condensed take away for readers to keep in mind the impacts of the hacking they are learning about.

Rating: 4.0/5

Sam Zeigler

Security Researcher

Tripwire


It had been a long time (years long in fact) since I had to leverage a boot disk to gain access to a computer. In my case, most of my environments are virtualized due to the nature of my role; needing to access to different versions of Windows almost daily helps me with developing and testing vulnerability management content. While reading Go H*ck Yourself, one specific “hack” stood out to me. This “hack” delves into using “Sticky Keys”, but not in the way you think. Sticky Keys is a Windows Accessibility Feature that makes it easier to use and issue certain keyboard commands by allowing you press one key after another instead of all at once.

Running through the Sticky Keys Hack was a neat little exercise, and I can see how would spark the interest of individuals who are curious about hacking. Typically, the first thing when it comes to learning about hacking is having physical access to a computer. The Sticky Keys Hack guides the user through the steps as though the user had access to a spare computer to try this on. The book describes how to boot from an installation disc (or USB device), which gives the user the ability to access repair features, including System Restore, Full System Image Recovery, Startup Repair, and the key to this attack, the Command Prompt. Loading the Command Prompt lets us access files local to the installation disc, but also, lets us pivot to access files that are located on the local hard drive. The book takes us through accessing the System32 folder, a key location in Windows that houses a lot of critical binaries and files; two of these files are the executables for Sticky Keys and the Command Prompt. From this point, the book describes how to replace one binary with the other and reboot the system to gain access to a command prompt and then the full system.

Overall, it was a cleanly laid out exercise that lives up to the book’s description of “a simple introduction to Cyber Attacks and Defense”.

Rating: 3.0/5

Dylan D’Silva

Security Researcher

Tripwire


I’m torn on how to rate this, but assuming the intended target is high school students, I’m giving this a solid 4.5/5.

Overall Rating: 3.8/5

We don’t have any plans for another book at the moment, so if you have any suggestions, let us know on social media.



Source link