The Hacker's Zibaldone
()
About this ebook
A "zibaldone" is a type of book that originated in 14th Century Italy, typically used as a notebook to collect notes, ideas, and observations on a wide range of subjects.
True to its original name, "The Hacker's Zibaldone" is not just another cybersecurity book. It's a holistic, practical, and fun introduction to this challenging world by means of a varied collection of tutorials, reviews, insights, code snippets, walkthroughs, stories, and recommendations where everyone, from students and hobbyists to seasoned professionals will find something unexpected, curious and new.
A wide range of cybersecurity topics is covered, including:
* Introductions to basic concepts, terminology, and principles
* Tutorials and best practices
* Instructive code snippets
* Step-by-step walkthrough of online CTF challenges
* Reviews of cybersecurity-related books, movies, and games
and even some original AI-generated and hacker-themed stories and artwork!
Related to The Hacker's Zibaldone
Related ebooks
Making Passwords Secure Rating: 0 out of 5 stars0 ratingsCyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers Rating: 0 out of 5 stars0 ratingsMy Data My Privacy My Choice: A Step-by-step Guide to Secure your Personal Data and Reclaim your Online Privacy! Rating: 0 out of 5 stars0 ratingsAWS Security Services A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsAdvanced OSINT Strategies: Online Investigations And Intelligence Gathering Rating: 0 out of 5 stars0 ratings8 Steps to Better Security: A Simple Cyber Resilience Guide for Business Rating: 0 out of 5 stars0 ratingsCyber Guerilla Rating: 0 out of 5 stars0 ratingsOSINT Hacker's Arsenal: Metagoofil, Theharvester, Mitaka, Builtwith Rating: 0 out of 5 stars0 ratingsCybersecurity Charter Standard Requirements Rating: 0 out of 5 stars0 ratingsSOA Security Rating: 0 out of 5 stars0 ratingsKali Linux, Ethical Hacking And Pen Testing For Beginners Rating: 0 out of 5 stars0 ratingsCybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats Rating: 3 out of 5 stars3/5Virtually Undetectable: High-Tech Crime Solvers Rating: 0 out of 5 stars0 ratingsCybersecurity Protocols A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsDefense in Depth: An Impractical Strategy for a Cyber-World Rating: 5 out of 5 stars5/5macOS Ventura For Dummies Rating: 0 out of 5 stars0 ratingsInsider Threat Program A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsTales of Cybercrime and Other Cyber Tales Rating: 0 out of 5 stars0 ratingsNext Generation Red Teaming Rating: 0 out of 5 stars0 ratingsPro Azure Governance and Security: A Comprehensive Guide to Azure Policy, Blueprints, Security Center, and Sentinel Rating: 0 out of 5 stars0 ratingsCEH v9: Certified Ethical Hacker Version 9 Practice Tests Rating: 0 out of 5 stars0 ratingsPhishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails Rating: 4 out of 5 stars4/5Choose Your InfoSec Path: An Interactive Cybersecurity Adventure for Beginners Rating: 0 out of 5 stars0 ratingsHack Attacks Revealed: A Complete Reference with Custom Security Hacking Toolkit Rating: 3 out of 5 stars3/5CEH v9: Certified Ethical Hacker Version 9 Study Guide Rating: 0 out of 5 stars0 ratingsSecuring Social Media in the Enterprise Rating: 0 out of 5 stars0 ratingsInsider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft Rating: 0 out of 5 stars0 ratingsInsider Threats Rating: 5 out of 5 stars5/5
Security For You
Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsMike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Pentester BluePrint: Starting a Career as an Ethical Hacker Rating: 4 out of 5 stars4/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsPractical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5
Reviews for The Hacker's Zibaldone
0 ratings0 reviews
Book preview
The Hacker's Zibaldone - Roberto Dillon
About the Author
Associate Professor Roberto Dillon holds a Ph.D. in Computer Engineering from the University of Genoa (Italy) and a Certificate in Cybersecurity from the Rochester Institute of Technology (USA). He has published several books for CRC Press, AK Peters, and Springer. He is an (ISC)² Member and an IEEE Senior Member with many years of experience in game design and cybersecurity, which were his passions since the mid-1980s when he began programming text adventure games on a Commodore 64.
Prof. Dillon has been invited to speak at major international events such as the Game Developers Conference in San Francisco and TEDx in Milan, among many others. Currently, he serves as the Academic Head of the School of Science and Technology at James Cook University Singapore. In 2013, he founded the first Computer Game Museum in Southeast Asia. Additionally, he teaches subjects such as Behavioral Cybersecurity
for the dedicated Bachelor's degree in Cybersecurity that he designed and launched in 2020, in collaboration with various industry partners.
Bibliography:
As Author:
On the Way to Fun
(AKPeters, 2010)
The Golden Age of Video Games: the birth of a multi-billion dollar industry
(CRC Press, 2011)
HTML5 Game Development from the Ground Up with Construct 2
(CRC Press, 2014)
Ready: a Commodore 64 Retrospective
(Springer, 2015)
2D to VR with Unity5 and Google Cardboard
(CRC Press, 2017)
The Hacker’s Zibaldone: Tutorials, Concepts, and Insights on Cybersecurity
(2023)
As Editor:
Teaching and Learning with Technology
(World Scientific, with Lee Ming Tan, 2016)
The Digital Gaming Handbook
(CRC Press, 2020)
Digital Transformation in a Post-Covid World: Sustainable Innovation, Disruption, and Change
(CRC Press, with A. Kuah, 2021)
Introduction
I got the idea for this book after starting my cybersecurity blog on Medium¹ and I realized that short, blog-style articles can still be tied together like pieces of a jigsaw puzzle to tell a more complex and articulated story in a highly digestible format. With our often frenetic lifestyles, we need something concise and spot-on that we can read while commuting, something we can enjoy by randomly picking up an article to discover something new and curious. Such an agile, blog-style format seems like an excellent choice to achieve just that even for the old-fashioned printed page. Even better, this printed book won’t even drain your smartphone battery (unless you are reading the e-book format)!
In any case, grouping many different things together is not something new: the concept of a zibaldone
, or a heap of things
in plain English, is very ancient and dates back to several hundred years ago, when merchants first and then poets, used to write down all their various notes, observations, and compositions together in a single volume.
Can this approach still work in the XXI Century for a technically complex and vast field such as cybersecurity? Well, that is what I wanted to find out with this project, which ideally also wants to bridge the online world to the printed page as it includes a few revised and expanded articles from my own blog as a starting point to progress in many different directions. In particular, the book is articulated into five different parts.
Part I, Cyber World
, provides introductions to basic concepts, terminology, and best practices as well as some historical recollections of early cybersecurity incidents, to introduce the reader to the modern cybersecurity jargon and issues.
Part II, Cyber Reviews
, instead, introduces the cyber security world from a completely different perspective, i.e. via the fictional lenses of movies, books, and games. Both retro and modern examples of famous creative works, as well as a few hidden gems, will be discussed to capture the readers’ attention and bring them into this exciting world.
Part III, Hacker Inspired: AI-generated Artwork
adds a fictional
component to the book by introducing creative uses of the latest AI technologies to engage the reader in hacker’s inspired poems, short stories, and even paintings in the style of famous artists. The goal of this section, besides its entertainment value, is to make the reader reflect on the great progress we have achieved in the AI field in the past few years but also to consider its current shortcomings and the huge work that is still ahead for creating believable artwork.
Part IV, Hack Tricks
, is the more technical part of the book and it is designed to complement Part I to offer practical tutorials, insights, and code snippets in C, Python, and more. Here the reader is introduced to fundamental concepts related to cybersecurity and secure coding, from exception handling to unit testing, from writing code able to thwart common web attacks to understanding how malware is written and achieves its nefarious purposes.
Part V, CTF Walkthroughs
, is the most hands-on section. It concludes the book by introducing the very popular Try Hack Me
online platform and offers a series of step-by-step tutorials to solve a few CTF challenges so that readers can be guided in a reflective way to experience hacking first-hand in a safe and well-presented online virtual environment.
Target Audience
The main target audience of the book includes hobbyists who want to learn new concepts, reflect on current trends, and refine a few more technical aspects. Industry professionals may also find some food for thought by exploring several of the topics presented. College students enrolled in undergraduate or postgraduate courses in IT, computer science, and, of course, cybersecurity, will also find this book appealing as important concepts such as unit testing, use of pointers, prepared statements, and much more are discussed in synthetic and simple terms.
Why Self-Publish?
This is my sixth book and the first one I decided to self-publish. Why did I decide to do so? First, I want to clarify that I have always had a great experience with every editor and publisher I worked with in the past. I am very proud of every single one of my books and the way they were produced and brought to market. Nonetheless, whenever I find my earlier books on the bookshelves of some major retailer, as well as on the main online portals, I always wish they were cheaper so that the average student or hobbyist could afford them without the need to double-check how much they have left in their wallet. Every author wishes for his or her work to be read and reach the widest possible audience. When my first book, On the Way to Fun
was included in a game design bundle on the well-known portal Humble Bundle
and, in a few weeks, sold almost 10,000 copies for $1+ together with several other excellent books, I was elated even if I did not receive a single cent as heavily discounted copies were not eligible for royalties.
When I started writing this book, I was aware from the beginning that this title was going to be an unusual one, as the concept of a zibaldone
is now foreign to most and many publishers would have likely been reluctant to risk on such an out of the box
idea. I decided this was the right time to experiment with self-publishing and see if being able to directly set the price and manage the whole process could effectively help me in reaching more people.
Let’s see how it goes. In the meantime, my most sincere thanks for giving this book a chance!
Disclaimer
The information provided in this book is for educational and informational purposes only. It is not intended to be a substitute for professional advice or services and should not be relied upon as such.
The author makes no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the information, products, services, or related graphics contained in the book for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will the author or publisher be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this book.
The views and opinions expressed in this book are those of the author and do not necessarily reflect the official policy or position of any agency or organization.
Any links to external websites and resources are provided for convenience only and do not imply endorsement or approval by the author or publisher of the content or the website.
Access to Code Examples
The sample code discussed in the book can be downloaded from the author’s GitHub repository at
https://github.com/rdillon73
Contents
About the Author
Introduction
Target Audience
Why Self-Publish?
Disclaimer
Access to Code Examples
Part I: Cyber World
The True Purpose and the Real Risks of Modern Technology
Best Practices to Stay Safe Online
Best Practices for Online Privacy
Cybersecurity Certifications: are they really useful?
User and Entity Behaviour Analytics
What is DevSecOps?
What is Zero-Trust?
The Role of Threat Intelligence
The Difference between Cyber Risk Management and Cyber Resilience
Becoming a Bug Bounty Hunter
Triaging a bug
What is CVSS?
The Cyber Kill Chain
Steganography: The Art of Hiding Secrets
The SCA Virus: my Computer was Alive!
The Morris Worm
Melissa, ILoveYou
Part II: Cyber Reviews
The Cuckoo’s Egg
by Cliff Stoll
Ghost in the Wires
by Kevin Mitnick
The Hacker and the State
by Ben Buchanan
The Art of Cyberwarfare
by Jon Di Maggio
Tron
(1982)
WarGames
(1983)
Sneakers
(1992)
Hackers
(1993)
Who Am I
(2014)
BlackHat
(2015)
Mr Robot
(2015-2019)
System 15000
(1984, AVS)
Uplink
(2001, Introversion Software)
Hacknet
(2015, Team Fractal Alligator)
Exapunks
(2018, Zachtronics)
NITE Team 4
(2019, Alice & Smith)
Part III: Hacker Inspired: AI-generated Artwork
To Computer Science
To Hackers
The Goddess
The Hacker
The Pub
Artwork in the style of Pablo Picasso
Artwork in the style of Amedeo Modigliani
Part IV: Hack Tricks
Alternate Data Streams (ADS)
An Old but still Dangerous Easter Egg
The ABC of Defending from XSS and SQLi
Understanding Pointers and Buffer Overflow in C
More on Pointers
Handling Exceptions in Python
Unit Testing in Python
A Self-Replicating Python Program
A Self-Deleting Python Program
Understanding Ransomware
Sheriff Python to the Rescue!
Making a fingerprint program like in NITE Team 4
Scraping the Web
Scraping Twitter for the latest Cybersecurity News
Writing a Keylogger in Python
From Py to Exe
Finding Login Pages and more with Google Dorking
Finding Webcams via Google Dorking and Shodan
Unit Testing in Java: Using JUnit
Powerful but Dangerous: Macros in MS Word
Steganography: Hiding Data in an Image
Steganography: Hiding Data like Mr Robot
In Search of Anonymity: Proxychains
Part V: CTF Walkthroughs
Neighbour: Exploiting IDOR Vulnerabilities
The Corridor: a More Challenging IDOR Example
Agent T, or the importance of using stable tools
The Greenholt Phish: Looking for Phishing Clues
Quotient: a Windows Privilege Escalation Example
References and Further Reading
Part I: Cyber World
In Cyber World
we will be discussing many different facets of technology and cybersecurity. I will clarify some important terms, demystify buzzwords, illustrate some significant trends, and explain my personal perspective on some important themes that are relevant to all of us, whether we are directly invested in technology or living it in a more passive way. There will also be the opportunity for some historical recollection. Enjoy!
The True Purpose and the Real Risks of Modern Technology
I have always embraced technology since the days I was a little kid, and I always saw technology as a positive force with one primary purpose: to enable us to be more efficient, or, in other words, to make our lives easier by making us smarter and more productive. This book is indeed a testimony to my love for technology, its culture, and its craft, as a professional developer as well as a cybersecurity researcher and a ‘hacker’ in the original sense of the word (i.e. someone who loves tinkering with technology in novel and original ways).
The era of smart devices and the internet of things (IoT) has, without a doubt, fulfilled