The Hacker's Zibaldone

By Roberto Dillon

A "zibaldone" is a type of book that originated in 14th Century Italy, typically used as a notebook to collect notes, ideas, and observations on a wide range of subjects.
True to its original name, "The Hacker's Zibaldone" is not just another cybersecurity book. It's a holistic, practical, and fun introduction to this challenging world by means of a varied collection of tutorials, reviews, insights, code snippets, walkthroughs, stories, and recommendations where everyone, from students and hobbyists to seasoned professionals will find something unexpected, curious and new.

A wide range of cybersecurity topics is covered, including:

* Introductions to basic concepts, terminology, and principles
* Tutorials and best practices
* Instructive code snippets
* Step-by-step walkthrough of online CTF challenges
* Reviews of cybersecurity-related books, movies, and games

and even some original AI-generated and hacker-themed stories and artwork!

• Language: English
• Publisher: Roberto Dillon
• Release date: May 25, 2023
• ISBN: 9798223059554

Book preview

About the Author

Associate Professor Roberto Dillon holds a Ph.D. in Computer Engineering from the University of Genoa (Italy) and a Certificate in Cybersecurity from the Rochester Institute of Technology (USA). He has published several books for CRC Press, AK Peters, and Springer. He is an (ISC)² Member and an IEEE Senior Member with many years of experience in game design and cybersecurity, which were his passions since the mid-1980s when he began programming text adventure games on a Commodore 64.

Prof. Dillon has been invited to speak at major international events such as the Game Developers Conference in San Francisco and TEDx in Milan, among many others. Currently, he serves as the Academic Head of the School of Science and Technology at James Cook University Singapore. In 2013, he founded the first Computer Game Museum in Southeast Asia. Additionally, he teaches subjects such as Behavioral Cybersecurity for the dedicated Bachelor's degree in Cybersecurity that he designed and launched in 2020, in collaboration with various industry partners.

Bibliography:

As Author:

On the Way to Fun (AKPeters, 2010)

The Golden Age of Video Games: the birth of a multi-billion dollar industry (CRC Press, 2011)

HTML5 Game Development from the Ground Up with Construct 2 (CRC Press, 2014)

Ready: a Commodore 64 Retrospective (Springer, 2015)

2D to VR with Unity5 and Google Cardboard (CRC Press, 2017)

The Hacker’s Zibaldone: Tutorials, Concepts, and Insights on Cybersecurity (2023)

As Editor:

Teaching and Learning with Technology (World Scientific, with Lee Ming Tan, 2016)

The Digital Gaming Handbook (CRC Press, 2020)

Digital Transformation in a Post-Covid World: Sustainable Innovation, Disruption, and Change (CRC Press, with A. Kuah, 2021)

Introduction

I got the idea for this book after starting my cybersecurity blog on Medium¹ and I realized that short, blog-style articles can still be tied together like pieces of a jigsaw puzzle to tell a more complex and articulated story in a highly digestible format. With our often frenetic lifestyles, we need something concise and spot-on that we can read while commuting, something we can enjoy by randomly picking up an article to discover something new and curious. Such an agile, blog-style format seems like an excellent choice to achieve just that even for the old-fashioned printed page. Even better, this printed book won’t even drain your smartphone battery (unless you are reading the e-book format)!

In any case, grouping many different things together is not something new: the concept of a zibaldone, or a heap of things in plain English, is very ancient and dates back to several hundred years ago, when merchants first and then poets, used to write down all their various notes, observations, and compositions together in a single volume.

Can this approach still work in the XXI Century for a technically complex and vast field such as cybersecurity? Well, that is what I wanted to find out with this project, which ideally also wants to bridge the online world to the printed page as it includes a few revised and expanded articles from my own blog as a starting point to progress in many different directions. In particular, the book is articulated into five different parts.

Part I, Cyber World, provides introductions to basic concepts, terminology, and best practices as well as some historical recollections of early cybersecurity incidents, to introduce the reader to the modern cybersecurity jargon and issues.

Part II, Cyber Reviews, instead, introduces the cyber security world from a completely different perspective, i.e. via the fictional lenses of movies, books, and games. Both retro and modern examples of famous creative works, as well as a few hidden gems, will be discussed to capture the readers’ attention and bring them into this exciting world.

Part III, Hacker Inspired: AI-generated Artwork adds a fictional component to the book by introducing creative uses of the latest AI technologies to engage the reader in hacker’s inspired poems, short stories, and even paintings in the style of famous artists. The goal of this section, besides its entertainment value, is to make the reader reflect on the great progress we have achieved in the AI field in the past few years but also to consider its current shortcomings and the huge work that is still ahead for creating believable artwork.

Part IV, Hack Tricks, is the more technical part of the book and it is designed to complement Part I to offer practical tutorials, insights, and code snippets in C, Python, and more. Here the reader is introduced to fundamental concepts related to cybersecurity and secure coding, from exception handling to unit testing, from writing code able to thwart common web attacks to understanding how malware is written and achieves its nefarious purposes. 

Part V, CTF Walkthroughs, is the most hands-on section. It concludes the book by introducing the very popular Try Hack Me online platform and offers a series of step-by-step tutorials to solve a few CTF challenges so that readers can be guided in a reflective way to experience hacking first-hand in a safe and well-presented online virtual environment.

Target Audience

The main target audience of the book includes hobbyists who want to learn new concepts, reflect on current trends, and refine a few more technical aspects. Industry professionals may also find some food for thought by exploring several of the topics presented. College students enrolled in undergraduate or postgraduate courses in IT, computer science, and, of course, cybersecurity, will also find this book appealing as important concepts such as unit testing, use of pointers, prepared statements, and much more are discussed in synthetic and simple terms.

Why Self-Publish?

This is my sixth book and the first one I decided to self-publish. Why did I decide to do so? First, I want to clarify that I have always had a great experience with every editor and publisher I worked with in the past. I am very proud of every single one of my books and the way they were produced and brought to market. Nonetheless, whenever I find my earlier books on the bookshelves of some major retailer, as well as on the main online portals, I always wish they were cheaper so that the average student or hobbyist could afford them without the need to double-check how much they have left in their wallet. Every author wishes for his or her work to be read and reach the widest possible audience. When my first book, On the Way to Fun was included in a game design bundle on the well-known portal Humble Bundle and, in a few weeks, sold almost 10,000 copies for $1+ together with several other excellent books, I was elated even if I did not receive a single cent as heavily discounted copies were not eligible for royalties.

When I started writing this book, I was aware from the beginning that this title was going to be an unusual one, as the concept of a zibaldone is now foreign to most and many publishers would have likely been reluctant to risk on such an out of the box idea. I decided this was the right time to experiment with self-publishing and see if being able to directly set the price and manage the whole process could effectively help me in reaching more people.

Let’s see how it goes. In the meantime, my most sincere thanks for giving this book a chance!

Disclaimer

The information provided in this book is for educational and informational purposes only. It is not intended to be a substitute for professional advice or services and should not be relied upon as such.

The author makes no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the information, products, services, or related graphics contained in the book for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

In no event will the author or publisher be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this book.

The views and opinions expressed in this book are those of the author and do not necessarily reflect the official policy or position of any agency or organization.

Any links to external websites and resources are provided for convenience only and do not imply endorsement or approval by the author or publisher of the content or the website.

Access to Code Examples

The sample code discussed in the book can be downloaded from the author’s GitHub repository at

https://github.com/rdillon73

Contents

About the Author

Introduction

Target Audience

Why Self-Publish?

Disclaimer

Access to Code Examples

Part I: Cyber World

The True Purpose and the Real Risks of Modern Technology

Best Practices to Stay Safe Online

Best Practices for Online Privacy

Cybersecurity Certifications: are they really useful?

User and Entity Behaviour Analytics

What is DevSecOps?

What is Zero-Trust?

The Role of Threat Intelligence

The Difference between Cyber Risk Management and Cyber Resilience

Becoming a Bug Bounty Hunter

Triaging a bug

What is CVSS?

The Cyber Kill Chain

Steganography: The Art of Hiding Secrets

The SCA Virus: my Computer was Alive!

The Morris Worm

Melissa, ILoveYou

Part II: Cyber Reviews

The Cuckoo’s Egg by Cliff Stoll

Ghost in the Wires by Kevin Mitnick

The Hacker and the State by Ben Buchanan

The Art of Cyberwarfare by Jon Di Maggio

Tron (1982)

WarGames (1983)

Sneakers (1992)

Hackers (1993)

Who Am I (2014)

BlackHat (2015)

Mr Robot (2015-2019)

System 15000 (1984, AVS)

Uplink (2001, Introversion Software)

Hacknet (2015, Team Fractal Alligator)

Exapunks (2018, Zachtronics)

NITE Team 4 (2019, Alice & Smith)

Part III: Hacker Inspired: AI-generated Artwork

To Computer Science

To Hackers

The Goddess

The Hacker

The Pub

Artwork in the style of Pablo Picasso

Artwork in the style of Amedeo Modigliani

Part IV: Hack Tricks

Alternate Data Streams (ADS)

An Old but still Dangerous Easter Egg

The ABC of Defending from XSS and SQLi

Understanding Pointers and Buffer Overflow in C

More on Pointers

Handling Exceptions in Python

Unit Testing in Python

A Self-Replicating Python Program

A Self-Deleting Python Program

Understanding Ransomware

Sheriff Python to the Rescue!

Making a fingerprint program like in NITE Team 4

Scraping the Web

Scraping Twitter for the latest Cybersecurity News

Writing a Keylogger in Python

From Py to Exe

Finding Login Pages and more with Google Dorking

Finding Webcams via Google Dorking and Shodan

Unit Testing in Java: Using JUnit

Powerful but Dangerous: Macros in MS Word

Steganography: Hiding Data in an Image

Steganography: Hiding Data like Mr Robot

In Search of Anonymity: Proxychains

Part V: CTF Walkthroughs

Neighbour: Exploiting IDOR Vulnerabilities

The Corridor: a More Challenging IDOR Example

Agent T, or the importance of using stable tools

The Greenholt Phish: Looking for Phishing Clues

Quotient: a Windows Privilege Escalation Example

References and Further Reading

Part I: Cyber World

In Cyber World we will be discussing many different facets of technology and cybersecurity. I will clarify some important terms, demystify buzzwords, illustrate some significant trends, and explain my personal perspective on some important themes that are relevant to all of us, whether we are directly invested in technology or living it in a more passive way. There will also be the opportunity for some historical recollection. Enjoy!

The True Purpose and the Real Risks of Modern Technology

I have always embraced technology since the days I was a little kid, and I always saw technology as a positive force with one primary purpose: to enable us to be more efficient, or, in other words, to make our lives easier by making us smarter and more productive. This book is indeed a testimony to my love for technology, its culture, and its craft, as a professional developer as well as a cybersecurity researcher and a ‘hacker’ in the original sense of the word (i.e. someone who loves tinkering with technology in novel and original ways).

The era of smart devices and the internet of things (IoT) has, without a doubt, fulfilled