Book Review: Go H*ck Yourself: A Simple Introduction to Cyber Attacks and Defense
Book Review: Go H*ck Yourself: A Simple Introduction to Cyber Attacks and Defense. By Bryson Payne. Publisher: No Starch Press; https://nostarch.com; 192 pages; $22.99
Go H*ck Yourself: A Simple Introduction to Cyber Attacks and Defense provides a great introduction to cybersecurity that includes both theory and hands-on practice. While cybersecurity has a significant technical aspect, the book also discusses physical risk and social engineering. Before discussing specific attacks, it gives a definition of hacking, the reason to hack yourself, and where the ethical boundaries are. The ultimate purpose of this book is to educate all to perform reasonable self-defense from malicious attacks.
The book explores the difference between security through obscurity and security by design through a browser password text field scenario. Anyone could reveal your password by doing a simple “hack” at the browser. Additional chapters discuss the importance of physical security of IT assets (e.g., laptop) and how someone could exploit known bugs if they were to have physical access.
The book discusses Kali, which is a distribution of the GNU/Linux operating system designed for cybersecurity professionals. Readers can learn how to set up a hacking lab using Kali through a virtual machine (VM) setup. There are alternatives to this operating system as well, such as Parrot which has a similar design. Other topics in the book include social engineering, how to clone websites for credential harvesting, and sending phishing emails that could trick victims into accessing cloned websites. Demonstrations of how to produce malware using a metasploit framework and use phishing emails are also presented.
I recommend this book for an audience with a basic level of computer skills and knowledge of networking concepts.
Reviewer: Rex Lam, CPP, PSP, is a senior consultant of Guardian Forest Security based in Hong Kong and operates in the APAC area. Lam holds multiple certifications, including the CPP, PSP, and CompTIA PenTest+, as well as a computer engineering degree. He is the Hong Kong chapter’s chairman and participates on the IT Security Community’s steering committee.