Outils pour utilisateurs

Outils du site


issue149:critique_litteraire

Ceci est une ancienne révision du document !


Website: https://nostarch.com/linuxbasicsforhackers Author: Occupy the web Price: $34.95 At first I did not want to read this book at all. Two reasons: I judged the book by its cover (hey, who has not?), and it was being reviewed by so many other people online, another review would be pointless. Let’s touch on reason one. The cover is supposed to depict a “hacker” who is an angry teenager (clothing) who is a penguin, suggesting Linux is bad. This ties into the F.U.D. that had been created around Linux. When I recently suggested a customer switch to Linux – as they do nothing Windows-specific, they were shocked by the suggestion as they would come under suspicion for illegal hacking software…. WHAT? Let us not even go to the “author” naming himself “occupy the web”. This sounds more ominous than the title of the book. To most people this book screams to be avoided. (Myself included, as I would have said this is a script-kiddie book, without reading it).

But with so many people actually reviewing it, could I still ignore it? See: https://distrowatch.com/weekly.php?issue=20190128#book Instead of these top down reviews, I will give you a chapter by chapter review, to better understand the book. First, something about Kali Linux. Kali Linux is one of the few security distributions not from Italy. It originates in Switzerland and is considered the de-facto standard for teaching penetration testers.

I am not going to harp on about ethical hacking, information is neither good nor evil, instead we jump right into the introduction. “What’s in this book” lays out each chapter for your perusal. If you feel you have mastered the basics, this lets you jump ahead with a clearer understanding of what you are letting yourself in for, than, say, an index. If you are a regular Full Circle reader, you can skip the rest of the chapter and go to one. A good breakdown of Kali Linux is given and examples are clear, with the last instruction being : “ go play now!” The second chapter felt a bit light and short, but you have to remember that this book is aimed at people who need to get up to speed with Linux quickly. The third chapter touches on Linux networking and “disguising yourself” - but the latter is not the case. No Proxy chaining, or DNS query encryption, etc, (though proxy chains are touched upon in later chapters). Chapter four is about apt in a nutshell. If you know how to install and update software, you can give this one a skip. For the regular Full Circle reader, the exercises may feel dumb, but again, you are not the target audience. If you are not afraid of your command-line, there is nothing new in the book.

Chapter five, with file and folder permissions, can thus also be skimmed. Chapter six is processes, and I dare say that it sometimes does not seem so ‘white hat’. “A hacker often will need to find processes on the target they want to kill, such as the antivirus software or a firewall.” - judge for yourself. Chapter seven takes us to the environment variables, nothing you did not know, and no interesting snippets, nor code examples, nor exercises. Chapter eight is where the real hands-on approach starts, with bash scripting, but do not expect much. The constant references to ‘hackersarise’ website is the author’s home page. Throughout, the book is very basic, but also illustrates that Linux is not difficult at all. Chapter nine is compression, zip, gzip, tar, etc, and then touches on the dd command. In chapter ten, it is devices and file systems, touching very lightly on each. I feel that the information presented is a bit light in the pants. A “hacker” would encounter old systems too and has to know tools that are not available in Kali, that may be on the target systems, but no mention of that. Like in the following chapter regarding logging, chapter 11. Do not misunderstand; the information presented is ‘spot on’, but not all distributions store logs where Kali Linux does.

Again we move out of “ethical hacking” territory as was pushed in the beginning of the book to more “black hat” way of writing: “ Once you’ve compromised a Linux system, it’s useful to disable logging and remove any evidence of your intrusion in the log files to reduce the chances of detection.” Chapter 12 takes us into services, but does not touch systemctl? This book provides just enough information to actually be a danger to yourself if you would use it as a ‘hacking manual’. Chapter 13, becoming secure and anonymous, also has the basics, but does not touch the engineering part, or explain that most ‘hackers’ are caught hacking from home. Encrypted email is covered, but not anonymous email. Chapter 14 is Wi-Fi networks, which covers some of the basics and some of the tools, albeit very shallow coverage. Chapter 15 is kernel modules and it is at this stage that I wonder if the intent of the book is for you to break stuff, so you can learn by fixing them. This is a very rewarding, but also very frustrating way to learn. Here is a very brief touch on sysctl as the chapter would be broken without it. Only five exercises here, as it is not ‘hacking’ related really. Chapter 16 is Cron jobs, more or less.

When we get to chapter 17, it is touted as “python scripting basics” - which is really, really basic, then jumps into ‘building a TCP client’, which maybe can be said to be the practical part of the book. This book pretends to be a primer on Linux for ethical hackers, but does not stand in one camp, either be a manual on basic Kali Linux usage, or basic hacking, or concepts, but it is neither. This book is a waste of time for anyone who has encountered the command-line, rather it is a look into what hacking / Linux is about for the layperson. It is not practical as laid out in the Distrowatch link given at the start; in fact, the exercises feel bolted on as an afterthought. The book did touch on Apache and Raspberry pi, here and there, but there is never enough ‘hacking’ information given. I got through the book in one sitting, so it is very lightweight, that said, the price tag is hefty. I cannot in good conscience give this book more than two stars. (If it was not so easy to read, I’d give it one).

issue149/critique_litteraire.1571117939.txt.gz · Dernière modification : 2019/10/15 07:38 de d52fr