I would like to start a discussion on things you would like to see in the new STAR section. Is there a certain tool that you would like to see featured or an INFOSEC/Hacker person you would like to see profiled. I can not guarantee it will make it into the book. I will try to at least see if we can get it included here. We will have guest bloggers who can expand on tools and hacking techniques. So get ready for that it should be coming soon.
When I picked up the book, I expected the STAR content to be discussion about the attacks in the story. One of the things I addressed in my original review is how there wasn't a very strong connection between the two sections. Part of this is that, as we know now, it wasn't content created for the book, so it couldn't be very close to it. Even beyond that, though, there were lots of sections in STAR that had nothing to do with attacks in the story, and attacks and techniques in the story that had no reference in STAR.
I'd rather see the number of sections in STAR limited to those that directly relate to the story, and see the formerly wasted space used on more detail on *those* attacks and tools. That way, the reader can drill in as far as they want to.
So maybe the first thing to do is catalog the attacks, tools, areas of infosec that are in the story, and compare that to the original STAR's section headings.
I think that exploring different types of methodologies for hackattacks would allow the readers to analyze specific functions required; further, they can synthesize the components for greater efficiency and newer concepts.
Breaking tactics for hackattacks apart and combining them with different information.
By creating a narrative to link different methods with practical results (Information gathered by interviews, in addition to our own experiences), skiddies might actually take the time to learn what they're using... Maybe...
Let me first mention I was excited as all get-out about this book, and I had my pre-order for it placed in mid-July and loved the story. I wasn't dissapointed. I'm even more excited about the new STAR section. I agree with everything said so far, and would like to throw something else out too. Like on page 40 when Leon is watching the FORB1DD3N network with Wireshark. To Wes' point, there's a connection to Wireshark in the STAR 2.0 section because it directly relates to the story. So they see a binary transfer going. Would it be going too far to mention in a description of Wireshark in the STAR section that "Leon didn't need to do so at the time, but he could have grabbed the whole binary if his session was started in time by" and then going into grabbing a binary out of a Wireshark capture. So going even a *little* further into what can be done with the tools based on what's happening in the storyline. Or some "what ifs" based on what's transpiring in the story - Space permitting, but also to Wes' point - there's most likely space that will be freed up. I'd need to read thru the story again to see how much more of what I described could be done, and I don't know if that's going *too* technical in that example for the target audience. But that's one of my two cents.
Thank you Jeff and everyone else for this feedback. That is an excellent observation I will bring this up with Marcus. Another great aspect of this site and the new STAR section is that you will be able to directly add these to the discussion. When the new chapters are published here, we will have every chapter in its own thread. Then you will be able to post addendum's and insights on that chapter (it will be moderated though) ;-)
I'm excited. Again, I really did like the book and loved the story (my nym on twitter is @infosec208 so you may remember my pestering). Another book that tied a story in (although Dissecting the Hack is layed out differently and has much more of a story) was Chained Exploits. I liked it also in that it was story based and tools were integrated in (it's focus I believe was on the tools?) IMHO way to advanced by the board members and C-level folks, but I don't think that was the intended audeince. That's where breaking the story out from STAR is such a great approach.
Dissecting the Hack is a book that I've had a couple of doctors and an accountant read, and then I talked to them at length about it. To be honest, I didn't really use the STAR section with those guys and 1 gal. I just explained to them how I would do the same types of stuff to their networks.
Once again thank you ;-) you are the very reason I wrote the book in the first place. There is a communication gap right now between the people who can fix the problem and the people who can approve the budget for the people to fix the problem. I want this series to be that bridge to help both sides understand the nature of the problem and to find a common ground (discussing the book) to start that much needed communication. Thanks to you and all the others who are supporting this project.
[Will present this at local Defcon 414 in December 2015 and post slideshow here]I have successfully done this over a dozen times - once for my girlfriend on a flight, sending her the credentials via email.I MUST classify this as a "social engineering" hack despite several modifications to the boarding pass - which seems to be NOT associated with this airline's information other than flight number, date, time, and passenger name. Nobody checks, nor has the ability to check when you board the…See More