Note: some of Tyagi's emails have been edited slightly due to his convoluted style of writing. It is often unclear where he is quoting material I said versus his own reply. He also will inject "Rahul Tyagi Wrote:" into his mails, making it appear as if it is quoted from a previous mail, when in fact it is the new reply. You can download a raw copy of the mail spool for the unedited mail to verify. All edits on this page are for style only , and do not alter content .

From: Rahul Tyagi (officialrahultyagi@gmail.com) To: security curmudgeon (jericho[at]attrition.org) Date: Mon, 28 May 2012 13:39:44 +0530 Subject: Thanks For Getting My Book Jerico I have mailed you few months back to have a look on my book, but you said that time that you are busy, but i am happy to send you this copy. and hope you will like it . Thanks -R-

From: security curmudgeon (jericho[at]attrition.org) To: Rahul Tyagi (officialrahultyagi@gmail.com) Date: Mon, 28 May 2012 03:12:57 -0500 (CDT) Subject: Re: Thanks For Getting My Book Jerico On Mon, 28 May 2012, Rahul Tyagi wrote: : I have mailed you few months back to have a look on my book, but you : said that time that you are busy, but i am happy to send you this copy. : and hope you will like it . Not sure when I will get a chance to read it, but figured I should grab it while available.

From: Rahul Tyagi (officialrahultyagi@gmail.com) To: security curmudgeon (jericho[at]attrition.org) Date: Mon, 28 May 2012 13:49:52 +0530 Subject: Re: Thanks For Getting My Book Jerico : :Not sure when I will get a chance to read it, but figured I should grab : :it while available. Rahul Tyagi Wrote: I would love if you personally check my book and give a independent review please if you can get some time i'll be very thankful to you.

From: security curmudgeon (jericho[at]attrition.org) To: Rahul Tyagi (officialrahultyagi@gmail.com) Date: Thu, 14 Jun 2012 19:26:22 -0500 (CDT) Subject: Re: Thanks For Getting My Book Jerico On Mon, 28 May 2012, Rahul Tyagi wrote: : I would love if you personally check my book and give a independent : review please if you can get some time i'll be very thankful to you. Did you write all of the material in this book yourself?

From: Rahul Tyagi (officialrahultyagi@gmail.com) To: security curmudgeon (jericho[at]attrition.org) Date: Fri, 15 Jun 2012 12:14:49 +0530 Subject: Re: Thanks For Getting My Book Jerico : Did you write all of the material in this book yourself? Rahul Tyagi Wrote: Yes from 17 chapters i tired my best to contribute from my side i contributed 92% of whole book , 5-8% part of the book is contributed by some of my students and some other friends, and two chapter cum articles are from guest writers Mr. Rishab Dhangwal(RFI Attack) and AMarjit Singh.( Wireless Attacks).

From: security curmudgeon (jericho[at]attrition.org) To: Rahul Tyagi (officialrahultyagi@gmail.com) Date: Fri, 15 Jun 2012 01:46:58 -0500 (CDT) Subject: Re: Thanks For Getting My Book Jerico On Fri, 15 Jun 2012, Rahul Tyagi wrote: : : Did you write all of the material in this book yourself? : : Rahul Tyagi Wrote: Yes from 17 chapters i tired my best to contribute : from my side i contributed 92% of whole book , 5-8% part of the book is : contributed by some of my students and some other friends, and two : chapter cum articles are from guest writers Mr. Rishab Dhangwal(RFI : Attack) and AMarjit Singh.( Wireless Attacks). I saw the couple of pages by Dhangwal on RFI, which you credited at the end. After skimming the firt half of the book this afternoon, I have to ask again. Are you sure you wrote everything else in this book, other than the two sections you identified?

From: Rahul Tyagi (officialrahultyagi@gmail.com) To: security curmudgeon (jericho[at]attrition.org) Date: Fri, 15 Jun 2012 12:35:27 +0530 Subject: Re: Thanks For Getting My Book Jerico Rahul Tyagi Wrote: As i told you before 92% of the book is written by me, and rest 5-8% except rishab and amrjit's articles were contributed by some of my students and my friends.Like some of spamming portion and wireless security portion where contributed by my students.

From: Rahul Tyagi (officialrahultyagi@gmail.com) To: security curmudgeon (jericho[at]attrition.org) Date: Fri, 15 Jun 2012 12:39:00 +0530 Subject: Re: Thanks For Getting My Book Jerico Rahul Tyagi Wrote: Hope you like the first portion of my book , i tried my best to deliver the best content in a easy way for the readers

From: security curmudgeon (jericho[at]attrition.org) To: Rahul Tyagi (officialrahultyagi@gmail.com) Date: Fri, 15 Jun 2012 11:06:01 -0500 (CDT) Subject: Re: Thanks For Getting My Book Jerico On Fri, 15 Jun 2012, Rahul Tyagi wrote: : Rahul Tyagi Wrote: As i told you before 92% of the book is written by : me, and rest 5-8% except rishab and amrjit's articles were contributed : by some of my students and my friends.Like some of spamming portion and : wireless security portion where contributed by my students. How about the section on SQL injection and Cross-site Scripting?

From: Rahul Tyagi (officialrahultyagi@gmail.com) To: security curmudgeon (jericho[at]attrition.org) Date: Sat, 16 Jun 2012 20:51:56 -0700 Subject: Re: Thanks For Getting My Book Jerico : How about the section on SQL injection and Cross-site Scripting? Rahul Tyagi Wrote:- Jerico can you please list all the section on which you have any problem, that would be easier for me to reply in single stance. and reply for this SQL Injection and Cross Site scripting i wrote that but to increase the section people behind book added more content.

From: Rahul Tyagi (officialrahultyagi@gmail.com) To: security curmudgeon (jericho[at]attrition.org) Date: Sat, 16 Jun 2012 21:22:28 -0700 Subject: Re: Thanks For Getting My Book Jerico The chapters which are from my hand not from any friend , content adder and others, are listed below you can check it out. 1. Introduction to Ethical Hacking 2. Information Gathering Techniques 3. Advance Google Hacking 4. Trojan and Backdoors 5. Binder and Crypters 7. Spamming and Email Forging techniques (Spamming section contributed by Miss dox my friend and forging techniques are all from me.) 8. Email Hacking 9. System Hacking 10. Stenography 11. Basics of Python 12. Virus 13. Proxy Server and VPN 14. Pentration Testing 15. Metasploit Framework 16. Hacking Mobile Phones 17. Wireless Network Attacks (By Amarjit Singh)

From: security curmudgeon (jericho[at]attrition.org) To: Rahul Tyagi (officialrahultyagi@gmail.com) Date: Mon, 18 Jun 2012 16:36:11 -0500 (CDT) Subject: Re: Thanks For Getting My Book Jerico On Sat, 16 Jun 2012, Rahul Tyagi wrote: : : How about the section on SQL injection and Cross-site Scripting? : Rahul Tyagi Wrote:- Jerico can you please list all the section on which : you have any problem, that would be easier for me to reply in single : stance. and reply for this SQL Injection and Cross Site scripting i : wrote that but to increase the section people behind book added more : content. I mentioned two specific chapters for you to reply to, and you have no said several times that you wrote it. In fact, you did not. You plagiarized the material from other people. Chapter 6, page 38 - SQL injection (2 paragraphs) taken from verbatim from http://www.imperva.com/resources/glossary/sql_injection.html. The full page of text on "simple bypass authentication from frontend" was taken from http://www.cmswire.com/cms/web-cms/how-they-hack-your-website-overview-of-common-techniques-002339.php or another article. Chapter 6, pages 39-42 - XSS section is all taken verbatim from http://projects.webappsec.org/w/page/13246920/Cross%20Site%20Scripting. The only edits you made were to the example URLs, to try to conceal the fact that it was not your work. These are not the only sections that contain material you plagiarized from other sources. Do you understand what an author does, specifically writing original material OR properly citing material taken from other places? Are you familiar with plagiarism? If you are, then why did you lie to me?

From: security curmudgeon (jericho[at]attrition.org) To: Rahul Tyagi (officialrahultyagi@gmail.com) Date: Mon, 18 Jun 2012 20:08:51 -0500 (CDT) Subject: Re: Thanks For Getting My Book Jerico On Sat, 16 Jun 2012, Rahul Tyagi wrote: : The chapters which are from my hand not from any friend , content adder : and others, are listed below you can check it out. I have finished reviewing the book. Based on a pretty quick check, there are over 20 instances of plagiarized content that I found. Given that a sizable portion of the book consists of large screenshots and very little text, it makes up a substantial amount. I am curious to receive a reply to my previous mail regarding this. For the parts that you appear to have written, it is clear that you have about the same grasp on "hacking" as Fadia and others. That is, you don't know the topic very well. Some of your claims and explanations make it clear that you do not understand how hacking has been done historically, nor do you go past the initial script kiddy junk that many people have been peddling for years. Other than your very basic familiarity with Backtrack, I don't think you understand a fraction of the topic. If I were to make a list of all the mistakes and shortcomings of the book, it would take me a full day or more. Every single part of this book seems to be junk honestly. Selling it under the advertising and claims you make on your web page is a disservice to your readers. The fact that you or Fadia teach people 'hacking', which is little more than glorified Windows tricks and how to use simple Windows programs, is laughable and in my opinion, borderline fraud. jericho

From: Rahul Tyagi (officialrahultyagi@gmail.com) To: security curmudgeon (jericho[at]attrition.org) Date: Mon, 18 Jun 2012 21:56:29 -0700 Subject: Re: Thanks For Getting My Book Jerico Well i respect your words jerico but i am nt agree with your last comment that it is junk, for a person who still do no know what is IP address , how can u teach him msf, and may be u r right but i have written this book by considering a begineer in india not in USA. rest i am nt a person who step back, and i am nt having shame of accepting my mistakes, if they exist, and one request one time instead of finding mistakes try to have a eye of beginr and then read the book. And you knw i cant stop you by doing anything even i will not, you can do whatever you want your steps will be welcomed from me anytime, but also read other chapters only website hacking is not in the race. And you consider my another ankit then i let u knw i was nt born in a golden spoon family like ankit. and if u really know me you will nt say it for sure. Rest up to you.

From: security curmudgeon (jericho[at]attrition.org) To: Rahul Tyagi (officialrahultyagi@gmail.com) Date: Tue, 19 Jun 2012 00:12:47 -0500 (CDT) Subject: Re: Thanks For Getting My Book Jerico On Mon, 18 Jun 2012, Rahul Tyagi wrote: : Well i respect your words jerico but i am nt agree with your last : comment that it is junk, for a person who still do no know what is IP : address , how can u teach him msf, and may be u r right but i have : written this book by considering a begineer in india not in USA. rest i : am nt a person who step back, and i am nt having shame of accepting my : mistakes, if they exist, and one request one time instead of finding : mistakes try to have a eye of beginr and then read the book. And you knw : i cant stop you by doing anything even i will not, you can do whatever : you want your steps will be welcomed from me anytime, but also read : other chapters only website hacking is not in the race. And you consider : my another ankit then i let u knw i was nt born in a golden spoon family : like ankit. and if u really know me you will nt say it for sure. Rest up : to you. First, you did not address my questions regarding plagiarism. Why not? After denying it three times, are you ready to admit you did not write significant portions of the book? Second, I am comparing you to Ankit based on your books and apparent knowledge. I don't care who had a privileged upbringing. You are both claiming to be experts, both claim to know hacking, and both wrote books on the topic. Third, I went through the entire book. My comments are based on that, not a limited view of web hacking only. Fourth, there are proper ways to teach a beginner, and this is not it. You jump all over the place, switching topics, covering them in an illogical order, and ultimately cover too many topics in a mere 170 pages. Look at Hacking Exposed (692 pages in 2005) or Maximum Security (896 pages in 2001) and consider they attempt to cover 'hacking' like you do. That many years back, and 3 - 5x more material than yours, with a LOT more content on each page. Do you really think that your book brought anything new to the table over other more recent books? I don't think so. I just don't understand why you, or Fadia, would think yourself an expert in security when it is clear you both come from the same poor technical background and misguided notion on both the breadth and depth of hacking.

From: Rahul Tyagi (officialrahultyagi@gmail.com) To: security curmudgeon (jericho[at]attrition.org) Date: Mon, 18 Jun 2012 22:25:58 -0700 Subject: Re: Thanks For Getting My Book Jerico So you did not find a single good point in this book, this is my last question from you ?

From: security curmudgeon (jericho[at]attrition.org) To: Rahul Tyagi (officialrahultyagi@gmail.com) Date: Tue, 19 Jun 2012 00:28:09 -0500 (CDT) Subject: Re: Thanks For Getting My Book Jerico On Mon, 18 Jun 2012, Rahul Tyagi wrote: : So you did not find a single good point in this book, this is my last : question from you ? Answer my question, and I will answer yours. : : First, you did not address my questions regarding plagiarism. Why not? : : After denying it three times, are you ready to admit you did not write : : significant portions of the book?

From: Rahul Tyagi (officialrahultyagi@gmail.com) To: security curmudgeon (jericho[at]attrition.org) Date: Mon, 18 Jun 2012 22:31:09 -0700 Subject: Re: Thanks For Getting My Book Jerico I replied it jerico i think you did not saw that in hurry, i told you in 17 chapters two chapters's content are contributed by my friends and students, spamming(By Miss Dox) and web applications, and also due to short content more content is being added by the content adder. except it Whole 15 chapters are written by me. and out of 17 chapters 15 are purely written by me.

From: security curmudgeon (jericho[at]attrition.org) To: Rahul Tyagi (officialrahultyagi@gmail.com) Date: Tue, 19 Jun 2012 00:35:19 -0500 (CDT) Subject: Re: Thanks For Getting My Book Jerico On Mon, 18 Jun 2012, Rahul Tyagi wrote: : I replied it jerico i think you did not saw that in hurry, i told you in : 17 chapters two chapters's content are contributed by my friends and : students, spamming(By Miss Dox) and web applications, and also due to : short content more content is being added by the content adder. except : it Whole 15 chapters are written by me. and out of 17 chapters 15 are : purely written by me. I read that. Then I disputed your claims and specifically cited two examples with where they were taken from. I also told you that I found over *20 instances* where material was plagiarized from other people. So what this tells me is that you either do not know what plagiarism means, or you do and are still denying it despite the evidence I have seen.

From: Rahul Tyagi (officialrahultyagi@gmail.com) To: security curmudgeon (jericho[at]attrition.org) Date: Mon, 18 Jun 2012 22:43:42 -0700 Subject: Re: Thanks For Getting My Book Jerico I know plagiarism jerico, and if you found the content which is plagiarized then what i can promise that in next printing slot the refrences would be there, but beside these chapters please also give credit for others chapters which are from my pen. Everyone have dark and white part and considering this book if you showing the mistakes from 2 or 3 chapters , i am ready to admin my mistake that from contributers i did not cross check from net that whether the content was plagiarized or not, but please if you think give credit for the rest chapters also, to make it a genuine review. and again as i told you i do not having any shame to accept the mistakes which are committed from me or any person which belongs to me. and if you provide me the sources i will definitely provide the source of the content in the next printing slot.

From: security curmudgeon (jericho[at]attrition.org) To: Rahul Tyagi (officialrahultyagi@gmail.com) Date: Tue, 19 Jun 2012 00:49:27 -0500 (CDT) Subject: Re: Thanks For Getting My Book Jerico On Mon, 18 Jun 2012, Rahul Tyagi wrote: : I know plagiarism jerico, and if you found the content which is : plagiarized then what i can promise that in next printing slot the : refrences would be there, but beside these chapters please also give : credit for others chapters which are from my pen. I found plagiarism in chapters 2, 3, 4, 6, 7, 8, 11, 13, 14, and 17. Several chapters were 80% screenshots with almost no text, and barely constitute 'authoring' a chapter. Further, I did not check every chapter. Seriously, it is difficult to give any credit here. I simply do not understand how you can go from denying plagiarism five times to saying you will properly cite it next time. There shouldn't be a next time! This book should be removed from the market and a refund offered to anyone that purchased it. Your entire carreer is based on 'ethical' hacking. It is time to put the ETHICAL to the test. : Everyone have dark and white part and considering this book if you : showing the mistakes from 2 or 3 chapters , i am ready to admin my See above, it isn't 2 or 3 chapters. It is at least 10 chapters, possibly more. That is *half the book*. : mistake that from contributers i did not cross check from net that : whether the content was plagiarized or not, but please if you think give This plagiarism is NOT from your contributors. This is in the chapters YOU repeatedly say you wrote. I really don't think you understand how bad this is.

From: Rahul Tyagi (officialrahultyagi@gmail.com) To: security curmudgeon (jericho[at]attrition.org) Date: Mon, 18 Jun 2012 22:53:24 -0700 Subject: Re: Thanks For Getting My Book Jerico : I found plagiarism in chapters 2, 3, 4, 6, 7, 8, 11, 13, 14, and 17. well if you found plagiarism from these above chapters then i hope you did not consider line by line text , if ettercap or another software having manual commands written in book that are static and will be on internet also as same . so will you consider it also as plagiarism. content.Because i can not change it of-course ?

From: security curmudgeon (jericho[at]attrition.org) To: Rahul Tyagi (officialrahultyagi@gmail.com) Date: Tue, 19 Jun 2012 01:00:10 -0500 (CDT) Subject: Re: Thanks For Getting My Book Jerico On Mon, 18 Jun 2012, Rahul Tyagi wrote: : : I found plagiarism in chapters 2, 3, 4, 6, 7, 8, 11, 13, 14, and 17. : well if you found plagiarism from these above chapters then i hope you : did not consider line by line text , if ettercap or another software : having manual commands written in book that are static and will be on : internet also as same . so will you consider it also as plagiarism. : content.Because i can not change it of-course ? I am not talking about one or two lines, or just command examples. As I already told you, as *one* example; Chapter 6, pages 39 - 42, all three full pages of text (several hundred words) were taken almost verbatim from the http://projects.webappsec.org/w/page/13246920/Cross%20Site%20Scripting article. Worse, you modified the example URLs from that article in an attempt to hide the fact that the material was not yours. That is full-on, wide-scale plagiarism that is inexcusable and unethical. You simply can't just reference the original if you re-print this book either. You must obtain permission from the original author if you are to use that much text. Otherwise, you can only use very small chunks of it, that fall under "fair use". When I have time, I will write up the full details in an article that covers the plagiarism and contact your publisher.

From: Rahul Tyagi (officialrahultyagi@gmail.com) To: security curmudgeon (jericho[at]attrition.org) Date: Mon, 18 Jun 2012 23:03:25 -0700 Subject: Re: Thanks For Getting My Book Jerico No issues jerico, you again and again considering Website Chapter . as i told you it is not from me but rest chapters are from me and if you found any plagiarized content in that then i am ready to admit and and will give credit to each source that is my promise but if it is plagiarized :).

From: Rahul Tyagi (officialrahultyagi@gmail.com) To: security curmudgeon (jericho[at]attrition.org) Date: Mon, 18 Jun 2012 23:10:56 -0700 Subject: Re: Thanks For Getting My Book Jerico and also tell me so when i can see my self and this conversation on attrition ?

From: security curmudgeon (jericho[at]attrition.org) To: Rahul Tyagi (officialrahultyagi@gmail.com) Date: Tue, 19 Jun 2012 01:13:39 -0500 (CDT) Subject: Re: Thanks For Getting My Book Jerico On Mon, 18 Jun 2012, Rahul Tyagi wrote: : No issues jerico, you again and again considering Website Chapter . as i : told you it is not from me but rest chapters are from me and if you You said on June 16: "... and reply for this SQL Injection and Cross Site scripting i wrote that but to increase the section people behind book added more content." You said on June 15: "Rahul Tyagi Wrote: As i told you before 92% of the book is written by me, and rest 5-8% except rishab and amrjit's articles were contributed by some of my students and my friends." Since you are changing your mind on which parts you wrote, here is another example: Chapter 8, pages 56-57 on keyloggers. This is two pages taken verbatim from http://searchmidmarketsecurity.techtarget.com/definition/keylogger. Chapter 11, pages 86-87 on types of viruses. This is two pages taken verbatim from http://www.makeuseof.com/tag/types-computer-viruses-watch/. Chapter 14, pages 105-106 on penetration testing. One intro paragraph and all of the bulleted paragraphs from http://www.secpoint.com/what-is-penetration-testing.html. Chapter 17, pages 157-158 on WiFi attacks. Some of the introduction, the image, and most of the four paragraphs taken from http://www.aboutonlinetips.com/wi-fi-security-how-to-secure-your-wi-fi-network/. So it appears that both you and your students have plagiarized. If you want to share their names and which pages they wrote, I will be glad to include it in my article. : found any plagiarized content in that then i am ready to admit and and : will give credit to each source that is my promise but if it is : plagiarized :). I don't know how many times I can say this. TEN CHAPTERS, maybe more, contain plagiarized material. You said you wrote 92% of the book. Do the math! That means the material you claimed to have written, was in fact plagiarized.

From: security curmudgeon (jericho[at]attrition.org) To: Rahul Tyagi (officialrahultyagi@gmail.com) Date: Tue, 19 Jun 2012 01:14:29 -0500 (CDT) Subject: Re: Thanks For Getting My Book Jerico On Mon, 18 Jun 2012, Rahul Tyagi wrote: : and also tell me so when i can see my self and this conversation on : attrition ? Yes, I will include our correspondence as well as the article that summarizes the plagiarism and gives my general opinion of the book. It should be up by the end of the week.