Rahul Tyagi is a self proclaimed "leading computer security and ethical hacking trainer" in India. He is affiliated with TCIL-IT CHD, an "IT division of TCIL (Telecommunications Consultants India Limited), a Govt. of India enterprise under Ministry of Communications & Information Technology" where he teaches their branded courses. These include the TCIL-IT "Certified Ethical Hacker", "Certified Penetration Tester", and "Certified Cyber Kid". He maintains a Facebook page, personal blog, LinkedIn profile, and Twitter feed (@rahultyagihacks).
His book, Hacking Crux 2, came to my attention several times. The first two were reports that his book contained plagiarism. The third was Tyagi asking me to review the book, to which I replied I did not have the time. Apparently, his name had not stuck in my name as someone that was reported to us, but ultimately it led me to purchase a copy of his book. Eventually, I took the time to review it and had a long string of emails with Tyagi asking about the plagiarism. All of those mails are being made available to emphasize that he denied plagiarizing many times, and ultimately blamed other people before finally admitting he may have.
His initial email to me was seeking a review of the book. Ignoring the plagiarism, the book is a poor attempt to teach hacking in every meaning of the word. The order of material is not logical and the topics are very broad which isn't suitable for a book that weighs in at only 165 pages (172 total, text starts on 7). Tyagi has a consistent lack of understanding of many topics he presents, relying on entire chapters that are primarily screenshots with a brief explanation of some tool of the day. Like many "hacking" books, it is a collection of tools that are often outdated by the time of publication, and that style of book has been the norm for some time. It is abundantly clear that Tyagi is not an expert on hacking, and doesn't have a real clue what it entails or what is really involved. If you see a "hacking" book explain how to send spam, that is a big warning sign you should stay away from it.
I reviewed the book "Rahul Tyagi's Hacking Crux 2: Hack The Hackers Before They Hack You", published by GyanKosh Publishers and Distributors (ISBN 9788192359601) for plagiarism. Despite Tyagi's claims that he wrote 92%, the book contains a considerable amount of plagiarized material that he simply did not write.
The following table details some of the portions of the book that were taken from other sources, making up a considerable amount of the material. Information is included to distinguish not only plagiarized material, but also what was done in an attempt to obscure the original source (e.g., removing text or credit). This shows willful infringement of copyright and inexcusable plagiarism. The book was spot checked for plagiarism; this does not constitute an exhaustive review.
| Ch/Pg | Description | Original Source |
| Ch2, p14, Para 4/5 | Description of "Network Scanner" | Verbatim from vendor page |
| Ch2, p16, Para 1 | Description of Nmap tool | Verbatim from vendor page |
| Ch4, p24 | Explanation of trojans and backdoors | Almost entire page from CEH Module 8 |
| Ch6, p38-39 | Two paragraphs on SQL Injection, entire section (1 full page) on "simple bypass authentication" | SQLi verbatim from Imperva's website, authentication bypass verbatim from CMS Wire article by John Conroy |
| Ch6, p39-42 | Cross-site Scripting section | Verbatim from Web Application Security Consortium. Tyagi made small edits to the URL examples in attempt to obscure original source. |
| Ch7, p45 | Intro paragraph on email forging/spoofing | Paragraph widely used on many sites. |
| Ch7, p49 | Spamming section | Mostly taken from Wikipedia |
| Ch7, p49-50 | Techniques of spamming | Verbatim from spam.gov.sa (PDF) |
| Ch7, p50 | Section on spamdexing | Mostly taken from previous work (similar work used in many other places) |
| Ch7, p50-51 | Spam on video sharing sites | Verbatim from Wikipedia |
| Ch7, p51 | XMS spamming section | Verbatim from spam.gov.sa (DOC) |
| Ch7, p52-54 | Email bombing section | Mostly taken from CERT |
| Ch8, p56-57 | Keylogger section | Verbatim from TechTarget |
| Ch8, p57 | Family Keylogger tool | Both paragraphs from New Scientist |
| Ch8, p60 | Secret questions paragraph | Verbatim from different New Scientist article |
| Ch11, p86-87 | Types of viruses | Verbatim from MakeUseOf article by Matt Smith |
| Ch11, p87-89 | Sample code of a fake virus, some text, and screenshot | Verbatim from MakeUseOf article by Tim Watson |
| Ch13, p95 | Section on Proxy Servers | Most of the 3 paragraphs from answers.com Wiki |
| Ch14, p105-106 | Penetration testing section | One paragraph and all bullets from SecPoint |
| Ch17, p157-158 | WiFi Attacks section | Some of the intro, the image, and most of 4 paragraphs from About Online Tips |
| Ch17, p159 | Explanation of protocols | HTTP intro paragraph from about.com FTP both paragraphs from about.com POP3 paragraph from msu.edu user page |
| Ch17, p163-164 | Working of a sniffer | Part of section from About Online Tips |
