(Part 2) Best computer hacking books according to redditors
We found 171 Reddit comments discussing the best computer hacking books. We ranked the 40 resulting products by number of redditors who mentioned them. Here are the products ranked 21-40. You can also go back to the previous section.
I've got the The Hackers Underground Handbook as an eBook I could send you if you're interested.
I mean, the requirements are all spelled out for you in the job description:
KNOWLEDGE, SKILLS, ABILITY(IES):
-----
You need to analyze each of those bullet points and expand on what they mean.
Let's look at the first, and very significant bullet point:
> Knowledge building out a complete IoT solution stack
It should be noted that else where in the job description, the concept of IoT as a component of Smart Cities is added to the conversation.
> identifying gaps with current platform and developing plans to fit those gaps
Gaps in an IoT platform... so some infrastructure and software development systems integration is expected.
You will need to be comfortable with large scale systems design work.
What is a large scale system, and how does one design one? Perhaps starting with smaller scale first might be a wise path...
-----
Now lets take some of those buzzwords and explore them:
https://www.amazon.com/dp/0393082873
https://www.amazon.com/dp/1498702767
https://www.amazon.com/dp/0262527731
http://www.amazon.com/We-Are-Anonymous-LulzSec-Insurgency/dp/B00EBFJ5SI
There used to be a copy of this in my office. It's every bit as bad as it looks!
I wrote a book a little over a year ago to answer exactly these types of questions...
https://www.amazon.com/Hacker-Ethos-Beginners-Ethical-Penetration/dp/1523764368
There is a free preview with 100 pages from one of my early drafts if you want a sneak peek at what you'd be reading...
https://drive.google.com/file/d/0B8JvWS_y2CHqZ2EwWG9pcENjazQ/view
Reading the subreddits is certainly helpful as well. I would definitely recommend building your own lab of vulnerable machines to practice. You can get plenty of these from Vulnhub.com
Of course, you'll need some tutorials, chiefly of which I recommend www.cybrary.it, an excellent site for tutorials on all things security and infosec, including pentesting.
Other books I highly recommend...
Good luck, OP hat-tip
If you are interested in this topic I highly recommend reading The future of violence which doesn't just go into warfare, but stuff relevant to shadowrunning.
In short, yes, the 6th world's advanced tech does represent a massive pradigram shift because violence is in theory totally anonymous now and completely unpreventable, which is actually pretty much the canon's official stance on things as well, though to a much lesser degree.
After reading this book you may have a new appreciation for how utterly gamechanging the idea of a smartgun platform is, forget about fully mobile drones. Riggers frankly should be a way bigger deal in setting because of their capacity for completely anonymous murder that can't be stopped without serious compromises to day to day society that would make even the corporate court blush.
Thank you :)
I can't put into words what I find meaningful about my game, I find it difficult to express these things. I'm working on it.
The book is https://www.amazon.es/Hacker-Edición-Biblia-Teresa-Jimeno/dp/8441530157
I have some experience with attacking password hashes and I want to clear a few things up regarding password strength. While I'm by no means an expert, I have actually performed these attacks against passwords I've generated and hashed myself.
It seems like the linked source is mostly talking about how long it takes to brute-force, which is far from the only way to get a password. I did check the expected brute-force times and they are mostly accurate, but they are certainly falling behind. My GTX 1070 is expected to crack all 8-character md5 hashes in about 4.5 days at 16 gigahashes/second compared to the 2015 estimate they used of 11 GH/s. It's no quad-TitanX build, but it's strong enough to illustrate the widening gap.
But I think it's important to understand that real password attacks are much, much more sophisticated than a raw brute-force, and keyspace can be drastically reduced by taking advantage of the flawed ways that people try to "strengthen" their passwords. I'll bold it so it's clear: Number of characters is not an effective assessment of password strength unless they are generated randomly. Let's use some of the passwords from the source as examples. "security1" is an uncommon English word with one number - a common password pattern and an easy dictionary+digit mask attack. "P@ssw0rD", aside from likely being in many top X password wordlists itself since it's a mutation of "password", is a common word with the first and last letters capitalized and has a few very common replacements(a->@ and o->0), and would easily be caught in a dictionary+rule attack. It doesn't matter that your password is 10 characters long when it's a somewhat common 6-character name + a year. Massive real-world password dumps like rockyou also change things significantly and make raw wordlist and wordlist+rule or mask attacks much more effective.
The hashcat wiki has a lot of information about intelligent attacks against password hashes. There is also a great book about it, Hash Crack.
As you mentioned, diceware is one of the best ways to generate a passphrase, with a keyspace of 7776^(number of words), assuming that we know that it's a diceware password. Five words is stronger than most real passwords. Seven to ten words is basically uncrackable with current technology and should stay that way for a few years. Best of all, it's very easy to remember.
Secrets of a Super Hacker by Knightmare
Here's a few to try:
In the Beginning...Was the Command Line: https://www.amazon.com/dp/B0011GA08E/?coliid=I2AX4MNAR89GW9&colid=1J9YDKJ5WZ8PB&psc=0&ref_=lv_ov_lig_dp_it
The Friendly Orange Glow:
https://www.amazon.com/dp/1101973633/?coliid=IEUJX5OOWTAUK&colid=1J9YDKJ5WZ8PB&psc=1&ref_=lv_ov_lig_dp_it
ROLM: https://www.amazon.com/dp/B00KGID6WU/?coliid=I1AQGJ83D1GS48&colid=1J9YDKJ5WZ8PB&psc=0&ref_=lv_ov_lig_dp_it
Apple: https://www.amazon.com/dp/B00295MJHG/?coliid=I1Q8J5K347MYXY&colid=1J9YDKJ5WZ8PB&psc=0&ref_=lv_ov_lig_dp_it
Apple: https://www.amazon.com/dp/0986832278/?coliid=I1I3Q5B2K8YST7&colid=1J9YDKJ5WZ8PB&psc=1&ref_=lv_ov_lig_dp_it
Apple: https://www.amazon.com/dp/0393330435/?coliid=I3IE3KZUF3E6WN&colid=1J9YDKJ5WZ8PB&psc=1&ref_=lv_ov_lig_dp_it
TRS 80: https://www.amazon.com/dp/B004P8JNIS/?coliid=IUCSUMJN8ZWU8&colid=1J9YDKJ5WZ8PB&psc=0&ref_=lv_ov_lig_dp_it
Compaq: https://www.amazon.com/dp/B00DTEZ56I/?coliid=I259B8WXOE9LHT&colid=1J9YDKJ5WZ8PB&psc=0&ref_=lv_ov_lig_dp_it
Where Wizards Stay Up Late: The Origins Of The Internet : https://www.amazon.com/dp/B000FC0WP6/?coliid=I28FZRAZ0WF3CA&colid=1J9YDKJ5WZ8PB&psc=0&ref_=lv_ov_lig_dp_it
Here's a quick primer for the chemistry of baking.
For a lot more (and a generally fun read), I can recommend this book.
> WAHH is still updated with newer editions
I tried again and can't find anything newer than the 2011 2nd edition. Do you have a newer Amazon link, publication year, or something for a newer edition of WAHH?
I did find newer works in the same series (1, 2, 3, 4), but not an update to WAHH.
I agree with /u/TaviRider, I did want to expand on how passwords are attacked and the side channel aspect though.
Regarding the side channel attack, it might be worse than that depending on how they implement it. I could try a user name with any random password that I know won't work. If they compare algorithms and return a failed result instantly if it doesn't match, then I know the algorithm is the opposite of whichever one was involved in my trial. If it's slower to return, then I know a comparison took place. In other words, I don't need to see the encrypted traffic generated by the user, I can generate my own.
Regarding the password cracking.... basically the entire thing is wrong. "Lookup tables"? I mean, I guess you could create something like that, but nobody would. Nobody even uses rainbow tables anymore (think of it as a compressed lookup table, a time/memory tradeoff). There's just no point. If it's a strong/salted hash, then the lookup table won't work. If it's a weak hash, then you can exhaustively search that same keyspace in about the same amount of time. To put it more succinctly, "Rainbow tables are dead. They died years ago. Stop trying to resurrect them." I'm not even sure why this was brought up in the article.
Regarding brute force, same thing, this just isn't really how password cracking is done (shout out to Hash Crack! It's amazing). You use wordlists, rules, and other utilities to generate candidates that you think people are going to actually use, you don't exhaustively search the entire keyspace hoping to get lucky. The only thing this split hashing algorithm has done for me is made my job easier. Now I can divide up the passwords and be much lazier about the 14+ character ones, by that I mean I can throw larger wordlists with more rules at it and get lucky, because hey! fast hashes! Instead of having to get smart about the candidates I generate because bcrypte is so f-ing slow.
TL;DR - No, I don't think this is a good idea. The gold standard of password storage, as far as I've seen, is what Dropbox does - https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/
Unfortunately, most of the university programs lag significantly behind industry. I've interviewed candidates with graduate degrees in cybersecurity that were not aware of most modern techniques used to find persistent adversaries. The good things those programs provide is a broad coverage of information security as a whole.
I saw you mention "finding the vulnerabilities before the bad guys do". Unfortunately, in the real world the code is either unpublished and you're a software security consultant, analyst, or tester, or it is published and you're fixing a hole that the adversary has already discovered. If your interest is in the software security side, I would recommend two books above all others.
The 24 Deadly Sins of Software Security: https://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751?_encoding=UTF8&%2AVersion%2A=1&%2Aentries%2A=0
Writing Secure Code: https://www.amazon.com/Writing-Secure-Code-Strategies-Applications/dp/0735617228/ref=sr_1_1?s=books&ie=UTF8&qid=1499038741&sr=1-1&keywords=writing+secure+code
That said, there is also a lot of work in the systems engineering side of the house - along the lines of credential theft and secure enterprise design. If you think this might be interesting to you, I would recommend reading papers such as these:
Microsoft Pass the Hash Whitepaper: https://www.microsoft.com/en-us/download/details.aspx?id=36036
Think Like a Hacker (shameless plug for my book): https://www.amazon.com/Think-Like-Hacker-Sysadmins-Cybersecurity/dp/0692865217/ref=sr_1_sc_1?ie=UTF8&qid=1499038880&sr=8-1-spell
Cybersecurity is typically broken into various subfields, such as reverse engineering, forensics, threat intelligence, and the like - each with its own set of tools and skills. Ultimately, I would recommend attending a decent hacking conference such as DEFCON, DerbyCon, ShmooCon, or the like to get familiar with the field.
Insinuezi că ar putea observa PIN-ul pe care le-am citit (si zic asta in Approaching Zero, o carte publicată, și o să plâng.
Not really "sysadmin fiction"
http://www.amazon.com/dp/B000H2MRXO/ref=rdr_ext_tmb
I think it based on alot of real stuff.I read the thing in about a day I couldnt put it down (oh that was a good 10-12 years ago)
I don't have anything like that to recommend but if you are interested in more reading (especially non-fiction) take a look at the ones below.
Red Wheelbarrow Journal
I also really enjoyed the following:
The Innovators: How a Group of Hackers, Geniuses, and Geeks Created the Digital Revolution
We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency
Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous
Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
​
From there, I went on to various sysadmin books (non-fiction) and a few journal articles.
> If not then even if he had voted for it he does not have the capability to make it happen so why vote for him?
"An MP won't accomplish anything anyway" is an argument against representative democracy as a whole. Interestingly, we still have it.
> If you don't trust this guy that he is going to be honest about how and why he is voting then why vote for him in the first place.
Then we could scrap the police and the judiciary for the same reasons. Why do we keep checking on people if we trust them, and if we don't trust them why don't we lock them up just to be sure? And why do people get hired for jobs who get later fired for incompetence? You shouldn't have hired them in the first place, right? Well, I'm not sure that's how it works in the real world...
> You have like an excel sheet you fill in to track how your representative are doing?
"An Excel sheet?" Why would you use something so inadequate? Do we live in the 19th century or what? There's a much larger picture there...
The Guy Fawkes masks started not long after V for Vendetta (2005) which coincidentally is around the scientology thing.
If you are interested in the history of anonymous, this is a good book about it.
And it is just not true that interest ever dropped. There were constant stories about them in the mainstream media. Some bigger than others but there has never been a time in the last 30 years that "Scientology wasn't really something people cared about. It was a silly religion made by a sci-fi writer so movie stars could feel smart."
Stories about Scientology sell magazines so they have never really gone away.
I hope that is sarcasm, if not, here's some bed time reading.
http://www.amazon.com/Hackers-Computer-Revolutio-Steven-Levy/dp/0385312105
http://www.amazon.com/Lions-Commentary-Unix-John/dp/1573980137/
http://www.amazon.com/Programming-Language-2nd-Brian-Kernighan/dp/0131103628/
Unix is more than a simplified Multric knock off and C is more than some language cobbled together.