(Part 2) Top products from r/HowToHack

Start here.

Read those left to right. You will learn a lot about networking, a lot about Python and how that is commonly used to hack, and then a lot about Kali Linux. You won't learn how to use the tools, but you will learn what they are.

I would also recommend "Operating System Concepts" but it is a bit pricey. I like that book because it doesn't teach you how to use a bunch of commands in linux, rather it teaches you how operating systems work and why they work that way. Very interesting, and there is an entire section on security. Also, "Penetration Testing" is a good one, and it is cheap too. You will learn how to use some Kali tools, but you'll also learn the important stuff. Buffer overflows and format string attacks are what you need to know how to do. You need to know how to look at and manipulate memory.

If you want to figure out how to do it yourself, read the first four books. If you want a step-by-step guide of exactly what to do, read the last book. It is also pretty important, IMHO, to know a bit about operating systems, but honestly you don't need that one. It just tells you why things are the way they are, which is sometimes helpful when you're like "oh I wonder if I can hack in like this" but then you remember that you could, but they changed it because you could.

Good luck on your endeavors!

Edit: I looked at the sidebar and it agrees with me about learning how OS's work. It says: I think the best place to start is to get a solid understanding of OS concepts first. The combo of Linux, C, and ASM are almost essential to really understanding how everything melts together. I like this resource: http://wiki.osdev.org/Expanded_Main_Page.

Both posts here (so far) give good advice in terms of learning assembly. I personally used the OpenSecurityTraining course that was linked by /u/miguelhgn to fill in gaps I had in assembly, and I second his advice to check that one out. If that course proves to be too steep, I'd take a step back and learn a bit of C -- so that you can better understand the context of the assembly you would be reading. For free resources, I generally like to recommend https://publications.gbdirect.co.uk//c_book/ or http://users.cs.cf.ac.uk/Dave.Marshall/C/ as they're iso-9899 recommend free resources that cover a pretty good scope when it comes to C itself.

If you'd prefer a more textbook style of reading, and don't mind shelling out money, I generally recommend C Programming: A Modern Approach above anything else that's out there, but it's far from necessary to get this if you find that you learn from the free resources just fine.

As for recognizing patterns in assembly over time as mentioned by /u/poindexter_one, that would best be implemented by using https://godbolt.org/ imo, and starting with smaller C snippets, trying different compilers and optimization levels, and gradually doing the same with more complex code. A good exercise when you start to get good at that, is to also try to do the same thing in the opposite direction (Seeing assembly, and trying to construct C code from it, AKA a part of reverse engineering)

As for your question "Should I learn Assembly language?" depends on where your interests lie, and what you eventually want to learn / be able to do down the line. It's absolutely a good thing to be able to understand though.

Copy paste from a post I made earlier

Malware RE isn't really all that much voodoo as it seems, you take the executable and break it down into steps.

First check out the PE headers and find what strings you can, characteristics. Figure out if the malware is packed or not.

A quick and dirty way to get an idea of what it does it run it with certain tools on the system and a linux box to intercept all network communications. This is called behavioral analysis.

After that you can load it into a disassembler like IDA Pro and start looking for interesting functions or windows API calls. Things like WriteFile, VirtualAllocEx, ReadFile then figure out that they are doing.

After that you can take it into your debugger (I like OllyDbg) and set some breakpoints at interesting functions to see what the malware is doing in the stack. Like I said, its not voodoo once you look into it further.

Creating the malware is a whole different story and outside my skill set. In fact I hate programming and know only high level programming, basically I can interpret code and what it wants to do. But I have an easier time reading Assembly (lol) than something like C++. But coding malware is just like coding anything else, design it for what you want it to do and get to work. Stuff like Stuxnet had probably at a minimum 10 extremely talented coders behind it.

Here is a great list of learning sources.

Cybrary.it Malware Analysis Course - Free

Opensource Malware Analysis Course - Free

Dr. Fu's Malware Analysis Course - Free

OpenSecurityTraining.info - Free

SANS FOR610 Reverse Engineering and Malware Analysis - Expensive

Practical Malware Analysis

Practical Reverse Engineering

Malware Analyst's Cookbook

I realize this is an old post, but I figured I would add my two cents in:

If you have no Linux Knowledge, I would recommend these two books:
http://www.amazon.com/Introduction-Unix-Linux-John-Muster/dp/0072226951

http://www.amazon.com/Introduction-Linux-Manual-Student-Edition/dp/0072226943/ref=pd_bxgy_b_text_y

I would also recommend getting a book on windows server:
http://www.amazon.com/Mastering-Microsoft-Windows-Server-2008/dp/0470532866

After going over those you should have a fundamental understanding of Unix/Linux

Then I would recommend this if you need to brush up on your basic networking knowlege:

http://www.amazon.com/CompTIA-Network-Deluxe-Recommended-Courseware/dp/111813754X/ref=sr_1_1?s=books&ie=UTF8&qid=1369292584&sr=1-1&keywords=network+%2B+delux+guide

Some security theory wouldn't hurt: I'd recommend these in no particular order:

http://www.amazon.com/The-Basics-Information-Security-Understanding/dp/1597496537/ref=pd_rhf_se_s_cp_7_FHWA

http://www.amazon.com/gp/product/1597496154/ref=s9_simh_se_p14_d0_i6?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=auto-no-results-center-1&pf_rd_r=6289C56ED33B4C108B60&pf_rd_t=301&pf_rd_p=1263465782&pf_rd_i=itia2300

And now we actually start getting into penetration testing:

http://www.amazon.com/Metasploit-The-Penetration-Testers-Guide/dp/159327288X/ref=pd_rhf_se_s_cp_3_FHWA

http://www.amazon.com/The-Basics-Digital-Forensics-Getting/dp/1597496618/ref=pd_rhf_se_s_cp_6_FHWA

http://www.amazon.com/Advanced-Penetration-Testing-Highly-Secured-Environments/dp/1849517746/ref=pd_rhf_se_s_cp_8_FHWA

http://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717/ref=pd_rhf_se_s_cp_10_FHWA



Full disclosure: I have used all these books in my studies. I am not affiliated in any way with these authors, this also isn't something you can just "master" in 24 hours; you may however learn a few cool tricks early. My advice would be to keep at it, not only read these books, but setup Virtual environments to test these concepts in.

Those books I listed should give you a fundamental understanding of: Linux, Windows server, Networking, Information security theory, computer forensics, and basic penetration testing.

I would also recommend you take up a scripting language, Python is pretty simple to learn if you haven't already, and insanely powerful in the right hands.

Oh, one thing I forgot. NEVER EVER EVER run Kali linux as your primary distribution, setup a duel-boot and use something like Debian as your "casual" computer, and then souly use Kali or backtrack as your "Network security distro"

Ninja edited by myself

> Im studying at college in telecommunication field right now, but i enjoy hacking atm, i've been learn hacking for 2 months. But are those two things related? (telecom and hacking) If yes, what skills i should focus on? Sorry for bad english tho

You will enjoy reading this book (for entertainment, not knowledge):
https://www.amazon.com/Ghost-Wires-Adventures-Worlds-Wanted/dp/0316037729

Kevin Mitnick - Ghost In The Wires

He was a telecom hacker in the earlier days.

these will be examples / pointers. not direct "do this"es or "follow that"s. google keywords from points below.

first off id learn how to code. there are universities worth of educational content online. if you dont know how to code, id start with python. easy, simple, good scripting language. id learned it from codecademy.org back in the day. it was sufficient.

youd said you were learning linux. do that. there will be more linux to learn constantly. fiddle around. fail. figure shit out.

learn C.

you seem into networking and web stuffs. learn how computers talk to eachother. write a few clients/servers. go further and sniff the communication between them using a sniffer (wireshark maybe).

learn how to set up a network. OWN the shit out of that network, as in secure the shit out of it, be able to listen to communications, better yet, manipulate them. id even say fuck around with OpenWRT, a linux for network devices (routers, etc.). maybe set up a secondary network with an old router that you can install OpenWRT on, see if you can set it up, try to fuck with it.

set up your own web server and write a web app. in general im in favor of learning by building/doing. idk have something that works with mysql for example. see what kind of inputs become xss attacks, what kind of inputs inject sql queries, why.

learn how a computer works. learn what an operating system is, and what it does. https://www.amazon.com/Operating-System-Concepts-Abraham-Silberschatz/dp/1118129385 this is a good intro for it. why stop there, learn some good ole computer architecture, learn what a computer actually does.

(as i write this, im realizing that this looks too much like general advice for an aspiring computer engineer. so ill just go ahead and recommend you to work on being one, why not :D )

get to an okay state in knowledge about how stuff works. at that point you should learn about your arsenal. (and/or you can keep on learning). there are platforms you can practice. could set up a vulnerable vm and work on hacking into it. there are sites like smashthestack that host hacking puzzles. there should be vulnerable web apps for practicing also.

what i wrote is preeety general, but id stand by it. i dont even know what youre trying to hack, or what level of knowledge you have so there you go.

oh also GOOGLE. GOOGLE ALL DAY ERRDAY. all that above is easily googleable. figure it out.

</ramble>

This one is free:

http://www.fak.dk/en/publications/Pages/publication.aspx?pageid=559

And

https://www.amazon.com/Hacking-Human-Ian-Mann/dp/0566087731

And this is probably one of the more well known ones:

https://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/0470639539

Also anything written by Kevin Mitnick

I actually did this! If you want something that runs processes for a long time that you can walk away from (and is easy to remove the evidence), then it's a great option.

One caveat: If you want to do any kind of wireless hacking, I wouldn't get their suggested USB wifi. It didn't work for me. Instead grab this: http://www.amazon.com/gp/product/B00EQT0YK2

I'm not techy enough to explain the why but it's the only model I could find at a reasonable price that could handle wireless monitoring required for hacking wifi signals.

I've always been fond of the "How Computers Work" series by Ron White. I can't attest to the newer versions, but I own two older editions that hold up in helping wrap your head around what exactly your computer is doing from POST onwards.

I bought this book recently and it seems to outline the basics of the questions you ask. This should give you a good starting point anyway.
http://www.amazon.com/gp/aw/d/078974984X/ref=mp_s_a_1_1?qid=1449528241&sr=8-1&pi=SY200_QL40&keywords=how+computers+work&dpPl=1&dpID=51r1nQqI34L&ref=plSrch

Oh sorry - I thought when you wrote "The author...", it meant you bought a book about Wireshark.
Tell you what - I have extras of my book from the publisher.

PM me your address and I'll mail one out to you. No charge, as long as you promise to work through it and learn as much as you can. :)

you want something like this:
https://www.amazon.com/Portable-Transmitter-Adjustable-Broadcasting-Meetings/dp/B07425BXYH

If you can get this book, it will help you a bunch
https://www.amazon.com/Wireshark-Security-Professionals-Metasploit-Framework/dp/1118918215/ref=mp_s_a_1_4?ie=UTF8&qid=1549574800&sr=8-4&pi=AC_SX236_SY340_QL65&keywords=wireshark+101&dpPl=1&dpID=51kdA1YQ4tL&ref=plSrch

Computer Networking : A Top Down Approach

Also check out CompTIA N+ materials

Solid book if you want to learn - https://www.amazon.com/Hacking-Exposed-Wireless-Third-Solutions/dp/0071827633

Handshakes and time are going to be the way you'll begin - but don't actually do this. Practice this sort of thing with WEP. Go for default password instead. Also, only work on routers you own unless you have explicit permission.

I know it isn't in the bundle, but Python Programming for Raspberry Pi, Sams Teach Yourself in 24 Hours has managed to keep my attention without feeling boring for the first 10 or so hours (though I did skip the first 2 hours since I knew that stuff already).

What about this ?

https://www.amazon.com/Hacking-Comprehensive-Step-Step-Cybersecurity/dp/109497756X

Read this book: Code: The Hidden Language of Computer Hardware and Software

It's a panda wireless USB wireless adapter: https://www.amazon.com/Panda-300Mbps-Wireless-USB-Adapter/dp/B00EQT0YK2

Windows Internals is among, if not the best, book on the Windows OS imo.

https://www.amazon.com/Windows-Internals-Part-architecture-management/dp/0735684189/ref=asap_bc?ie=UTF8

It won't teach you explicit "hacking" procedures but it will explain details at a very low/in depth level. I have the 5th & 6th addition, need to pick up the 7th myself (they basically follow major OS releases)

If you are really serious, you need to read the following book before the Hacking book;

• Computer Systems: A Programmer's Perspective It will teach you almost all the prerequisites. The 3rd edition is 64-bit only while the 2nd edition is mostly 32-bit with some 64-bit. Get the cheap South Asia editions.