(Part 2) Top products from r/blackhat
We found 12 product mentions on r/blackhat. We ranked the 30 resulting products by number of redditors who mentioned them. Here are the products ranked 21-40. You can also go back to the previous section.
21. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Sentiment score: 1
Number of reviews: 1
Wiley Publishing
Show Reddit reviews
23. Reversing: Secrets of Reverse Engineering
Sentiment score: 1
Number of reviews: 1
Wiley
Show Reddit reviews24. Code: The Hidden Language of Computer Hardware and Software
Sentiment score: 0
Number of reviews: 1
Microsoft Press
Show Reddit reviews
26. The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition
Sentiment score: 1
Number of reviews: 1
John Wiley Sons
Show Reddit reviews27. Security Engineering: A Guide to Building Dependable Distributed Systems
Sentiment score: 0
Number of reviews: 1
John Wiley Sons
Show Reddit reviews28. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (Volume 1 of 2)
Sentiment score: 0
Number of reviews: 1
Show Reddit reviews
No problem. I am by no means an expert in writing code or buffer overflows but I have written several myself and even found a few in the wild which was pretty cool. A lot of people want to jump right in to the fun stuff but find out rather quickly that they are missing the skills to perform those tasks. I always suggest to people to start from the ground up when learning to do anything like this. Before going into buffer overflows you need to learn assembly language. Yes, it can be excellent sleep material but it is certainly a must. Once you get an understand of assembly you should learn basic C++. You don't have to be an expert or even intermediate level just learn the basics of it and be familiar with it. The same goes for assembly. Once you get that writing things like shellcode should be no problem. I'll send you some links for a few books I found very helpful. I own these myself and it helped me tremendously.
Jumping into C++: Alex Allain
Write Great Code: Volume1 Understanding the Machine
Write Great Code: Volume2 Thinking Low-Level, Writing High Level
Reversing: Secrets of Reverse Engineering
Hacking: The Art of Exploitation I used this for an IT Security college course. Professor taught us using this book.
The Shellcoders Handbook This book covers EVERYTHING you need to know about shellcodes and is filled with lots of tips and tricks. I use mostly shells from metasploit to plug in but this goes really deep.
.
If you have a strong foundation of knowledge and know the material from the ground-up you will be very successful in the future.
One more thing, I recently took and passed the course from Offensive Security to get my OSCP (Offensive Security Certified Professional). I learned more from that class than years in school. It was worth every penny spent on it. You get to VPN in their lab and run your tools using Kali Linux against a LOT of machines ranging from Windows to Linux and find real vulnerabilities of all kinds. They have training videos that you follow along with and a PDF that teaches you all the knowledge you need to be a pentester. Going in I only had my CEH from eccouncil and felt no where close to being a pentester. After this course I knew I was ready. At the end you take a 24-long test to pass. No questions or anything just hands on hacking. You have 24 hrs to hack into a number of machines and then another 24 hours to write a real pentest report like you would give a client. You even write your own buffer overflow in the course and they walk you through step by step in a very clear way. The course may seem a bit pricey but I got to say it was really worth it. http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
The dark side has lot of facets, it depends on what you want to achieve.
If you are already working on web applications and web in general, then you may want to start with the Web Application Hackers Handbook by Dafydd Stuttard and Marcus Pinto.
This is a very valid book and with your existent knowledge it will be a very interesting read: i may also advise you to read The Tangled Web by Michal Zalewski, this instead will give you a very in-depth look of browsers' quirks and their inner working, quirks you'll learn to exploit.. for science!
Then there is the world of binary reverse engineering and exploitation, my preferred literature on this is Hacking: the art of exploitation: keep in mind that the techniques there may be outdated, but the reasoning and much of the concepts are still valid. It's a very specific book with very detailed information and you are required to know a bit of assembler, C and very low-level stuff.
Happy hunting and good luck!
I think Bender(Bending)Rodriguez was referring to this one:
https://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319/
I would also offer my recommendation for that book as well. It's definitely dated, but an excellent starting point on how to build your own rootkit.
That said, I'm not sure that really answers your "where do I get rootkits?" question. In answer to that, I'll offer a few tools that are heavier on the "post-exploitation agent", but still worth checking out:
Some dank af infosec books:
Malware Data Science: https://nostarch.com/malwaredatascience
Real World Bug Hunting: https://nostarch.com/bughunting
Penetration Testing: https://nostarch.com/pentesting
Black Hat Python: https://nostarch.com/blackhatpython
Social Engineering: The art of human hacking https://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/0470639539
Linux System Security: https://www.amazon.com/Linux-System-Security-Administrators-Source/dp/0130158070
Advanced Penetration Testing: https://www.amazon.com/Advanced-Penetration-Testing-Hacking-Networks/dp/1119367689
Also a classic is "The Art of Software Security Assessment"
http://www.amazon.com/The-Software-Security-Assessment-Vulnerabilities/dp/0321444426
http://www.amazon.com/gp/reader/0470068523/
Read this.