(Part 2) Top products from r/hacking

Wow, it's really encouraging to see people new to hacking actually following the right path. Far too many people disassociate hacking with what it truly is, but you're not one of them; I see that you've got your answer already, but l feel it's necessary to keep pushing you in the right direction. Good luck in your endeavours :)


Some neat resources for someone interested in Binary Exploitation:

Smash The Stack


And a few books:

Hacking: The Art of Exploitation

The Shellcoders Handbook


I've got both of these books and a few on ASM, so I can vouch for them (as can their reviews and ratings).

Happy Hacking

Buy a decent book on pen testing using kali. A great starting point for beginners: https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442

I'm 30 years old and currently working 30% in pen testing, and 70% with developing electronic warfare systems at the most reputable cyber security company in Scandinavia. I wish I had found this interest at your age! If you put some effort into it and have a genuine interest in the field, the possibilities are truly endless.

It might be a boring answer, but seriously.. Read! Don't get stuck playing around with tools, but read up on the subject as well. The book I linked is a very easy read, and will get you started with the practical aspects very quickly. Once you have the basics down you might also want to check out "The Hackers Playbook 2". If you find reading tedious I suggest enrolling in a course on udemy.com, that way you can alternate reading with video lectures.

Good luck! The industry needs more young and hungry minds :)

Let me start by telling you that InfoSec jobs are in-demand now more than ever and that's not likely to change as more and more of the world are starting to use computers, computers continue advancing, etc. So, barring any sort of impending dark ages and assuming you're putting enough effort into your education and continuing education, you should be able to work your way up without too much trouble. Focus on getting your foot in the door and be professional.

 

Now then, I'm currently an Information Security Analyst in the US, so this information may be completely irrelevant to you out there in NZ. I initially only graduated with an Associate's (2-year) in Information Security & Computer Forensics. I managed to get my job before I had even graduated as I worked hard in school (a stressful amount, really) and knew how to conduct myself in a professional manner. They actually paid for my certifications, and a lot of companies out there will as well. Here's the tiered structure we followed - all InfoSec related certifications:

 

Within the first 6 months, we are sent to training to obtain our CompTIA Security+ certification. This is roughly a 1-hour, multiple choice test and you need at least an 80% to pass. I would recommend any of these three books to study from:

This is the book that my company had provided me to study from

This is the book my friend had given me. Both her and I studied from this and passed successfully

This is the book we are currently learning from in my Bachelor's program

Take your pick, they'll all achieve the same essentials, mostly. I am awful at studying and mainly just crammed the few topics I wasn't sure about in the night/morning before my test and passed with an 86%.

 

Next, we're sent to get our GSEC, which is the GIAC Security Essentials Certification. The Security+ focuses on several main topics and gets in-depth with the information, whereas GSEC covers a wide span of topics but doesn't get very in-depth. This test takes about 5 hours to complete also, compared to the 45 minutes that it took to take the Security+. It's important to note that the GSEC, while 5 hours long, is open-book. My company sent me to a training class that provided 6 different books to cover any topic on the GSEC, however you also need an index. The books themselves don't have a table-of-contents, so you need to make an index yourself that covers just about every topic on every page. In my case, a coworker sent me his that he had used, and it turns out it was out of date so not a single page was correct. Much to my own surprise, I passed with an 82% (the minimum passing score is 74%) so while the index/books are important - they're not completely necessary as long as you paid attention in your classes. It should also be noted that I did not actually study for this. Most of it was just common-sense stuff like "Which of the following does an Intrusion Prevention Device do?" and knowledge that I had obtained from school/work.

 

After GSEC is the GCIH, or, GIAC Certified Incident Handler. I haven't taken this yet, nor the next one, so I can't speak to their difficulty or process, but I've been told by other analysts it's roughly the same as GSEC, just different information and more hands-on like capture the flag runs.

 

Finally, after GCIH, we are sent to get our GCIA, or, GIAC Certified Intrusion Analyst. Same with GCIH, I have not been sent to obtain this cert just yet, but I can only imagine it's somewhat similar to the last 2 as they follow GIAC's tiered structure.

 

So TLDR - as a current InfoSec Analyst - the recommended certs are Security+, GSEC, GCIH, and GCIA. There are many more certs out there, though, these are just the ones my company values currently.

 

Good luck!

I read this book, it is an amazing one however it is pretty big and might be hard for you since you are not advanced as you said.

On my opinion, I highly recommend this book

https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442/ref=sr_1_18?ie=UTF8&qid=1481534935&sr=8-18&keywords=hacking+books

It is easy to read and follow. And the way the book was written makes you never stop reading, I promise. (: good luck on you education my friend I hope this helps.

Start with learning computer systems, networking, and Linux. You need to be able to at least read computer code, know how data flows between computer networks, and how to do things in Linux. Here are few links to get you started:

First and foremost, basics and free stuff:

Intro to Linux
https://www.edx.org/course/introduction-linux-linuxfoundationx-lfs101x-2

Computer Networks
https://www.coursera.org/course/comnetworks

Intro to computer science and programming Python:
https://www.edx.org/course/introduction-computer-science-mitx-6-00-1x-0

Web development -- Will help you when (and if) you go through web pentest route
https://www.udacity.com/course/cs253

Cryptography
https://www.coursera.org/course/crypto


Once you've covered all above topic, you are ready to enter into pure-hacking learning:

First free stuff:
http://www.reddit.com/r/HowToHack
http://www.breakthesecurity.com/p/hacking-tutorials-for-beginners.html
http://www.securitytube.net/

Following cost money but take you through each and every step of a pentest without distractions:

Hacking Exposed ed.7
http://www.amazon.com/Hacking-Exposed-Network-Security-Solutions/dp/0071780289

The Hacker Playbook
http://www.amazon.com/The-Hacker-Playbook-Practical-Penetration/dp/1494932636

Very expansive but well worth it (Bonus: It's a certification):
http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

All wifi adaptors are created equal, just some are created more equal than others.

​

I have had great success with Alfa AWUSO36NH before.

I am currently reading:
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws - Dafydd Stuttard So far its been a really good book giving you good examples easy to read and follow.

I wouldn't recommend starting off with metasploit, what you want to do is learn the basics on linux, I would recommend this book: http://www.amazon.com/Introduction-Unix-Linux-John-Muster/dp/0072226951

After that, learn some info sec theories (boring, but important if you want to make a career out of it.)

these two books are what I used: http://www.amazon.com/Computer-Security-Fundamentals-William-Easttom/dp/0131711296

http://www.amazon.com/Information-Security-Principles-Mark-Merkow/dp/0131547291/ref=pd_sim_b_2

The first book is mostly intro to basic concepts such as port scanning, firewalls, networking, etc. the second is info sec theories

This would most likely be your next book to buy, its a little more advanced, and has some challenging content in it.

http://www.amazon.com/Analyzing-Computer-Security-Vulnerability-Countermeasure/dp/0132789469

Finally grab this bad boy http://www.amazon.com/Metasploit-The-Penetration-Testers-Guide/dp/159327288X

you should have some decent knowledge about network security by then.

If you have done enough research, aircrack is the go to. Make sure you have an external wifi card that is capable of injection.
You can find that here: http://www.aircrack-ng.org/doku.php?id=compatibility_drivers.
The most common are the alfa cards like the alfa awus036nha or whatever.
You can probably find one for cheaper, but heres one that i use: https://www.amazon.com/dp/B004YD7UBQ/ref=cm_sw_r_awd_c1nvub02KE5SR.
But of course you would know that after some basic research, right?? :)

The Art of Deception: Controlling the Human Element of Security

What Every BODY is Saying: An Ex-FBI Agent’s Guide to Speed-Reading People

Manwatching: A Field Guide to Human Behavior

How to Win Friends & Influence People

Influence: The Psychology of Persuasion

Games People Play: The Basic Handbook of Transactional Analysis

The 48 Laws of Power

There's a post like this every few weeks. Here's a link that links to a lot of other good links.

From personal experience, I recommend:

The Basics to Hacking and Penetration Testing

and since a lot of hacking these days has to do with social engineering, this book:

The Art of Deception

Any of the Hacking Exposed! books are pretty good and describing this thing, if you are into the print media.

Otherwise, hop on over to OWASP! and check out Injection techniques, etc..

Yes, yes there is.

TCP/IP Illustrated:

https://www.amazon.com/dp/0321336313/

https://www.amazon.com/iUniker-Raspberry-800x480-Resolution-Cooling/dp/B07JZHLWGM

works well, requires a lot of cutting (even to fit basic raspberry heatsink)

overclock pi 3b, 1.5.

wifi adapter is a panda pau06.

05k4491 ibm heatsink fan, attached to a small flat aluminum heatsink.

I second the Alfa suggestion. I have this one myself and it works great! https://www.amazon.com/dp/B0035APGP6/ref=cm_sw_r_cp_apa_mU7SBbSVAMKJR

Personally I suggest you to read this book: http://www.amazon.it/Hacking-Art-Exploitation-ebook/dp/B004OEJN3I/ref=sr_1_1?ie=UTF8&qid=1393873598&sr=8-1&keywords=hacking+the+art+of+exploitation

I read it and I think that it is the best way to begin studying hacking related to computer science.

Have you read Blue Team Handbook? It could be a good place to start and I'm guessing your company can swing you $15

You mean the seventh edition? Yeah, you're right. I read the fifth one (2005!), and I can tell some methods are now deprecated or have increasingly evolved. But I don't know about 2012... However, I was still able to learn a lot from it. And it taught me to find resources to keep learning, so, it definitely wasn't a waste of my time.

This is one of my security starter trifecta:

Hacking: The Art of Exploitation

Rtfm: Red Team Field Manual

Blue Team Handbook: Incident Response Edition

This one will work but it's a bit pricey: https://www.amazon.com/Alfa-AWUS036NHA-High-Wireless-Adaptor/dp/B004YD7UBQ

I know that Hak5 recently started selling their brand of cards but I'm not sure how much those cost. You can also check out Hacker Warehouse and see if they're selling the original version of the TP-Link.

http://www.securitytube.net/

http://www.kali.org/

http://www.amazon.com/The-Basics-Hacking-Penetration-Testing/dp/1597496553

Check out the following books:

TCP/IP Illustrated, Volume 1: The Protocols: The Protocols v. 1 (Addison-Wesley Professional Computing) https://www.amazon.co.uk/dp/0321336313/ref=cm_sw_r_cp_api_i_HsfhDb3TC15DK

By Gary A. Donahue Network Warrior (2nd Edition) https://www.amazon.co.uk/dp/B00NBJPIV8/ref=cm_sw_r_cp_api_i_ltfhDbJCDDXG7

School, here is a textbook I used.

https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson-ebook/dp/B004OEJN3I

Don’t forget the book collection of a ton of back issues. I have it in hardback.

Edit: link to the book I meant.

https://www.amazon.com/Best-2600-Hacker-Odyssey/dp/0470294191