(Part 3) Top products from r/hacking
We found 22 product mentions on r/hacking. We ranked the 176 resulting products by number of redditors who mentioned them. Here are the products ranked 41-60. You can also go back to the previous section.
41. Hacking Exposed Web Applications, Third Edition
Sentiment score: 1
Number of reviews: 1
42. 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
Sentiment score: 1
Number of reviews: 1
McGraw-Hill Osborne Media
43. Analyzing Computer Security: A Threat / Vulnerability / Countermeasure Approach
Sentiment score: 1
Number of reviews: 1
44. The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
Sentiment score: 1
Number of reviews: 1
45. Software and Hardware Engineering: Assembly and C Programming for the Freescale HCS12 Microcontroller
Sentiment score: 0
Number of reviews: 1
46. Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
Sentiment score: -1
Number of reviews: 1
Broadway Books
47. Advanced Programming in the UNIX Environment, 3rd Edition
Sentiment score: 0
Number of reviews: 1
48. iUniker New Raspberry Pi Screen, 3.6 inch 60+fps 800x480 Resolution HD with Cooling Fan and Case for Raspberry Pi 3 B+/B, Pi 2 B (with Black Case and Fan)
Sentiment score: 1
Number of reviews: 1
Fastest 3.6 inch Screen for Raspberry Pi,Super HD 800x480 Resolution, 60+ fps HD Raspberry Pi MonitorWe add a backlight switch on the PCB boardWe provide a fan socket for cooling your PiEasy to light it up, only follow the instruction,then you will get a super little raspberry pi screenCustomer Serv...
49. Learn Ruby the Hard Way: A Simple and Idiomatic Introduction to the Imaginative World Of Computational Thinking with Code (3rd Edition) (Zed Shaw's Hard Way Series)
Sentiment score: 1
Number of reviews: 1
50. Games People Play: The Basic Handbook of Transactional Analysis.
Sentiment score: 1
Number of reviews: 1
Great product!
51. Cyberchase - The Search for the Power Orb
Sentiment score: 0
Number of reviews: 1
52. The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition
Sentiment score: 1
Number of reviews: 1
John Wiley Sons
53. Manwatching: A Field Guide to Human Behavior
Sentiment score: 1
Number of reviews: 1
Used Book in Good Condition
55. Assembly Language Step-by-Step: Programming with Linux
Sentiment score: 1
Number of reviews: 1
John Wiley Sons
57. Information Security: Principles and Practices
Sentiment score: 1
Number of reviews: 1
58. Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)
Sentiment score: 0
Number of reviews: 1
Wow, it's really encouraging to see people new to hacking actually following the right path. Far too many people disassociate hacking with what it truly is, but you're not one of them; I see that you've got your answer already, but l feel it's necessary to keep pushing you in the right direction. Good luck in your endeavours :)
Some neat resources for someone interested in Binary Exploitation:
Smash The Stack
And a few books:
Hacking: The Art of Exploitation
The Shellcoders Handbook
I've got both of these books and a few on ASM, so I can vouch for them (as can their reviews and ratings).
Happy Hacking
I second Python as a great beginner language.
Here you go /u/moonknightspidey - http://learnpythonthehardway.org/
You don't have to buy the book, it's available through the web site for free. If you prefer a physical book: https://www.amazon.com/Learn-Python-Hard-Way-Introduction/dp/0321884914
The person I'm replying to also recommended Ruby. Zed Shaw also wrote a ruby book.
Online (free): http://learnrubythehardway.org/book/
Print: https://www.amazon.com/Learn-Ruby-Hard-Way-Computational/dp/032188499X
And if you're feeling crazy then you can learn you a haskell (don't do this).
Bookmark these for when you get into C later:
http://c.learncodethehardway.org/book/ Same guy who wrote Learn Python the Hard Way. The online (free) copy of Learn C etc is incomplete, but is now available in print in full: https://www.amazon.com/Learn-Hard-Way-Practical-Computational/dp/0321884922
Then there's beej: http://beej.us/guide/
And the obligatory TCP/IP book: https://www.nostarch.com/tcpip.htm
If anyone's wondering about why I just spammed the shit out of Zed Shaw's books, it's because his writing style is very easy to get into and keeps your attention. It's anything but dry, and focuses on making you write code, break it, and figure out why it broke.
There are other good Python books as well, like this one: https://www.nostarch.com/automatestuff
And here's another No Starch book on Ruby (I like No Starch - Absolute OpenBSD is a great reference) - https://www.nostarch.com/ruby
I'm the manager of application security and research at a mid-level software vendor with over 400 developers and testers and I want to recommend you ignore all of the more generic advice currently in this thread. As someone with coding experience and interest, you have a unique path to infosec that so many companies want, but find it extremely difficult to hire for.
Any company that ships software has to consider the security of their application - full stop. Most rely on scanners or annual third-party vulnerability assessments for this, but obviously that falls short. They need people who can build security in from an architectural standpoint. Someone who can actually implement the fixes suggested by the above methods, and ideally, someone who can help implement security as an integral part of the SDLC instead of as a bolt-on premise.
My recommendation is to make your way through 24 Deadly Sins of Software Security and The Web Application Hacker's Handbook. If you can understand the bulk of concepts in these two books, you'll be leagues ahead of almost any developer you find yourself up against in a hiring scenario. For the coup de gras, learn about threat modeling. It's a great way to teach other developers and testers security and to build security into any system during design instead of post-release. Check out this book which is actually probably a little too comprehensive, use this card game from Microsoft (it seems silly, but I promise you it works), and watch this talk one of the guys on my team gave at BSides Cincinnati.
If you have any questions, PM me.
I had to step back and read a book on using GDB. I suggest The Art of Debugging With GDB. There are also good tutorials on the web such as this and this
Some really useful commands Erickson does not cover are:
info frame [n] (n is an optional int, default is 0)
Short version: i f - This shows information about the current frame. You need to set a break point and step into the function's code for the frame you want to examine. This will clearly show where the saved frame pointer and return address are at. Then do 'x/20x $esp' to find the saved frame pointer and return address on the stack, and how far they are from the top of the stack.
i func - list all the functions in the program
i vars - List all the variables in the current scope
Another good book is Assembly Language Step-by-Step to get some of the basics down. The value of this book is learning to count/add/subtract in hex, but you also learn how programs are laid out in memory.
There are other tutorials out there if you do a little googling. Keep trying, it will come to you.
I am currently reading:
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws - Dafydd Stuttard So far its been a really good book giving you good examples easy to read and follow.
I wouldn't recommend starting off with metasploit, what you want to do is learn the basics on linux, I would recommend this book: http://www.amazon.com/Introduction-Unix-Linux-John-Muster/dp/0072226951
After that, learn some info sec theories (boring, but important if you want to make a career out of it.)
these two books are what I used: http://www.amazon.com/Computer-Security-Fundamentals-William-Easttom/dp/0131711296
http://www.amazon.com/Information-Security-Principles-Mark-Merkow/dp/0131547291/ref=pd_sim_b_2
The first book is mostly intro to basic concepts such as port scanning, firewalls, networking, etc. the second is info sec theories
This would most likely be your next book to buy, its a little more advanced, and has some challenging content in it.
http://www.amazon.com/Analyzing-Computer-Security-Vulnerability-Countermeasure/dp/0132789469
Finally grab this bad boy http://www.amazon.com/Metasploit-The-Penetration-Testers-Guide/dp/159327288X
you should have some decent knowledge about network security by then.
The Art of Deception: Controlling the Human Element of Security
What Every BODY is Saying: An Ex-FBI Agent’s Guide to Speed-Reading People
Manwatching: A Field Guide to Human Behavior
How to Win Friends & Influence People
Influence: The Psychology of Persuasion
Games People Play: The Basic Handbook of Transactional Analysis
The 48 Laws of Power
Any of the Hacking Exposed! books are pretty good and describing this thing, if you are into the print media.
Otherwise, hop on over to OWASP! and check out Injection techniques, etc..
https://www.amazon.com/iUniker-Raspberry-800x480-Resolution-Cooling/dp/B07JZHLWGM
works well, requires a lot of cutting (even to fit basic raspberry heatsink)
overclock pi 3b, 1.5.
wifi adapter is a panda pau06.
05k4491 ibm heatsink fan, attached to a small flat aluminum heatsink.
Depending on the sort of hacking you want to do, your programming skills will likely complement your learning experience very well.
Depending on what sort of programming you've been doing and what your target is, it could also be totally irrelevant.
If you're looking to find exploits in software (i.e inside of a server) you'll need to understand how to reverse engineer it and search for exploits - getting a hang of IDA Pro and OllyDbg will be key to this. If you're looking for software exploits, already understanding languages like C and C++ will be highly benificial. Understanding your target's platform will also be crucial.
If you want to get into exploiting websites etc your C programming probably won't be too helpful - since most scripts are most easily hacked up in python or php. If you have any experience in programming server-side logic in php and interfacing with databases then that would be applicable to this field.
As I am more into native software reverse engineering and not hacking webservers I can really only point you down the path of reverse engineering software. A very good book I found for this was http://www.amazon.ca/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817
This book will guide you through the process of offline and online analysis with ollydbg and IDA. Further it will introduce you to the internal workings on the windows platform (which is crucial if you're looking to reverse engineer targets on the windows platform.)
There are some good books on IDA Pro as well.
https://www.amazon.com/Cyberchase-Search-Power-Adam-Rudman/dp/0439542413
I learned so much when I was in college from this book about C and the OS http://www.amazon.com/Programming-Environment-Addison-Wesley-Professional-Computing/dp/0321637739/ref=dp_ob_title_bk I haven't looked at the newest edition though.
My prof suggested us this textbook!
http://www.amazon.ca/Software-Hardware-Engineering-Programming-Microcontroller/dp/0195308263
There are many different Assembly languages but i suggest that learn machine language first.
School, here is a textbook I used.
Don’t forget the book collection of a ton of back issues. I have it in hardback.
Edit: link to the book I meant.
https://www.amazon.com/Best-2600-Hacker-Odyssey/dp/0470294191
Damn you Wohlfe -I now have to spend money!
I've got the Mitnick books, and the first one.
Have a look at The art of the Steal
Recognise the author?
Max “Vision” Butler is an example I use for training classes.
He was a FBI informant, told the FBI about government systems being vulnerable to an exploit that had just been made public. I mean every government system including military, they ignored him, so he created a patch and remediated the issue in thousands of government servers himself... BUT, he also left himself backdoors in his code, which is a running theme with him. He didn’t have the worst intentions, but he did some shady stuff.
Kingpin, How One Hacker Took Over The Billion Dollar Cybercrime Underground by Kevin Paulson
Edit - The book itself is more about his crime ring after he goes to prison for what I mentioned. He does do federal prison time, finds it tough to get work after, and meets a guy who has the idea for a crime ring. I actually think the above story would be more interesting for a school report.