#18 in Computers & technology books
Use arrows to jump to the previous/next product

Reddit mentions of Hacking: The Art of Exploitation, 2nd Edition

Sentiment score: 58
Reddit mentions: 101

We found 101 Reddit mentions of Hacking: The Art of Exploitation, 2nd Edition. Here are the top ones.

Hacking: The Art of Exploitation, 2nd Edition
Buying options
View on Amazon.com
or
    Features:
  • Easy to read text
  • It can be a gift option
  • This product will be an excellent pick for you
Specs:
ColorBlack
Height9.25 Inches
Length7 Inches
Number of items1
Release dateJanuary 2008
Weight2.05 Pounds
Width1.06 Inches

idea-bulb Interested in what Redditors like? Check out our Shuffle feature

Shuffle: random products popular on Reddit

Found 101 comments on Hacking: The Art of Exploitation, 2nd Edition:

u/Any0nymouse · 125 pointsr/HowToHack

Actually, start with some programming, then move on to "The Art of Exploitation" it's the best book on "hacking" I've ever used...

u/koeningyou666 · 73 pointsr/netsecstudents

In my opinion; every book in this bundle is a bag of shit.

Here's a list of reputable books, again in my opinion (All links are Non-Affiliate Links):

Web Hacking:

The Web Hackers Handbook (Link)

Infrastructure:

Network Security Assessment (Link)

Please Note: The examples in the book are dated (even though it's been updated to v3), but this book is the best for learning Infrastructure Testing Methodology.

General:

Hacking: The Art of Exploitation (Link)

Grey Hat Hacking (Link)

Linux:

Hacking Exposed: Linux (I don't have a link to a specific book as there are many editions / revisions for this book. Please read the reviews for the edition you want to purchase)

Metasploit:

I recommend the online course "Metaspliot Unleashed" (Link) as opposed to buying the book (Link).

Nmap:

The man pages. The book (Link) is a great reference and looks great on the bookshelf. The reality is, using Nmap is like baking a cake. There are too many variables involved in running the perfect portscan, every environment is different and as such will require tweaking to run efficiently.

Malware Analysis:

Practical Malware Analysis (Link)

The book is old, but the methodology is rock solid.

Programming / Scripting:

Python: Automate the Boring Stuff (Link)

Hope that helps.

u/FunkyCannaHigh · 30 pointsr/MrRobot

Excellent questions! If you are a CS grad you are ahead of the game. However, it all depends on what you want to do. I suggested learning programming/CS principles for two reasons:

  1. The more you understand how computers, code, compliers, software, stacks, memory randomization, CPU protection rings, and the such work the better you are at hacking. You can find novel ways to get into systems and exploit them, etc.

  2. You can write basic tools on the fly. It is amazing the tools you can create with a few lines of code when you have access to nothing but a GCC compiler in a *nix environment.

    If you want to find zero day exploits, yes learn how low level languages work. It would be very helpful in that case.

    Otherwise, Learn python (or whatever is popular at the time) to write your own exploit tools....or to modify existing ones.


    If you want to be apart of a red team learning lower level languages could make you a better exploiter. However, IMO, I would start with just learning the basics of hacking.


    These two books are old but they are absolute standards for anyone starting off:

    https://www.amazon.com/dp/1593271441/ref=cm_sw_r_cp_awdb_t1_GYIACb1Z2YXFA

    And:

    https://www.amazon.com/dp/1593275641/ref=cm_sw_r_cp_awdb_t1_zZIACbMH0WTMP


    Also, learn as much as you can on how windows/Linux/virtual machines (and containers) work. The more you know about how an OS works the easier it is to exploit.

    Learn to exploit, there are a ton of free sites to help you learn:

    http://overthewire.org/wargames/


    https://www.cybrary.it



    www.vulnhub.com


    http://google-gruyere.appspot.com



    Learn CTF challenges:

    https://ctflearn.com


    When you are able to hack take part in real challenges:


    https://ctf365.com


    Then start your career with a RESPECTED CERT, OSCP:


    https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

    The OSCP is no joke and it is a timed, 24 hour cert test. Yes, you read that right, 24 hours.

    Unless you want a government gig stay away from C|EH, it is a joke cert in the community. Again, unless you need to work for a gov agency



    Finally, and I cannot stress this enough.....LEARN CLOUD COMPUTING!!! It is here to stay and on-prem systems are dying a slow death. It will change how you exploit systems and how software is engineered/deployed.

u/[deleted] · 26 pointsr/learnprogramming

HACKING: The Art of Exploitation

There are many books out there that teach you exploits, and most of them are very good. However, this one teaches you how to find them yourself. But despite giving a brief overview of programming in the beginning of the book, it is pretty fast paced. It took me a few weeks to just understand how the registers worked and what they do (though I don't know if you or anyone else would have this problem).

Also, if you are just starting low level programming, do not even think about doing any sort of hacking yet. Before you even think about doing that kind of stuff, you need to know how computers 'think' themselves. Memory management, data structures, basic OS functions, and things like that are important to know before you jump into that kind of stuff. I would actually suggest practicing low level programming on a micro controller. It makes it much easier to start out with.

u/DucBlangis · 20 pointsr/netsecstudents

Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:

  1. Programming. Definitely learn "C" first as all of the Exploitation and Assembly courses below assume you know C: The bible is pretty much Dennis Richie and Kernighan's "The C Programming Language", and here is the .pdf (this book is from 1988, I don't think anyone would mind). I actually prefer Kochan's book "Programming in C" which is very beginner freindly and was written in 2004 rather than 1988 making the language a little more "up to date" and accessible. There are plenty of "C Programming" tutorials on YouTube that you can use in conjunction with either of the aforementioned books as well. After learning C than you can try out some other languages. I personally suggest Python as it is very beginner friendly and is well documented. Ruby isn't a bad choice either.

  2. Architecture and Computer basics:
    Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
    Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".

  3. Operating Systems: Choose which you want to dig into: Linux or Windows, and put the effort into one of them, you can come back to the other later. I would probably suggest Linux unless you are planning on specializing in Malware Analysis, in which case I would suggest Windows. Linux: No Starch's "How Linux Works" is a great beginner resource as is their "Linux Command Line" book. I would also check out "Understanding the Linux Kernel" (that's a .pdf link). For Windows you can follow the Windows Programming wiki here or you can buy the book "Windows System Programming". The Windows Internals books are generally highly regarded, I didn't learn from them I use them more as a reference so I an't really speak to how well they would teach a "beginner".

  4. Assembly: You can't do much better than OpenSecurityTraining's "Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration" class lectures from Xeno Kovah, found here. The book "Secrets of Reverse Engineering" has a very beginner friendly introduction to Assembly as does "Hacking: The Art of Exploitation".

  5. Exploitation: OpenSecurityTraining also has a great video series for Introduction to Exploits. "Hacking: The Art of Exploitation" is a really, really good book that is completely self-contained and will walk you through the basics of assembly. The author does introduce you to C and some basic principles of Linux but I would definitely suggest learning the basics of C and Linux command line first as his teaching style is pretty "hard and fast".

  6. Specialized fields such as Cryptology and Malware Analysis.


    Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)

    *edited a name out





u/dud3z · 18 pointsr/blackhat

The dark side has lot of facets, it depends on what you want to achieve.

If you are already working on web applications and web in general, then you may want to start with the Web Application Hackers Handbook by Dafydd Stuttard and Marcus Pinto.

This is a very valid book and with your existent knowledge it will be a very interesting read: i may also advise you to read The Tangled Web by Michal Zalewski, this instead will give you a very in-depth look of browsers' quirks and their inner working, quirks you'll learn to exploit.. for science!

Then there is the world of binary reverse engineering and exploitation, my preferred literature on this is Hacking: the art of exploitation: keep in mind that the techniques there may be outdated, but the reasoning and much of the concepts are still valid. It's a very specific book with very detailed information and you are required to know a bit of assembler, C and very low-level stuff.

Happy hunting and good luck!

u/_Skeith · 16 pointsr/AskNetsec

Hey man! I work as Security Analyst - about a year away from graduating with my Bachelors.

I suggest you pick up the CompTIA Security+ Certification, as well as start learning the basics of Networks and how they function. Learn ports and protocols, as well as how IDS/IPS/Firewalls function. This will get you an entry level role as a Jr Analyst. I suggest you use [http://www.professormesser.com/security-plus/sy0-401/sy0-401-course-index/](Professor Messers Security+ Videos) This will teach you the basics of security work, networking concepts, threats, etc.

At the same time start listening to podcasts like Paul's Security Weekly, Down the Security Rabbit Hole, etc. As well as start reading blogs on hacking to get a feel for whats done.

Get a home lab and learn a few tools like Wireshark and Nmap for basic Security Analyst work - to learn how packets work, how they are structured, and how to scan pc's for ports and services. At the same time, focus on learning about threats and vulnerabilities (which are covered in security+).

If you want to get into PenTesting then you need a wide range of knowledge. Pick up and learn a few languages (master the basics and understand what the code does and how to read/interpret it). You need to know: PHP, HTML, SQL, Python (or Ruby), and a basic language like C, or Java.

If you want to dig deeper into PenTesting then start reading: https://www.offensive-security.com/metasploit-unleashed/

Good way to get into the Kali Distro and learn how to run Metasploit against vulnerable VM's.

Take a look at https://www.vulnhub.com/resources/ for books, and vulnerable VM's to practice on.

https://www.cybrary.it/ is also a good place with tons of videos on Ethical Hacking, Post Exploitation, Python for Security, Metasploit, etc.

Pick up some books such as

The Hacker Playbook 2: Practical Guide To Penetration Testing

Hacking: The Art of Exploitation

Black Hat Python: Python Programming for Hackers and Pentesters

Rtfm: Red Team Field Manual

The Hackers Playbook and The Art of Exploitation are great resources to get you started and take you step by step on pen testing that will allow you to alter explore the endless possibilities.

Also a good list of resources that you can learn more about security:

Getting Started in Information Security

Pentester Labs

Awesome InfoSec

Awesome Pentest

Overall experience and certification are what will get you into the door faster. Most employers will look for experience, but if they see you have motivation to learn and the drive to do so, then they might take you. Certifications also are big in the infosec field, as they get you past HR. And having a home lab and doing side projects in security also reflects well.

u/borski · 15 pointsr/netsec

Two good books I'd recommend for getting started in exploitation:

u/cookenmeth · 13 pointsr/HowToHack

There’s a book called, “Hacking: The Art of Exploitation,” that includes a lot of assembly.
https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

u/nopX0f · 11 pointsr/HowToHack

Go through "Hacking: The Art of Exploitation" by Jon Erickson and learn the skills as needed. When you can make it (and I mean not just do the examples, but understand the how and why in each example) through his book you should have some good base knowledge and an idea what subjects you enjoy, pursue them in that order after that.

amazon link to book

edit formating

u/sanedave · 10 pointsr/learnprogramming

Three books I have been using:

The Definitive Guide to How Computers Do Math

Web page here: http://www.diycalculator.com/

Assembly Language Step-by-Step: Programming with Linux

Hacking: The Art of Exploitation, 2nd Edition

The first uses a virtual machine running on Windows, with 5 registers, 65K of virtual memory, a debugger, and will give you a good basic understanding of what is going on. The second book uses Intel X86 on Linux, and gives a solid foundation of the most used instructions. The third book is just good.

Other favorites of mine include "The Art of Debugging" by Norm Matloff (google for his excellent web page) and "Professional Assembly Language" by Richard Blum.

Have fun!

u/beardog108 · 10 pointsr/hacking

One thing good to learn is social engineering, as its one of the most common threats faced by basically everyone. If you learn how malicious social engineers think (and how they combine knowledge with tech based hacking), you can defend against them better. I enjoyed Unmasking the Social Engineer.

Also, if you're not experienced with low level systems, you should read The Art of Exploitation.

u/emtuls · 9 pointsr/netsec

Hey /u/Xerack! I'm the original author of the post linked here.

Appreciate the feedback! If you think I could clarify anything better, please let me know.

As far as resources for Reverse Engineering, I can provide you with a baseline that I would recommend starting with.

x86 Assembly:


If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.


A few good books would be:


  • Hacking: The Art of Exploitation I am a huge advocate for this book. I learned a lot from this and have read it multiple times. It is written very well and teaches someone with no experience how to do C programming and assembly. This is mainly a book for learning exploitation/vulnerability research, but that can play hand and hand with Reverse Engineering. It will show you the assembly language break down of basic exploits and this can help you with RE.

  • Practical Reverse Engineering I read through the beginning of this book and it gave me some good foundations of understanding memory and computer architecture for RE along with assembly of course

  • Secrets of Reverse Engineering This book is a bit in depth, but the beginning gives another good foundation for Comp Architecture and assembly stuff.

  • The IDA Pro Book Haven't personally read this book yet, but I have been told it is the defacto standard for learning IDA Pro, and it has examples you can learn from.

    Hands On:


  • Legend of Random Very useful hands on with tutorials. Mainly based on cracking, but that requires reverse engineering. Highly recommend this!

  • Lenas Tutorials Again, another awesome hands on tutorial, mostly based on cracking as well.

  • Crackmes These are more of challenges once you start to have a little understanding down

    Courses:

    Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:


  • Basic Dynamic Analysis
  • Real World Decompilation There are a few videos to this series and he disassembles a game, definitely nice to learn from.


    Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.
u/kgtx · 8 pointsr/lowlevel

OSDev - http://wiki.osdev.org/Main_Page

Kernel programming - http://stackoverflow.com/a/12818021

Books:

Hacking the Art of Exploitation - This is a fun book that has a lot to do with programming in C, exploring memory and disassembly.

Practical Reverse Engineering - this is a very informative and short book which is pretty close to the metal in regards to memory and all that but is strongly focused on its namesake so I wouldn't get it if it's not your thing.

LittleOS Book - like 76 pages on building your own OS (also free!).

u/SADISTICBLUE · 7 pointsr/Malware

+1 for mentioning malwareunicorns Reverse Engineering Malware 101 course. I'm pretty excited about starting that after I'm done with some Powershell stuff.

Books for: /u/Kreator333 and /u/curiousdoggo

C/C++:

  • The C Programming Language (2nd Edition) - K&R is fine for fundementals.

  • Pointers on C the sections on pointers are phenomenal. The author explains them in great depth with lots of examples.

  • TBH I haven't learned C++ yet but this definitive guide/list looks promising.

    Assembly/C:

  • Hacking The Art of Exploitation 2nd Edition. Mainly the chapter on programming which pretty much has everything you need. It can get you started with C and ASM and how they compare by stepping through examples using GDB, etc.. Read this if you really want to hit the ground running and then jump into those other books you mentioned OP.

    Also OP while your learning the basics here do as many examples as you can. Don't just read it and assume you know everything. For C you can try coding a bunch of classical ciphers and for ASM, debug the assembly of simple programs in gdb. (check out godbolt) or try coding a echo client/server in Nasm.
u/s3ddd · 6 pointsr/netsec

wartex8 mentioned it, but I can't speak about Hacking: The Art of Exploitation highly enough...

u/Murgolash · 6 pointsr/hacking

I may add the book.

Hacking: The Art of Exploitation

https://www.amazon.es/Hacking-2e-Exploitation-Jon-Erickson/dp/1593271441

u/BoobDetective · 5 pointsr/hacking

Buy it, read it, understand it. Skip nothing, and suck it in!

Good? Now go to town on Blowfish at www.smashthestack.org

u/Pardon_my_dyxlesia · 5 pointsr/hacking

I was personally recommended by my mentor Hacking: The Art of Exploitation, and The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Also some companions sent me some readings on index articles. I'm not so sure of the titles, but just browse around.

http://slav0nic.org.ua/static/books/

http://hackbbs.org/article/book/

u/khazarboy123 · 5 pointsr/CrusaderKings

Ok I actually understand this, because I took Computer Systems and had to read http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441. This is awesome.

u/twystoffer · 4 pointsr/HowToHack

Given your background as a programmer, I would recommend starting with SQL exploits. You need to have at least a working knowledge in how programs and script work, and it gives you the framework for understand how to be clever with the existing code logic and how to think outside the box.

If that ends up being too easy or once you get a good handle on that, take a look at metasploit and the exploit database associated with that. Rather than just using the exploits, look at the code and get an idea of how the individual exploits work (which are all the same on the base level: using logic in a creative way the original programmers didn't think of or intend).

As for books, I recommend This One as a primer. It's not exactly up to date, but the theory is sound (giving you a solid foundation on how exploits are made and the thought process behind them).

I really like This One for learning metasploit and getting a further understanding of exploit scripts.

And I just love This Book in general. Once you take a look, you'll see why.

u/eRIPlinuOusI · 4 pointsr/oscp

Plus one for violent python! Blackhat python is a similar book to violent python too that seems good.

If you're coming from a compsci background or have some C knowledge then "Hacking: The art of Exploitation" is a really good one. I found it pretty hard going not knowing absolutely anything, but revisiting it with what I know now, it really does cover a lot of great topics in really good detail. It's really good at explaining the why of things too, whereas a lot of other materials focus on the how it's done only.

u/grub5000 · 4 pointsr/hacking

This is a really good book that teaches about software exploitation.

It also includes some great stuff on networking, cryptography etc.

I'm ~70 pages in and it's been invaluable as just a programming resource (C + Assembly) and I haven't even got to the exploitation section yet.

I'd recommend checking the amazon preview of the contents page to see what else it contains. (Bonus, it comes with a linux livecd to help you replicate all the results in the book)

u/ForwardParticular · 4 pointsr/learnprogramming

I always liked reading this book. It explains low level concepts well without needing to have a computer in front of me. It definitely has some hands on material but the first 3 chapters or so are solid gold.

https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

u/junglist313 · 3 pointsr/netsec

Read Hacking: The Art of Exploitation


Honestly I could recommend this book for the programming section alone.

u/kcmattparker · 3 pointsr/hacking

http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441

This isn't a bad start. It's like ABC's and 123's. After going through this book, then you can begin more in-depth experimentation.

u/ndguardian · 3 pointsr/HowToHack

I know the book Hacking: The Art of Exploitation is often referenced as a book to take you from "I have a little experience" to being a little more comfortable with exploiting system vulnerabilities. Don't know if you have read it yet, but maybe it could help. Though this would likely be more for trying to compromise systems at the OS level rather than cracking specific applications, I imagine the same knowledge could be applied to either case.

u/Kijad · 3 pointsr/sysadmin

One of my favorite definitions of "hacker" comes from one of my favorite technical books - Hacking: The Art of Exploitation.

I just tell people I'm a hacker - it's appropriate if you do pentesting, sysadmin work, IT support, helpdesk, you name it. You run the risk of having people ask about your opinions on Snowden / Wikileaks / the NSA, but for the vast majority people just look mildly terrified and stop bothering you.

u/Smarticu5 · 3 pointsr/HowToHack

Mess around with various programs and operating systems. Learn to program, learn web development, learn scripting languages, learn databasing basics, learn about how networks and computer hardware works. When you have a basic knowledge of any of these areas, see if you actually like them. If you do, learn more of that area. Start to research more of that field, specifically revolving around security. And read. Seriously, find any book on security and read it. "The Art of Exploitation" is an amazing book with a great live CD full of exercises to get you started.

u/LearningHowToHack · 3 pointsr/hacking

This book is great

This youtube channel is also great.

And r/HowToHack

u/JWooferZ · 3 pointsr/netsecstudents

I don't get how you're in a masters program in cybersec without knowing how to code...

Anyway, if you are leaning towards pentesting/networks, https://www.amazon.ca/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441 as well as black hat python/violent python are what you want to start off, as well as a good book on networking book: https://www.amazon.ca/Computer-Networking-Top-Down-Approach-6th/dp/0132856204.

I'm actually confused about what the content of an msc program could be in cybersec if you don't already know how to code.

u/solid7 · 3 pointsr/learnprogramming

With regard to debugging, I would say the major hurdle for me was learning how to deeply inspect and interpret the contents in memory. It's pretty easy to step through a program and see what it's currently doing, but interpreting why it did something it wasn't supposed to do is more challenging. For me, this was a matter of repetitive "learn by doing".

To aid with this, I used gdb as a tool to reverse engineer and write a couple of keygen and serial-cracks for various freemium things randomly downloaded from the internet. This was purely for fun and not connected to my job past learning how to really use gdb. It's not as hard as you might think, though some familiarity with assembly helps. Despite looking like an early 90s bullshit interpretation of computers, this is actually a really great book if you're interested.

As far as testing is concerned, it's not something I had really encountered until my first professional programming job. Testing certainly wasn't taught to me in college. The basics of testing are pretty straight forward. What isn't so straight forward is the skill of writing testable code. It's actually pretty easy to code something up that seems to work but is utterly untestable for a variety of reasons. I think this is the major hurdle when it comes to testing, and a skill I work very hard to teach my junior peers. It just so happens to the case that testable code also tends to be decoupled maintainable code - which is beneficial for obvious reasons.

u/cluedit · 3 pointsr/computerscience

I really liked the chapter that teaches C in Hacking: The Art of Exploitation, second edition because it also goes over the assembled instructions your CPU is executing and that helps build an understanding of how memory corruption exploits work. Seeing as you're interested in security, that might be a useful path to take.

Note that modern operating systems and compilers have protection against these basic exploitation techniques so they won't work out of the box on a modern machine. You can disable those protections on just about any linux distribution and the book comes with a live linux cd.

u/ssingal05 · 3 pointsr/learnpython

https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

Incredibly good book that gets you started with the fundamentals. This is absolutely barebones fundamentals, and you'll cover a lot of shell scripting and just, in general, what is REALLY happening when someone is "hacking" something.

That is probably a little too low level compared to "cloud security". You could try picking up a CISSP book (don't bother taking the actual exam) and just studying that. Learning how data travels from your application to the OS to the network layer to bare metal onto another computer/machine and back up.

u/RFburnt · 3 pointsr/HowToHack

AoE - Hacking - Art of Exploitation

https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

Also AoE comes with a bootable environment (easy enough to VM). So really if you follow the book your asm should be exact. Follow as prescribed until you understand when you can deviate.

u/rainymonday512 · 3 pointsr/cscareerquestions

I've only taken an independent study in theoretical crypto, but I quite enjoyed Hacking: The Art of Exploitation. It starts from assembly and works up through buffer overflows, string format exploitations, and various payloads. Also has some crypto at the end. It's certainly not anything like network security, but it's interesting.

u/wat_waterson · 3 pointsr/netsec

+1 for Gray Hat Hacking, the new edition just came out and I haven't had a chance to pick it up yet. Gray Hat Hacking will teach you the fundamentals of writing exploits from scratch.

The sequel to Gray Hat Hacking would have to be Hacking: The Art of Exploitation

I tried starting at H:AOE and it was just too difficult. Picked up Gray Hat and everything made sense!

u/root_pentester · 3 pointsr/blackhat

No problem. I am by no means an expert in writing code or buffer overflows but I have written several myself and even found a few in the wild which was pretty cool. A lot of people want to jump right in to the fun stuff but find out rather quickly that they are missing the skills to perform those tasks. I always suggest to people to start from the ground up when learning to do anything like this. Before going into buffer overflows you need to learn assembly language. Yes, it can be excellent sleep material but it is certainly a must. Once you get an understand of assembly you should learn basic C++. You don't have to be an expert or even intermediate level just learn the basics of it and be familiar with it. The same goes for assembly. Once you get that writing things like shellcode should be no problem. I'll send you some links for a few books I found very helpful. I own these myself and it helped me tremendously.

Jumping into C++: Alex Allain

Write Great Code: Volume1 Understanding the Machine

Write Great Code: Volume2 Thinking Low-Level, Writing High Level

Reversing: Secrets of Reverse Engineering

Hacking: The Art of Exploitation I used this for an IT Security college course. Professor taught us using this book.

The Shellcoders Handbook This book covers EVERYTHING you need to know about shellcodes and is filled with lots of tips and tricks. I use mostly shells from metasploit to plug in but this goes really deep.

.

If you have a strong foundation of knowledge and know the material from the ground-up you will be very successful in the future.

One more thing, I recently took and passed the course from Offensive Security to get my OSCP (Offensive Security Certified Professional). I learned more from that class than years in school. It was worth every penny spent on it. You get to VPN in their lab and run your tools using Kali Linux against a LOT of machines ranging from Windows to Linux and find real vulnerabilities of all kinds. They have training videos that you follow along with and a PDF that teaches you all the knowledge you need to be a pentester. Going in I only had my CEH from eccouncil and felt no where close to being a pentester. After this course I knew I was ready. At the end you take a 24-long test to pass. No questions or anything just hands on hacking. You have 24 hrs to hack into a number of machines and then another 24 hours to write a real pentest report like you would give a client. You even write your own buffer overflow in the course and they walk you through step by step in a very clear way. The course may seem a bit pricey but I got to say it was really worth it. http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

u/cquick97 · 3 pointsr/AskNetsec

Depends on what you want to learn.

Web Application Security?

Exploit Development?

"Pentesting" techniques?

Also check here for tons other of resources.

As for certs, if you are a beginner beginner, then probably stuff like Security+ and Network+. Unlike the guy behind me, I will never get, nor do I really recommend CISSP, unless you are going for strictly blue team (defense) work. I personally enjoy red team (pentesting, etc), so something like OSCP would be more useful.

Like I said in a post above, feel free to PM me with questions. I'm always happy to help others on their quest to learn more about the wide world of infosec :)

u/anarchman · 2 pointsr/economy

Please get cracking then, the only thing stopping you is yourself.

Start here: Hacking Book

Then here is the IP for where imf.org is hosted: 204.180.229.21

u/tophatmcbabs · 2 pointsr/computerscience

I feel like you're going to learn quite a bit in the course of your degree; however, if you can't wait... I'd recommend this book called Hacking: The Art of Exploitation. The first 70 or so pages are a primer in programming in C. The book then goes into exploit techniques, networking (starting with the OSI model and then going into topics such as sockets, network sniffing, denial of service, port scanning), shell code, countermeasures, and it ends with cryptology.

check it out:
https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_1?ie=UTF8&qid=1526161967&sr=8-1&keywords=hacking+the+art+of+exploitation

keep in mind: this isn't easy, light reading. you will need to work your way sometimes pretty slowly to get a handle on it. so don't be discouraged. reading dense material is a great skill to have, though, and will surely help you in your studies. although, seeing as how you worked your way through a c++ book, you're probably already pretty good at it.

u/TailSpinBowler · 2 pointsr/netsecstudents

What kind of coding, and what are you interested in regarding security exactly? I would brush up on some python personally.

If you are inclined to read, I think the following are essential.

u/one_way_trigger · 2 pointsr/learnprogramming

Hacking: The Art of Exploitation is really inexpensive on Amazon in hard copy. Beautiful Code is also on par with the ebook on their site. I'm not entirely sure how the program works, but someone further down mentioned being able to register a hard copy that was purchased and get the ebook for $5. Probably worth looking into!

u/commentsurfer · 2 pointsr/HowToHack

Learn about computer programming, networking and Linux. I recommend this book: Hacking: The art of exploitation

u/Kristler · 2 pointsr/learnprogramming

I've broken down each of your examples into what I suggest you research in order to create the program. I'm using Python as the language of focus.

Stock Screener:

  • Learn urllib2 (Programming web interface)

  • Beautifulsoup (HTML/XML scraper)

  • pygtk (Graphical interface)

  • Math related to stocks.

    Currency Converter:

  • Learn JSON (A format for storing information, similar to XML)

  • Learn pygtk (Graphical interface)

  • Learn sorting algorithms and math related to currency conversion

  • OPTIONALLY: The web stuff above (urllib2, Beautifulsoup) if you want to take updated currency rates off the internet

    Pen-testing Station:

  • Read Hacking: The art of exploitation, which is arguably the best book out there for hacking related information. In order to build a proper station you must first understand what it is you're doing.
u/flym4n · 2 pointsr/jailbreak

Grab this http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441/, read it, then play with the debugger and IDA.

u/sanitybit · 2 pointsr/netsec
u/t3hcoolness · 2 pointsr/HowToHack

Nmap specifically, I have these three:

u/a4qbfb · 2 pointsr/C_Programming

> BTW, this example is garbage for several reasons and it probably means the book is terrible and should be used as a doorstop.

The code seems to come from Hacking: The Art of Exploitation.

u/lewandowskid · 2 pointsr/hacking

"Hacking the art of exploitation" is a book by Jon Erikson

http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

It is published by a company called No Starch Press.

They are an amazing publisher and certainly know how to throw a party too!

Went to their party at DEFCON last year and had a blast.

u/Nauscar · 2 pointsr/gaming

Try checking out Hacking: The Art of Exploitation. In my opinion, it has one of the best overviews of the C language (first chapter) and security is a very relevant application of x86 Assembly knowledge. Plus each concept is interactive.

Might be a heavy read, but if you make sure you learn each concept before moving forward it is very rewarding! Hope this helps :)

u/torie_anal_gerbiler · 2 pointsr/explainlikeimfive

An example might be something like a search box, which takes the terms you enter and runs them through a function on the backend to query a database. When a programmer doesn't sanitize input (that is remove special characters) it leaves the possibility that you can reformat the query string and select the data you want returned from the database.

Here is an article that explains how this is done

On the other-side of the coin, are buffer overflow and remote execution exploits. Most of the time, this is going to involve loading a binary in a debugger and setting breakpoints, examining registers and memory locations etc. The goal here is to be able to write certain instructions to memory and get the execution pointer to that memory.. it's much harder than SQL injection.

To do that, you need to understand assembly language, machine code, how instructions are encoded, how memory is stored on big-endian vs little endian.

You should read Hacking: The Art of Exploitation

u/eagle2120 · 2 pointsr/ITCareerQuestions

I’ve been working on this for a while, so I might as well drop it here. It should provide an authoritative answer for “How do I get started in CyberSecurity”

Before I get started, there are a few things I need to explain about cybersecurity - There are a ton of different areas of “CyberSecurity”.

This post is specifically catered around the core concepts of cybersecurity.

The most basic thing you need to understand about cybersecurity: It revolves around stuff communicating with other stuff. Anything from side-channel attacks to large-scale DDoS’ - stuff is insecure because stuff communicates with other stuff. Communication can be hard understand and even harder to define (let alone secure). I know this is a very vague statement, but it’s one of the core, fundamental concepts of cybersecurity.

The second most basic thing about cybersecurity you need to understand - “hacking” (I hate that word) as it’s known is not some bond-villain type activity. It’s intentionally mis-using something that already exists in a way that introduces a security flaw into the environment. Sometimes the right circumstances line up and this flaw can be leveraged into something, but sometimes it can’t.

I split up my resources into offensive-based and defensive-based because it’s important for you to understand that while each of these groups are individually important, each knowledge area is not as effective without the an understanding of the other one.

One other thing to note - Certifications are great, but you need to de-couple the idea that certifications=knowledge/skills in this field. There are certainly certifications that break out of that mold, but for the most part, this holds true. I’ve ordered them in the order in which I used/learned with these resources, so you can follow-along directly in order (if you want to). I learned offense first, so that’s the way I’m laying it out here.


Offensive-Based:


I started my career in InfoSec by studying for the most basic, foundational certification: The Security+. This is the best beginner-level cert that says “I know something about security.”

I learned by going through Professor Messer’s entire course, and I felt pretty ready after I went through it all. Here’s the link to his Sec+ course

Now, lets get into some practical stuff. OverTheWire. These are war-games, or CTF’s - challenges designed to test your practical ability in security, but also designed to help you learn new things. CTF’s are the absolute best way I’ve found to learn security. Here’s the link to OverTheWire in case Google is down. If you get stuck, here are some helpful write-up’s.

Do them in this order:

  • Bandit
  • Leviathan
  • Natas
  • Narnia.

    At this point, you should be set to start with the books and Hacking Labs.

  • Penetration Testing (Book, Follow-along labs)


  • Hacking, the Art of Exploitation (2nd Edition, Book, follow-along labs)


    At this point, I’d recommend going for another certification - CEH. Once you have the CEH, you’re ready to move into more practical-based certifications. Here's what I used to learn and practice the CEH:

    Now, lets get into some more practical exploitation. PentesterLabs focuses a bit more on WebApp stuff, but I’ve found its the best intro-environment (as it is relatively scripted scenarios, and you don’t have to do as much recon). They're fairly explanatory, and will walk you through the solution if you get stuck.

  • PentesterLabs


    Next, lets get into HackTheBox (Exploitable virtual machines, ranging in difficulty. You’re going in mostly blind here, so you have to do your own recon and enumeration): HackTheBox

    Here are some helpful write-ups (Written Explanations):

  • GitHub

  • 0xRick Webiste

    Also, there’s some super awesome video explanations by IppSec


    After you get through most of these, you should be set to start on your OSCP. The OSCP contains a course (Penetration Testing with Kali), a lab environment (~50-60 vulnerable boxes), and a practical lab test at the end. OSCP

    After you’ve completed the OSCP, then you have enough knowledge to continue directly down the cert path, and the courses (in combination with the certs) put out by Offensive Security contain enough good content to where you don’t have to study other resources. The certification path from here on out splits into two different areas: Technical, and management.

  • Technical:
    • OSCE (OSCP 2, basically)
    • OSWE (OSCP but for web exploitation)
    • OSEE (OSCP 3, really fucking hard).

      If you’re at this point, getting past the OSEE, you can pretty much walk into any offensive-based job, slap you’re cert on the table, and they’ll hire you. You don’t need my help anymore here.

      Now, here's the management path:

  • Management:
    • CISSP
    • PMP
    • MBA

      Having the technical background of the OSCP, plus a CISSP, PMP, and MBA would create an extremely potent executive - one who can understand the technical details and risk, and who then could translate that into verbiage that other executives could understand.


      So, you’re overall standard security offensive certification path should look something like:

  • Security+
  • CEH
  • OSCP
  • OSCE
  • OSWE
  • OSEE

    OR

  • Security+
  • CEH
  • OSCP
  • CISSP
  • PMP
  • MBA

    Now, for the Defensive-based side.
u/nom-de-reddit · 2 pointsr/software

If you're interested in learning more about how exploits are developed, I suggest this nook as a good primer...

http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441

u/Kimput · 2 pointsr/HowToHack

Would be great if you could explain what it is you actually want to be learning. Are we talking about hacking webapps? IoT-devices? Network hacking?

I think The Art of Exploitation is a great book. Gives you a good idea of the low level stuffz you would need to know if you wish to break into hacking!

u/Demonicat · 2 pointsr/cybersecurity

Ok. That is very different than most US schools. You're probably going to need to work hard for that one. I would also suggest the Art of Exploitation to brush up on your advanced programming skills https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441. I would also get an account at packt (the free one) and check daily for the free book.

u/kimchi_station · 2 pointsr/netsecstudents

So this is aimed at people in a cyber security degree? What kind of knowledge do they have?

> using all the tools of kali

Pleaseeee no. There are hundreds of programs and scripts in Kali, it would not be feasible to learn and remember them all. Off the top of my head what I would do is:

  • Have people do some of the starter wargames at overthewire so they are familiar with the linux command line. Maybe even make this a requirement to participate so you know that people are committed and have a base level of knowledge.

  • Read write-ups on attacks and attackers, here is a good one by Mandiant<--(PDF link)

  • Culture. I feel like this is one of the most neglected fields in cyber security. Read some phrack.

  • Split people into teams to work on projects so that they have experience working together.

  • Find some old CTFs or images on Vulnhub. See if you can register for some CTFs, looks great on a resume.

  • Learn about sql and sql injection.

  • Learn python, take a look at violent python or Grey Hat Python and Black Hat Python for more advanced stuff. There is also Hacking Secret Ciphers with Python for more of a crypto angle.

  • linux, linux, linux. feel at home in the terminal and be able to script bash.

  • Going over basic tools like nmap, aircrack-ng (airmon-ng, etc.), sqlmap, hydra, hashcat, metasploit, etc. Make whole day labs that use just one tool, You could maybe find an easy Vulnhub image or use Metasploitable to practice these.

  • Make sure everyone has a github and populates it with stuff they create in this class. Incorporate it into your class so you got people forking and contributing to other members/teams projects.

  • Look over books like The Hacker Playbook, Hacking, the Art of Exploitation, and so on for more ideas.

  • Maybe most importantly, have the students teach. I'm sure there are people in there who specialize in one tool or subject. Have them design and lead a lesson/lab/activity. The best way to solidify and expand on what you know is to teach it.
u/LinuxStreetFighter · 2 pointsr/netsecstudents

>Examples of projects I have completed: Coded a basic Linux kernel from the ground up for x86 machines, Working on a basic IRC botnet coded in Python, I have experience in Snort rules and have written Python scripts for log parsing. I have used Wire shark for packet sniffing etc, experience in using IDA for disassembling code for CTFs.

Why on earth would you pursue Sec+ and CISSP if you have experience in those things?

Build a Malware Lab, dude. Check out Practical Malware Analysis and The Art of Memory Forensics. With your experience you could probably wreck those over the summer.

If you want an old school, but relevant (more Red Teamer), you could check out Hacking: The Art of Exploitation and The Shellcoder's Handbook.

Practical Malware Analysis

The Art of Memory Forensics

Hacking

Shellcoder's Handbook


Malware Analyst's Cookbook

u/NotMyWomen · 2 pointsr/HowToHack

https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_1?ie=UTF8&qid=1510638128&sr=8-1&keywords=hacking+the+art+of+exploitation

This is a very good book overall, but it helps to have a background in Networking.

I’m CompTIA A+ and Network+ certified and finishing a 2 year CS program and Im still learning.

u/PM_ME_UR_DICK_PICS__ · 2 pointsr/jailbreak

Just learning a couple of languages won't do if your only concern is learning how to exploit. Learning how operating systems work is equally important if not more, though learning a programming language is an obvious first step.

  • Start with C then C++ and finally Objective-C. If learning C seems boring/hard take a look at Python first as you'll need it anyway for scripting.

  • Then you'll have to learn ARM/ARM64 to reverse engineer stuff.

    Now, I don't know if these are absolutely necessary but they are helpful anyway.

  • Learn and use Linux/BSD the hard way™, using OS X or Windows won't get you too far IMO (I'd actually include easy distros like Ubuntu into that category). Though OS X is almost a necessity to know how iOS works and interact with it, also important since the two have so much in common.

  • You can buy a book to get a general knowledge about binary exploitation, for that you can use this. It's outdated now so I don't know the current state of affairs, you can substitute it for a more modern book.

  • You'll have to get an iOS specific book. Though again it's outdated.

  • Take a look at these tools. Libimobiledevice is awesome

  • After all that you can use some Wargames/CTFs for practicing your skills, e.g http://overthewire.org, http://wechall.net, http://io.smashthestack.org, https://exploit-exercises.com. Though you can ignore this step I guess

  • Start from old iOS, iOS 4 or 5 seem sweet spot.

    Also check out http://winocm.moe/research/2013/09/20/resources-for-getting-started/, I might have repeated what she said.
    https://www.theiphonewiki.com/wiki/Up_to_Speed is also useful. However The iPhone Wiki again, is outdated.
u/samrjack · 2 pointsr/ProgrammingLanguages

I would say go with whatever your computer uses so that you can follow along (unless your computer uses something really obsucre).

As for books, I can only really recommend the places I learned X86 from which would be Hacking: the art of exploitation since it puts assembly the context you'll find it most often (looking through assembled code) so you learn many useful tools along the way. Also the textbook I had in college (you can find it cheaper if you look around) which covers many other topics too relating to computer memory and whatnot.

Though for just learning some basic assembly, look for some simple resources online. It's not too hard to learn generally speaking so you should be fine.

u/haxcess · 1 pointr/ccna

I remember this text: http://amzn.com/0123742684

And for the programming side of things:

u/ImASoftwareEngineer · 1 pointr/crypto

No, "THAN in Python". As in it takes longer in C :P

Here's the book: http://amzn.com/1593271441 and yeah, using C definitely places you closer to the bytes, right before assembly. In fact, the book makes you go through the assembly for some programs you write.

u/IAmNotAnElephant · 1 pointr/linux4noobs

No problem dude, I was doing the same. I've been reading through this book:

http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441/ref=pd_sim_b_2

which I'm liking pretty well. It also goes into linux environment stuff and takes you through several examples on a sample cd. The auther basically wrote a bunch of C programs and takes you through why they do/don't have vulnerabilities and how to exploit them. And all the code works, so far. The disc is actually a linux live cd with his scripts, that I boot up in a vm. I prefer virtual box, but it's really just a matter of opinion.

u/Ted_From_Accounting · 1 pointr/HowToHack

This book is a good starting point, I can't stress enough how important it is to learn the fundementals and mindset before actually learning techniques, this book will teach you the thought process to ask the right questions....

http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441/ref=sr_1_1?ie=UTF8&qid=1348231729&sr=8-1&keywords=hacking

u/infosecguy · 1 pointr/IAmA

This is a throwaway account. I will use it for a little while in case anything else percolates up from this. If you can get even a secret clearance without a lot of trouble that will open a vast array of doors to you. A clearance is a very expensive thing to obtain for most people. You almost always have to be sponsored for it by a large corporation that can afford the cost.

I would just say you should learn the general tools. For those interested in getting into the network security field give the latest incarnation of hacking exposed a good read, try all of those tools and be familiar with the underlying purpose of each of those tools. That book will cover a lot of tools. You may also check out: http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=pd_sim_b_1 (non affiliate link) as it covers some topics in pretty good depth.

Your degree in security will definitely help you get into the field. A clearance will only increase the chance you have a job out of college. The CISSP is good for broad coverage... but it is a very easy test to game. The security field does have a wide swath of disciplines from the very business and management oriented policy and risk assessment fields to the incredibly technical vulnerability and exploitation research fields and many points in between (or for a consultant multiple of those points at the same time).


Know the tools of the trade (check out Backtrack 3/4). Understand how to actually evaluate the risk of technical vulnerabilities. Learn what risk really is. Don't be afraid of getting your hands dirty. And decide if you want to go down a more technical or management track and learn appropriately. The management track will involve you learning to do more policy and audit oriented assessments (being a CPA can't hurt here for your long term business goals) or jump into the technical side and go as far down the rabbit hole of technical knowledge as you can. Either way you go I strongly recommend that you have a good understanding of the other side of the fence as they are both sides of the same coin.

u/FallsUpStairs · 1 pointr/IAmA

I've heard that Hacking: The Art of Exploitation has become dated (lack of real information on basic concepts like ASLR, etc.); is there a better source for someone just getting started in information security or is it still worth reading?

Additionally, do you have any suggestions for practical experience? For example, Microcorruption seems to be a great resource for getting used to debugging/ASM.

u/misconfig_exe · 1 pointr/HowToHack

The intro to the book doesn't get technical.

See here: https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441#reader_1593271441

On the left side, click Table of Contents, then click Introduction

u/InfinitelyManic · 1 pointr/Assembly_language

This is a good book. Focus is 32-bit x86. Includes C and Assembly.
https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441
I know your target may be MIPS; however, the principals are good as a foundation.

u/PicklesInParadise · 1 pointr/learnprogramming

I haven't read it in years, but I remember The C Programming Language being very useful.

If you want to learn more about the low level details of how computers work in general, I own the following books and recommend them:

---

u/SirNeon · 1 pointr/programming

I wouldn't take those responses too seriously. K&R is like the holy bible of the C community and Zed Shaw said mean things about it while being, well, Zed Shaw (read: a dick). So naturally they're jumping on the opportunity to shit on him and his book. When I first read Hentenaar's blog post I just kinda rolled my eyes since it was pretty obvious he saw that K&R critique, got irked by it, and then skimmed the alpha (or beta version - I honestly forget which but LCTHW was a WIP at the time) version of Zed's book while cranking the nitpicky pedantry up to 11 trying to find things to criticize.

LCTHW is by no means perfect, but it's a completely acceptable resource to learn C programming. Try picking up the finished version though; the one online seems to be the beta version still. The Art of Exploitation is another good read I'd recommend; it'll teach you how to exploit insecure C code.

Of course, you could always just read both K&R and LCTHW and decide for yourself which is better.

u/xzieus · 1 pointr/uvic

At UVic, I think there are security specializations for degrees such as the MTIS or the Computer Science Options (such as Network Security -- although I did the Software Engineering option for C.Sc. in my undergrad)

I focused on taking classes, but I did a LOT of my own (legal) research/projects. That "legal" caveat is IMPORTANT. Don't get arrested for a hobby, it doesn't achieve your goal, and it's not worth it. Do things the right way, don't trespass or break the law.

Most of the government cyber defense jobs are in Ontario -- so expect to have to move there if you want to work with them. I hear there are ... "sites" ... elsewhere, but realistically you would have to "do your time" there before anything like that became available.

Business and Finance classes are always a good idea -- not just for business but personal benefit. My wife is an accountant and those skills are really helpful to have for our daily/monthly/etc finances.

Advice

  • You have to "shoot straight" when it comes to security. Gone are the days where someone hacks the FBI and they offer him a job. Now they just arrest you and you stay there. It makes sense, why incentivise it. Don't do something that might even be construed as illegal. (With that being said, there is an argument to be made for making security education too "academic" and forgetting that people actually have to work on practical aspects -- this is outside the scope of this conversation though)
  • There are plenty of projects such as OWASP Broken Web App, classes like Elec 567 at UVic, or just learn how to make your own VMs and attack them locally (the best route -- then you can control what's installed, with a fine-tooth comb) -- this also helps test new patches, etc to see if the software is vulnerable.
  • Read. Lots. Subscribe to blogs, order books (I am partial to books such as Hacking: The Art of Exploitation (Pretty low level, but helps you understand what is going on under the hood), and Violent Python (more of a cookbook / handbook)), and read up on security news. Rule of thumb: Read at least 2 new security books every year (at a minimum) -- It gets easy when you have a dedicated app for security podcasts, RSS feeds, and you keep a book or two with you all the time.
  • When interviewing for government security jobs, don't lie to them. If they asked you if you have smoked pot, tell them if you did. They are looking for truthfulness.
  • Look at open source projects where you can contribute (general coding advice, but it helps). It doesn't have to be the Linux kernel, just work on something that isn't an assignment/project from school.
  • Learn who the big players are in security -- Like everything on the internet, there is lots of talk. Find the people who actually know what they are talking about and listen to them. Take EVERYTHING (including this post) with a grain of salt! The classic motto is "Trust but verify". This applies to everything. The security industry is ... interesting ... Think of it as a cross between the mafia (Pay us for protection ... or else), "tinfoil hattiness" (Comes with the territory -- you see a lot more than the average person, so it skews your view on certain subjects... not all of which you can even talk about), and the classic balance between privacy and security (ranges from surveillance state and anarchy) ... Politics play a HUGE part.
  • Always be learning. Show this to prospective employers. Don't just talk, do.


    Sorry, this turned into a bit of an essay. I'm just one opinion out there, but hopefully you get something out of this. As always, "trust but verify".

    [edit: a word]
u/AZXXZAZXQ · 1 pointr/AskNetsec

How useful do you think books like these to be?

https://www.amazon.com/d/Books/Black-Hat-Python-Programming-Pentesters/1593275900


https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

I just finished up a mini project in python and am looking for something else to do (other than learning C and another text on data structures). These books seem to be more about pen testing so I'm not sure it's really relevant.

u/Everene_Jinx · 1 pointr/learnprogramming

If you're interested in Computer Security I'd recommend learning the C programming language.

A really good book that includes some information on C and Computer Security is Hacking: The Art of Exploitation by Jon Erickson.

u/JustAnothaHacker · 1 pointr/hacking

Wow, it's really encouraging to see people new to hacking actually following the right path. Far too many people disassociate hacking with what it truly is, but you're not one of them; I see that you've got your answer already, but l feel it's necessary to keep pushing you in the right direction. Good luck in your endeavours :)


Some neat resources for someone interested in Binary Exploitation:

Smash The Stack


And a few books:

Hacking: The Art of Exploitation

The Shellcoders Handbook


I've got both of these books and a few on ASM, so I can vouch for them (as can their reviews and ratings).

Happy Hacking

u/OSPFv3 · 1 pointr/linuxquestions

You could use the disc that comes with this.

https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

Debian or Ubuntu LTS is fine.

Learning to program on Linux would be helpful.

Edit: worth mentioning that Ubuntu is based on Debian.

u/aur_work · 1 pointr/hacking

Start here.

u/exbobsmog · 1 pointr/IAmA

Hi! You could think of it like a car:
if PressingOnGas = true {
increase speed
}

If TooMuchTraffic {

change to route
}
i would recommend reading a book on programming, they look thick and boring but you dont need to read the whole thing, watch videos online to help, read others code. Theres a website called code academy to help thats free. https://www.amazon.com/Hacking-Art-Exploitation-2nd-Erickson/dp/1593271441 the beginning of this book talks all about programming and is awesome

u/Blackninja543 · 1 pointr/hacking

If you are interested in learning technquies and want to pratice in a safe and secure environenment I would suggest the use of VMWare. This allows you to install operating systems on virtual machines that work just like standard computers. From there I would suggest use Backtrack 4/5 and start looking at some of the tools pre-installed. VMware also has the added advantage of being able to handle multiple types of networks at the same time. This includes Bridged(the network on the guest OS appears on your Lan), NAT(This acts like a system behind a router requiring port forwarding and other techniques), and Host-Only.

There is also a book I really enjoyed on some of the finer points of hacking called Hacking: The Art of Exploitation. I feel this book does a great job in teaching the concepts behind buffer-overflows, memory mapping, networking, and cryptography.

As far as hacking into particular operating systems, Windows XP SP0 is vulnerable to MS08_067, so if you can manage to obtain an early version of XP. Metasploit which is built into Backtrack has this exploit already loaded.

VMs are the best way to go btw. What are the specs of the system you tried it on?

u/thestapler42 · 1 pointr/hacking

Web applications hacker hand book is the best book I've read on web application security. Goes very in depth in the types of exploits in web applications, how to exploit them, what to use, and how to prevent them. If you have atleast a basic understanding of programming and are willing to read and understand this book (~1000 pages) you'll get up to speed pretty quick.

Here's the book:
https://g.co/kgs/upO3q

Edit: Not as focused on web applications but in my opinion another top contender:
Hacking: The Art of Exploitation, 2nd Edition https://www.amazon.com/dp/1593271441/ref=cm_sw_r_cp_api_zuDpxbSFKDHB1

u/ThePaternalOverseer · 1 pointr/Philippines

Di ko maia-upload lahat ng books kasi around 7gb sya. :( Though yeah may mga mega bundles ng IT books online gaya ng sabi nung isang reply.

Well anyway, if you're into those books, I recommend The Art of Deception by Mitnick and Simon (si Steve Wozniak nag-foreword sa book na 'to haha) tsaka The Art of Exploitation. Di ko tanda kung meron ako nung books pero afaik may mga online pdf copies naman. Happy reading! :D

u/Makhann82 · 1 pointr/netsecstudents

Are you referring to this book;

http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

I see in the description that it says it's not a big deal if you don't know programming. Do you find this to be true?

I've also had

http://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

Recommended to me. The description talks about html etc. do you need to know these languages before you dive into these book? Or is it more like they teach you just what you need to know about a specific language / vulnerability inside of a language/piece of code.

Thanks

u/alpertek · 1 pointr/computerscience

I think Hacking: The Art of Exploitation is a great book worth reading: https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/

u/--aceOfSpades-- · 1 pointr/HowToHack

Continue to learn python and c outside of school, go into more depth. May not be what your looking for but try reading hacking the art of exploitation and depending on your current knowledge of python violent python may be good for you.

u/xxzexx · 0 pointsr/hacking

Your welcome.
as you i also like the subject.

i found this books to be a good reading:

http://www.amazon.com/The-Hacker-Playbook-Practical-Penetration/dp/1494932636/ref=pd_bxgy_b_img_y

http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_13?s=books&ie=UTF8&qid=1413800973&sr=1-13&keywords=hackers+play

Have a look at this linux distribution
http://www.kali.org/

Is made for pentesting, it might give u a idea of things and in youtube u will find good tutorials about the tools that come with it.

Have fun

u/aerodynamix · 0 pointsr/hacking

I'm always advocating hak5.org for newbies on here. Though I'd also toss in this: http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_1?ie=UTF8&qid=1324017233&sr=8-1

One thing to remember as you're getting started: don't expect to become a 1337 hax0r in one tutorial or over a few days. It's going to take time, effort, and lots of reading.

u/jklmnb · -1 pointsr/netsec

start here, continue here, report back in two months.