(Part 2) Best products from r/HowToHack

Well if you have no experience with programming I would recommend the Gentoomen library to get some free books to help you learn. The Gentoomen library is the biggest compilation of computer books I've ever seen. Thousands of individual books totaling almost 40 gigs and totally legal (I think... its been around for six years and its still up so...). Everything you'll ever need to start programming from electrical engineering to calculus to c++ to networking is on there. You can find more books on google using filetype:pdf, or on torrent sites (if you're serious about hacking you cant be expected to buy your own ebooks.) Unless you want to end up being a script kiddie then you're gonna want to have a very solid grip on how computers work and how to program one. After that you can learn techniques on sql injection or DDOS or whatever you want to use.

I would start learning C languages first. C languages are the basis of computer languages, every programmer has to have some experience with them. C languages are what you called 'compiled', which means they get put into binary instead of being saved as a text file and decoded by the computer. Not to mention C++ is probably the most powerful language there is even though some may disagree with me. Its height was in the 80s and 90s, but its still a crucial part of understanding software and how it works. Once you've familiarized yourself with C languages you'll want to learn other crucial languages like Java, Javascript, PHP, SQL, maybe python.

Once you've learned to swing a sword you can learn some tactics. You can write 17-line keyloggers, build ghetto phiser websites, 'lulz' viruses that just bug people; built mainly to see how many computers you can infect. You can learn how to evade antiviruses, replicate and distribute your virus, and transfer it through emails or LAN. Don't try anything stupid until you've gotten familiar. The important thing here is to use your VPN to secure your anonymity and not get fined (chances are pretty slim you'll actually get imprisoned) which I'll explain later

Two things you're gonna NEED; Linux, and a VPN. Linux is what you call 'open source' meaning it has no corporate ties, and you can mold the software in any way you want. It also has no monotized executable like windows' 'exe' file. You can run any script you want as long as its marked as executable in the preferences in linux. Ideally you'd want to get familiar with Kali which was built for 'pentesting' or hacking, but more realistically, if you've never used linux before, you'll want to start with Ubuntu or Mint which are more beginner type OSs. You can read books on linux or watch videos. The important thing here is to not get discouraged by its foreign nature. When I started using linux I had no idea what was even going on, but now I'm a liscenced terminal ninja, I have to liscence my keyboard as a legal weapon. You don't need a bulky computer to learn linux either. You can just buy a $25 raspberry pi off of amazon. They're meant to familiarize people with programming with minimal costs. There are serveral models ranging from $15 to $35, I'll leave the choice up to you. You can also just install linux on a windows/mac machine for free. Some linux operating systems are corporate like redhat or suse, but you don't need to worry about those. For all intents and purposes in your case, linux is entirely free unless you want to donate. Windows 8 does this thing called 'secure boot' to try to disable deadly viruses that deploy before the operating system. So you have to do a bunch of things to run the live usb (a live usb is basically an install CD on a usb drive) before the operating system boots.

Now for a VPN. When you browse the web your computer sends requests to your router, the router then relays the signal to the hardline to your ISP, which requests data from the server and runs the process back until your webpage shows up on your screen. The problem with this lies within its transparency. You can get what's called a VPN or "Virtual Private Network." What happens when you're connected to a VPN is your computer sends an encrypted information through your ISP to the VPN server wherever that is. The servers then un-encrypt the information and get the data from the actual servers such as reddit.com. Once the VPN obtains all the necessary information for the webpage or download it encrypts the information and sends it back to your computer where its un-encrypted locally. This way anyone including government or your ISP has no idea what to make of the encrypted mess that they log on their comptuers. Now, you can get free VPNs, but they're not a good idea. They may log their traffic which counteracts the point, and they're known for infecting computers (not good). I use private internet access. You can get access to their network for 3.99 to 6.99 a month depending on if you pay month to month or yearly. The important thing with them is a; they're the cheapest (good) VPN and b; they don't log their traffic. They're also fast. Most VPNs will slow you down, but pia is very fast, I cant seem to notice a difference in internet speed between unencrypted connection and an opneVPN connection on my desktop.

Really you shouldn't need to spend much money much less $600. If all you buy is a raspberry pi and a few months of VPN services you'll only get run up about $40. If you have a computer you're pretty much good. You could learn to hack on a school supplied laptop. You don't need a water cooled, overclocked, 12 core, 3 GPU, lit up like a christmas tree PC in order to learn to program. Any computer made in this decade will be more than fast enough to process the kind of things you'll be executing, hell, you could run this stuff on your phone.

When you've learned to program, I would consider investing in a good computer. But if you have no experience with computers at all then you should really try to get around the stuff first and see if you even like it. Hacking isn't exactly typing green text at 300 wpm as I'm sure you know. It can get pretty boring in my experience albeit with rewarding outcomes at times. Oh, and don't go dicking around until you at least know how to not get caught. Once you've got a solid grip on this stuff there are various ways to reap the fruits of your labor. You can get email addresses and sell them in bulk (im talking millions at a time), harvest bank accounts and sell them on the dark web, make adware and get paid to put ads in your virus, there are even hire-a-hacker services on the deep web. The one thing you do NOT want to do is break into bank accounts unless you REALLY know how to a; hack and b; launder money and c; not get fucking caught. This is some pretty shady shit and this is one of the few things that can get you locked up.

tl;dr Download this, read it, get Linux,, and make sure you have a computer to run it on, secure your anonymity with a VPN, read the books and learn to program, after that you can experiment with small scale, harmless operations and work your way up to some pretty shady shit. I hope that was helpful it took me forever to type.

So... I would recommend a laptop that you can dock and can do some virtualization.

http://www.overstock.com/Electronics/Dell-Latitude-E6420-Intel-Core-i7-2.7GHz-256GB-SSD-14-inch-HDMI-Laptop/9444363/product.html?refccid=47LBAHF2LWNL7K2O36TPNSKXOY&searchidx=6

You can upgrade the memory to 16Gb and then get a port relicator for multimonitor setup.

http://www.overstock.com/Electronics/Dell-IMSourcing-NEW-F-S-430-3114-Port-Replicator/9048000/product.html?refccid=5XI2HQKY4AW3H2KC6MHEQQND6I&searchidx=0
I recommend this one because it has 2 DVI ports, vga, hdmi, dsub, 5 usb (2 back, 3 side), and basically everything you need in a port replicator.

Those particular laptops come with a 256GB SSD (Samsung, Seagate, or some other vendor, just depends but I've found most use Samsung and Seagate).

You can get 16GB kit would should be plenty for most virtualization and the 2.7GHz has hyper threading as well.

Wireless is I think the Intel 7620-AC Dual band but there is an additonal slot for a secondary card. (I think there is actually 3 slots total but only enough wires for 2 cards).

Network is 10/100/1000



You're going to be hard to find a better laptop with all that for cheaper. Brand new these things run around 1200 - 1500 depending.

Now the only thing that really bugs me when buying those is it's going to be a grab bag on whether you get a 9w (extended battery) or not.

If you don't get a 9w battery then I'd recommend picking one up.

The monitors and everything else is up to you but that would be my recommendation for what you're looking for.

Edit: Forgot these are also super easy to take apart. 7 screws on the back and the panel comes off super easy.

Edit 2: Also, because those sell out, make sure if you go on overstock that the processor is the 2.7ghz i7 if you want to do virtualization.

Also here is the specs on the processor that come with it.

http://ark.intel.com/products/52231/Intel-Core-i7-2620M-Processor-4M-Cache-up-to-3_40-GHz

Edit 3: Sorry keep forgetting things. Those laptops come with some shitty chinese replacement chargers. They can cause issues with the touch pad while charging. However the port replicator (docking station) should come with a legit Dell charger that will work for the laptop as well since it's universal.

Edit 4: Decided to add my personal recommendations for monitors, monitor stand, mouse, and keyboard. You do your own research though.

Monitor x3: Dell E2414H - 1980, Vesa mount, DVI and VGA
http://www.amazon.com/Dell-E2414Hr-24-Inch-LED-Lit-Monitor/dp/B00FE8MKTM/ref=sr_1_2?ie=UTF8&qid=1450473050&sr=8-2&keywords=dell+24+e2414h+monitor

Monitor Stand: 3 Arms I'd go with http://www.amazon.com/Ergotech-Triple-Horizontal-Monitor-100-D16-B03/dp/B001NPEC5A/ref=sr_1_1?ie=UTF8&qid=1450473096&sr=8-1&keywords=ergotech+3+monitor

There are a lot of options with monitor stands but I like Ergotech so YMMV

Mouse: Tons of options but for I really enjoy my G602 http://www.amazon.com/Logitech-Wireless-Gaming-Mouse-Battery/dp/B00E4MQODC/ref=sr_1_1?ie=UTF8&qid=1450473201&sr=8-1&keywords=logitech+g602

Keyboard: I love blue switches and having a numpad on a TKL is amazing. CoolerMaster has some pretty amazing mechanical keyboards. I recommend this one. http://www.amazon.com/CM-Storm-QuickFire-TK-Mechanical/dp/B00A378L4C/ref=sr_1_3?ie=UTF8&qid=1450473227&sr=8-3&keywords=cm+rapid+fire+tk

Otherwise I currently use a the Quick Fire Rapid with blue http://www.amazon.com/Coolermaster-SGK-4000-GKCL1-US-Storm-QuickFire-Rapid/dp/B0068INSUM/ref=sr_1_1?ie=UTF8&qid=1450473343&sr=8-1&keywords=cm+quick+fire+rapid+blue

I recommend browsing on https://mechanicalkeyboards.com/ or /r/mechanicalkeyboards

Start here.

Read those left to right. You will learn a lot about networking, a lot about Python and how that is commonly used to hack, and then a lot about Kali Linux. You won't learn how to use the tools, but you will learn what they are.

I would also recommend "Operating System Concepts" but it is a bit pricey. I like that book because it doesn't teach you how to use a bunch of commands in linux, rather it teaches you how operating systems work and why they work that way. Very interesting, and there is an entire section on security. Also, "Penetration Testing" is a good one, and it is cheap too. You will learn how to use some Kali tools, but you'll also learn the important stuff. Buffer overflows and format string attacks are what you need to know how to do. You need to know how to look at and manipulate memory.

If you want to figure out how to do it yourself, read the first four books. If you want a step-by-step guide of exactly what to do, read the last book. It is also pretty important, IMHO, to know a bit about operating systems, but honestly you don't need that one. It just tells you why things are the way they are, which is sometimes helpful when you're like "oh I wonder if I can hack in like this" but then you remember that you could, but they changed it because you could.

Good luck on your endeavors!

Edit: I looked at the sidebar and it agrees with me about learning how OS's work. It says: I think the best place to start is to get a solid understanding of OS concepts first. The combo of Linux, C, and ASM are almost essential to really understanding how everything melts together. I like this resource: http://wiki.osdev.org/Expanded_Main_Page.

In addition to what others have said, you need to learn some programming, web and scripting languages + frameworks:

I would make sure to know/learn following in order:

1. HTML / CSS : online: https://www.codecademy.com/ OR book: https://www.amazon.com/Web-Design-HTML-JavaScript-jQuery/dp/1118907442/ref=sr_1_3?ie=UTF8&qid=1543201752&sr=8-3&keywords=html
   
2. Javascript: same as above, some javascript frameworks would not hurt, Angular, Node, etc..
   Note: while learning web stuff, try to learn as much as you can about how the web works, technologies used, etc. Your networking knowledge should help here
   
3. Python: checkout blackhat python book, https://www.codecademy.com/ for basics
   
4. SQL: https://www.codecademy.com/ then mini project: Make a small app in python that utilizes SQL database, all running in cloud AWS or similar. Using frameworks and such
   
5. C++ or C: If you feel comfortable go to C, otherwise I would start with C++ or even C#/Java first to get a grasp of the these programming languages that IMO are easier to learn at first. Python will help here.
   
6. Other things such as bash, Perl, ruby will come in handy, but you can learn them as you go later.
   
   To practice things security related:
   
   

• https://pentesterlab.com/ : black Friday deal active or huge student discount always on: This is a nice set of mini-challenges to start with.
  
• https://www.elearnsecurity.com/course/penetration_testing_student/ : Nice beginner start
  
• https://www.hackthebox.eu/ : To get your hands dirty
  
• Help with hackthebox: https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA (ippsec), would also recommend VIP subscription
  
• https://www.virtualhackinglabs.com/labs/penetration-testing-lab/ : harder boxes
  
• https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/ : Endgame for basics, if you get this cert, from here it's towards advanced certs and bettering yourself. Debatable opinion though :)
  
• Next things: Reverse Engineering, Malware Engineering, Assembly Language learning, Writing your own scripts and tools while staying LEGAL :).
  
  Black Friday deals:
  
  https://www.reddit.com/r/AskNetsec/comments/9yza56/2018_list_of_black_friday_netsec_resources/
  
  https://pastebin.com/aLBfQT6H
  
  ​
  
  ​
  
  Extra books: https://nostarch.com/hacking2.htm (The art of exploitation) (not a super beginner but it's on sale now)
  
  Disclaimer: I am a software engineer, so the security field is new to me as well but for now I am doing hackthebox :).

Both posts here (so far) give good advice in terms of learning assembly. I personally used the OpenSecurityTraining course that was linked by /u/miguelhgn to fill in gaps I had in assembly, and I second his advice to check that one out. If that course proves to be too steep, I'd take a step back and learn a bit of C -- so that you can better understand the context of the assembly you would be reading. For free resources, I generally like to recommend https://publications.gbdirect.co.uk//c_book/ or http://users.cs.cf.ac.uk/Dave.Marshall/C/ as they're iso-9899 recommend free resources that cover a pretty good scope when it comes to C itself.

If you'd prefer a more textbook style of reading, and don't mind shelling out money, I generally recommend C Programming: A Modern Approach above anything else that's out there, but it's far from necessary to get this if you find that you learn from the free resources just fine.

As for recognizing patterns in assembly over time as mentioned by /u/poindexter_one, that would best be implemented by using https://godbolt.org/ imo, and starting with smaller C snippets, trying different compilers and optimization levels, and gradually doing the same with more complex code. A good exercise when you start to get good at that, is to also try to do the same thing in the opposite direction (Seeing assembly, and trying to construct C code from it, AKA a part of reverse engineering)

As for your question "Should I learn Assembly language?" depends on where your interests lie, and what you eventually want to learn / be able to do down the line. It's absolutely a good thing to be able to understand though.

Copy paste from a post I made earlier

Malware RE isn't really all that much voodoo as it seems, you take the executable and break it down into steps.

First check out the PE headers and find what strings you can, characteristics. Figure out if the malware is packed or not.

A quick and dirty way to get an idea of what it does it run it with certain tools on the system and a linux box to intercept all network communications. This is called behavioral analysis.

After that you can load it into a disassembler like IDA Pro and start looking for interesting functions or windows API calls. Things like WriteFile, VirtualAllocEx, ReadFile then figure out that they are doing.

After that you can take it into your debugger (I like OllyDbg) and set some breakpoints at interesting functions to see what the malware is doing in the stack. Like I said, its not voodoo once you look into it further.

Creating the malware is a whole different story and outside my skill set. In fact I hate programming and know only high level programming, basically I can interpret code and what it wants to do. But I have an easier time reading Assembly (lol) than something like C++. But coding malware is just like coding anything else, design it for what you want it to do and get to work. Stuff like Stuxnet had probably at a minimum 10 extremely talented coders behind it.

Here is a great list of learning sources.

Cybrary.it Malware Analysis Course - Free

Opensource Malware Analysis Course - Free

Dr. Fu's Malware Analysis Course - Free

OpenSecurityTraining.info - Free

SANS FOR610 Reverse Engineering and Malware Analysis - Expensive

Practical Malware Analysis

Practical Reverse Engineering

Malware Analyst's Cookbook

Kevin did a good job, but if you want a better introduction Go with Chris Hadnagy's book(s) three of them.

(His Site) https://www.social-engineer.com/

(Book 1)https://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/B008TSHUVC/ref=sr_1_6?keywords=Chris+Hadnagy&qid=1559063575&s=gateway&sr=8-6

(Book 2)https://www.amazon.com/Unmasking-Social-Engineer-Element-Security/dp/B00MOTDNRC/ref=sr_1_7?keywords=Chris+Hadnagy&qid=1559063575&s=gateway&sr=8-7

(Book 3)https://www.amazon.com/Phishing-Dark-Waters-Offensive-mails/dp/B01MSKBJYH/ref=sr_1_5?keywords=Chris+Hadnagy&qid=1559063575&s=gateway&sr=8-5

​

(PS> Social Engineering has been my Security Focus since I moved from Network Engineering into Security, I'm a 2-time competitor in the Defcon SECTF (placed 4th last time I tried, my partner from the previous year won that year))

Its probably the chip set, I bet it is an atheros, those tend to play nice, some do others don't, why? Well you are going to need someone more techy than me to find out. My best guess is from a prior experience when I had to put a card into monitor mode, it didn't happen so I suppose its drivers are crap for linux.

Anyway I would also think its probably better to put a few more dollars in to get the external antenna variant, [here.] (http://www.amazon.com/Panda-300Mbps-Wireless-USB-Adapter/dp/B00JDVRCI0/ref=pd_sim_147_1?ie=UTF8&dpID=41aN7RPsG8L&dpSrc=sims&preST=_AC_UL160_SR160%2C160_&refRID=0QPVQV93ZEDN2SRKPXD5)

Your welcome. :) If you are truly interested there is a pretty comprehensive book on practical malware analysis, I have never read it but I assume it demands a solid knowledge of the above mentioned topics.

https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901/ref=sr_1_2?ie=UTF8&qid=1480495126&sr=8-2&keywords=malware

The below book gives some pretty good beginner types of steps for what to look for and how to do it. Depending on the game, most now days have some pretty advanced protections that will get you caught, or these techniques just won't work any more. https://www.amazon.com/Game-Hacking-Developing-Autonomous-Online/dp/1593276699


For a lot of the folks that are publishing exploits, they have likely been doing it for a while and evolved with the times. Usually they know the classic symptoms of what could cause a duping bug, or glitches in level designs.

The biggest hurdle is that you will need a wireless card capable of injecting packets.

This is one of the more popular cards: http://www.amazon.com/Alfa-AWUS036NH-Wireless-Long-Range-Screw-On/dp/B003YIFHJY/

The one built into your computer might be capable, so check that first.

Tutorial: https://www.youtube.com/watch?v=RydsjNhUjdg

Art of exploitation is a good book nonetheless but it could be a but hard to chew, it digs heavily in reverse engineering and binary exploitation. I don't know your skill level but for a newbie it could be overwhelming. I recommend just researching on general penetration testing like https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking-ebook/dp/B00KME7GN8/ref=sr_1_2?ie=UTF8&qid=1492472386&sr=8-2&keywords=penetration

This book is a good read:


https://www.amazon.com/Real-World-Bug-Hunting-Field-Hacking/dp/1593278616/

​

No Starch Press books are great.

You might need a directional antenna, to be honest. And if you're looking to capture a Wi-Fi signal from a distance, something like this should do the trick: https://www.amazon.com/Tupavco-TP513-Antenna-2-4GHz-17dBi/dp/B008Z4I7WQ/

https://www.amazon.com/Alfa-AWUS036NHA-Wireless-USB-Adaptor/dp/B004Y6MIXS

As far as I can tell, this only supports 2.4GHz. You'll need a different adapter that can support 5GHz.

Edit: Thanks for the Gold.

So for my battery pack, it's a mycharge.com product. I just got literally the biggest one they have. I use the Broadcom adapter on the device to connect to the local wifi and a panda USB wifi dongle with an upgraded antenna. If you really want I'll troll through my amazon purchases and try to find it but Panda has good drivers and can monitor. The antenna should be on the "customers who bought this also bought this"


Edit:
Panda Wireless PAU06 300Mbps N USB Adapter https://www.amazon.com/dp/B00JDVRCI0/ref=cm_sw_r_cp_api_rjlCzbCSVWP98

I've always been fond of the "How Computers Work" series by Ron White. I can't attest to the newer versions, but I own two older editions that hold up in helping wrap your head around what exactly your computer is doing from POST onwards.

The 722n v2 doesnt support monitor mode. Instead I would recommend a Panda PAU06, it is about the same price and supports kali.

Edit: https://www.amazon.com/Panda-Wireless-PAU06-300Mbps-Adapter/dp/B00JDVRCI0

I bought this book recently and it seems to outline the basics of the questions you ask. This should give you a good starting point anyway.
http://www.amazon.com/gp/aw/d/078974984X/ref=mp_s_a_1_1?qid=1449528241&sr=8-1&pi=SY200_QL40&keywords=how+computers+work&dpPl=1&dpID=51r1nQqI34L&ref=plSrch

Hi, Penetration Testing Georgia Weidman is a good read, https://www.amazon.es/Penetration-Testing-Hands-Introduction-Hacking-ebook/dp/B00KME7GN8 .

You won’t see wlan0 wireless interface due to how virtualization works. Your real wireless adapter is being used by your host OS. Parrot receives that connection as ethernet - ifconfig should show eth0, that’s why you have internet connection.


If you want to have wlan0 interface you need an external wireless adapter and pass it to that VM in Vbox / Vmware settings. I recommend https://www.amazon.com/Alfa-AWUS036NHA-Wireless-USB-Adaptor/dp/B004Y6MIXS/ or TPLINK WN722N.

I mean, if you are only using it for Packet injection and wifi hacking etc. Id definetly go for the Alfa card especially the Alfa AWUS036NHA Ive got it and it does everything i need it to. but if you also want to use it for everyday use and you have internet speeds of over 70mpbs id say get another one if you really want to be getting over 70mpbs


i get about 75mpbs with ethernet and with my alfa card which is directly ontop of my moderm i get about 50mpbs

I'm pretty new to using AirCrack myself, but I've bought this a few weeks ago and it works on Kali.

Start by reading this book:

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking-ebook/dp/B00KME7GN8

And do ALL exercises.

Is this device compatible? I know there is a lot of documentation on it regarding Kali.
https://www.amazon.com/Alfa-AWUS036NH-802-11g-Wireless-Long-Range/dp/B003YIFHJY

Analyzing malware takes some learning, but fortunately there are books on this exact topic. For instance:

http://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901

Cybrary also has a course on it:

https://www.cybrary.it/course/malware-analysis/

https://www.amazon.com/Alfa-AWUS036NHA-Wireless-USB-Adaptor/dp/B004Y6MIXS