Best products from r/hacking
We found 93 comments on r/hacking discussing the most recommended products. We ran sentiment analysis on each of these comments to determine how redditors feel about different products. We found 176 products and ranked them based on the amount of positive reactions they received. Here are the top 20.
1. Hacking: The Art of Exploitation, 2nd Edition
- Easy to read text
- It can be a gift option
- This product will be an excellent pick for you
Features:
2. The Hacker Playbook 2: Practical Guide To Penetration Testing
- ISBN13: 9781449381653
- Condition: New
- Notes: BRAND NEW FROM PUBLISHER! 100% Satisfaction Guarantee. Tracking provided on most orders. Buy with Confidence! Millions of books sold!
Features:
4. TP-Link Nano USB Wifi Dongle 150Mbps High Gain Wireless Network Adapter for PC Desktop and Laptops. Supports Win10/8.1/8/7/XP Linux 2.6.18-4.4.3, Mac OS 10.9-10.15 (TL-WN722N)
- USB WiFi Adapter: Exceptional wireless speed up to 150 Mbps brings the best experience for video streaming or internet calls
- Ultimate Range: High gain antennas ensure superior range and stability. Version 2. 0
- Secure: Easy wireless security encryption at a push of the WPS button
- Industry Leading Support: 2-year and free 24/7 technical support
- Compatibility: Windows (XP/7/8/8. 1/10) Mac OS (10. 9 -10. 15) Linux Kernel (2. 6. 184. 4. 3)
- 150 Mbps wireless transmission rate Provides two methods of operation: Infrastructure and Ad-Hoc
- 150Mbps wireless transmission rate Provides two methods of operation: Infrastructure and Ad-Hoc
- Quick Secure Setup, complies with WPS for worry free wireless security Supports 64/128-bit WEP, complies with 128 bit WPA standard(TKIP/AES), supports MIC, IV Expansion, Shared Key Authentication, IEEE 802.1X
- Standards: IEEE 802.11n, IEEE 802.11g, IEEE 802.11b Interface: USB2.0 Antenna Type: 4dBi Detachable Omni-directional Antenna
- Wireless Speed:11n: Up to 150Mbps 11g: Up to 54Mbps 11b: Up to 11Mbps
- Frequency Range: 2.4-2.4835GHz Wireless Transmit Power: 20dBm(MAX EIRP) Modulation Technology: OFDM/CCK/16-QAM/64-QAM
- Work Mode: Ad-Hoc; Infrastructure Wireless Security: 64/128 bits WEP; WPA/WPA2, WPA-PSK/WPA2-PSK (TKIP/AES)
- Support Operating System: Windows 7(32/64bits), Windows Vista(32/64bits), Windows XP(32/64bits), Windows 2000 Certifications: CE, FCC
Features:
5. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
- Comes with secure packaging
- It can be a gift item
- Easy to read text
Features:
7. Stealing the Network: The Complete Series Collector's Edition, Final Chapter, and DVD
Used Book in Good Condition
8. Penetration Testing: A Hands-On Introduction to Hacking
- No Starch Press
Features:
9. The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
- Syngress
Features:
11. Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
Broadway Books
12. Multifunctional Silicone Folding Camping Cup Sport bottle with Lids - Expandable Scald-proof Drinking Cup Silicone Collapsible Travel - Expandable Drinking Cups- BPA Free, Portable, Silicone with Lid
- Safety and Health
- Foldable, unbreakable and leakproof
- The best choice for gifts
- Making it easy to carry your pockets, bags, perfect for home and outdoor use.
- SERVICE:please do not hesitate to contact us, we will solve your problem within 24 hours.
Features:
13. Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
- Syngress
Features:
15. Alfa AWUSO36NH High Gain USB Wireless G / N Long-Rang WiFi Network Adapter
- Guarantee the quality of products
- Delivery Time 20-30 Days
- If you have any questions, please feel free to contact us
Features:
16. The Art of Deception: Controlling the Human Element of Security
- Great product!
Features:
17. Rtfm: Red Team Field Manual
- 98dB of room filling, crystal clear sound with less than 1% total harmonic distortion (Sound Pressure Level measured using pink noise at 1 meter, C-weighted. Total harmonic distortion calculated as electrical measurement of amplifier distortion)
- Deep Bass Modules add serious low end frequency without the need for an external subwoofer
- Connect to your TV with an easy, one-cable setup (analog and digital cables included in the box) - The perfect complement to any small to medium size HDTV
- Wirelessly stream your music from a smartphone or tablet via Bluetooth
Features:
18. Hacking Exposed 7: Network Security Secrets and Solutions
- McGraw-Hill Osborne Media
Features:
19. Code: The Hidden Language of Computer Hardware and Software
- Microsoft Press
Features:
20. Alfa AWUS036NHA High Gain Wireless B/G/N USB Adaptor - Long-Rang Wi-Fi Network Adapter with 5dBi and 9dBi Antenna for Wardriving & Range Extension - Windows 7, XP/Vista 64-Bit /128-Bit - Atheros
- Compatible with Any Brand 802.11b, 802.11g or 802.11n Router Using 2.4ghz Wavelength
- Includes a 4 inch 5 DdBi Screw-On Swivel Rubber Antenna and a 14 inch 9dBi Original Alfa Rubber Antenna
- Supports the Following Security Protocols: 64/128-bit WEP, WPA, WPA2, TKIP, AES
- Compatibility: Windows 2000, XP 32/64, Vista 32/64, Windows 7
- High Transmitter Power of 28dBm - for Long-Rang and High Gain Wi-Fi
Features:
Alright for hacking... It's a LOTTT of stuff you'll need to learn, everything from hacking wifi, hacking websites, cracking passwords. But really all a hacker is, is someone who knows the system so well they can exploit and break it.
What kind of people are hackers/pen-testers?
Unless your job title is literately "red-teamer, or pentester" then "hackers" are usually security researchers, white hats, security analysts, hobbyists, people who tinker around. But really all hackers are, are computer nerds who love this stuff, this is what we live for. So just don't do anything stupid and don't do anything illegal.
Here is some of the big areas you'll need to learn:
Networking / Network security
Linux / Windows (https://linuxjourney.com is amazing) I learned a ton by creating my own custom Debian based Linux Disro.
Forensics
Cryptography / Stenography
Malware / Malware analysis
System hardening / system security
Privacy techniques (Being safe, Tor, Tails, what you share on social media)
Exploiting services, exploiting machines
Wireless attacks (WEP, WPA, WPA2)
Common vulnerabilities, and exploits
How to use google. (Like dorking, Shodan, using online resources)
Maybe some basic python and scripting
Basic security concepts like NIPS, NIDS, SIEMS, mitigation, security policies.
Common ports and services (You can find flashcards on Quizlet)
https://www.cybrary.it/course/intro-to-infosec
https://www.cybrary.it/course/kali-linux-fundamentals
https://www.cybrary.it/course/ethical-hacking
https://www.cybrary.it/course/comptia-aplus
https://www.cybrary.it/course/comptia-902-2018
https://www.cybrary.it/course/comptia-network-plus
https://www.cybrary.it/course/comptia-security-plus
https://www.cybrary.it/course/comptia-cysa-2018
https://www.udemy.com/pentestplus
https://www.udemy.com/ccna-on-demand-video-boot-camp
https://www.youtube.com/watch?v=wBp0Rb-ZJak (The Complete Linux Course: Beginner to Power User)
Also check out
https://www.youtube.com/user/professormesser
https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q (Hackersploit)
https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w (LiveOverflow)
https://www.youtube.com/playlist?list=PLG49S3nxzAnmpdmX7RoTOyuNJQAb-r-gd (Messer, Networking)
https://www.youtube.com/watch?v=vrh0epPAC5w (Animated full Network+ course)
www.reddit.com/r/netsec
www.reddit.com/r/netsecstudents
www.reddit.com/r/comptia
www.reddit.com/r/linux
150 dumped full courses for free
-https://pastebin.com/j0WVfDif
(my favorites)
http://www.mediafire.com/download/2kczrn29gt6fdp3/Introduction+to+Firewalls.rar
http://www.mediafire.com/download/mnulcdbw817f9q0/Metasploit+Basics.rar
http://www.mediafire.com/download/lhajdkufn9oi5ta/Cisco+CCNA+Security%3B+Firewalls+and+VPNs.rar
http://www.mediafire.com/download/yraijpmuzoa1zpn/Cisco+CCNA+Security%3B+Introduction+to+Network+Security.rar
Practice the skills you learn with CTF'S (Capture the flag)
https://www.hackthebox.eu
https://www.hackthissite.org
http://overthewire.org
https://picoctf.com
https://www.vulnhub.com
http://www.dvwa.co.uk
https://pwnable.tw
Start researching and studying for certifications, COMPTIA, CISCO, REDHAT
https://certification.comptia.org/certifications/security
https://certification.comptia.org/certifications/cybersecurity-analyst
https://certification.comptia.org/certifications/pentest
https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/associate/ccna-routing-switching.html
The intro/easy certs are
Comptia A+ (Hardware, basic computers stuff, cables and stuff)
Comptia Network+ (Networking, network topologies, types, subnetting, vlans, dmz's)
Comptia Security+ (Malware types, threads, attacks, policies)
A bit hard and better certs
Cisco CCNA Cyber ops
Comptia CYSA+ (Security analyst stuff, the security+ but much more in depth)
Comptia Pentest+ (Pentesting tools, methodology, steps, ect.)
eLeanSecurity eJPT (junior pentesting cert)
ecouncil CEH (Good for DoD jobs, kinda outdated tho, hacking stuff)
Now it gets pretty advanced
Comptia CASP+ (advanced methods, concepts, techniques regarding security)
OCSP (Oooh the cool kinds have this one, pentesting galore < msut have)
Comptia CISSP (HR and people love this one, high level cert)
GPEN
GIAC
My recommended pathway is Security+ > Cysa+ > Pentest+ > CEH > CASP+ > OCSP > CISSP
Here is Comptia's recommended pathway .PDF
Start to learn a programming language
Python is highly recommended for people who are looking for a first language because:
It’s easy to learn.
It’s great for scripting.
It can be used for just about anything.
https://www.python.org
https://www.youtube.com/watch?v=rfscVS0vtbw (4 hour nice intro to Python course)
Depending how deep you go you might need to learn C and or Assembly, both are commonly used for malware analysis, reverse engineering, binary exploitation, and exploit development. This also will require you to learn things like GCC, GDB, IDA, Hopper, and all the fun stuff. But this can be really really hard to learn, but is incredibly rewarding.
I can always recommend the Red team Field manual.
https://www.amazon.com/dp/1494295504/ref=cm_sw_r_cp_awdb_t1_2cXvCbPQCA1NC
Some nice cheatsheets I have printed out.
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
https://blogs.sans.org/pen-testing/files/2013/10/NmapCheatSheetv1.0.pdf
https://www.loggly.com/wp-content/uploads/2015/05/Linux-Cheat-Sheet-Sponsored-By-Loggly.pdf
If you are interested in learning technquies and want to pratice in a safe and secure environenment I would suggest the use of VMWare. This allows you to install operating systems on virtual machines that work just like standard computers. From there I would suggest use Backtrack 4/5 and start looking at some of the tools pre-installed. VMware also has the added advantage of being able to handle multiple types of networks at the same time. This includes Bridged(the network on the guest OS appears on your Lan), NAT(This acts like a system behind a router requiring port forwarding and other techniques), and Host-Only.
There is also a book I really enjoyed on some of the finer points of hacking called Hacking: The Art of Exploitation. I feel this book does a great job in teaching the concepts behind buffer-overflows, memory mapping, networking, and cryptography.
As far as hacking into particular operating systems, Windows XP SP0 is vulnerable to MS08_067, so if you can manage to obtain an early version of XP. Metasploit which is built into Backtrack has this exploit already loaded.
VMs are the best way to go btw. What are the specs of the system you tried it on?
Wow, it's really encouraging to see people new to hacking actually following the right path. Far too many people disassociate hacking with what it truly is, but you're not one of them; I see that you've got your answer already, but l feel it's necessary to keep pushing you in the right direction. Good luck in your endeavours :)
Some neat resources for someone interested in Binary Exploitation:
Smash The Stack
And a few books:
Hacking: The Art of Exploitation
The Shellcoders Handbook
I've got both of these books and a few on ASM, so I can vouch for them (as can their reviews and ratings).
Happy Hacking
Buy a decent book on pen testing using kali. A great starting point for beginners: https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442
I'm 30 years old and currently working 30% in pen testing, and 70% with developing electronic warfare systems at the most reputable cyber security company in Scandinavia. I wish I had found this interest at your age! If you put some effort into it and have a genuine interest in the field, the possibilities are truly endless.
It might be a boring answer, but seriously.. Read! Don't get stuck playing around with tools, but read up on the subject as well. The book I linked is a very easy read, and will get you started with the practical aspects very quickly. Once you have the basics down you might also want to check out "The Hackers Playbook 2". If you find reading tedious I suggest enrolling in a course on udemy.com, that way you can alternate reading with video lectures.
Good luck! The industry needs more young and hungry minds :)
Let me start by telling you that InfoSec jobs are in-demand now more than ever and that's not likely to change as more and more of the world are starting to use computers, computers continue advancing, etc. So, barring any sort of impending dark ages and assuming you're putting enough effort into your education and continuing education, you should be able to work your way up without too much trouble. Focus on getting your foot in the door and be professional.
&nbsp;
Now then, I'm currently an Information Security Analyst in the US, so this information may be completely irrelevant to you out there in NZ. I initially only graduated with an Associate's (2-year) in Information Security & Computer Forensics. I managed to get my job before I had even graduated as I worked hard in school (a stressful amount, really) and knew how to conduct myself in a professional manner. They actually paid for my certifications, and a lot of companies out there will as well. Here's the tiered structure we followed - all InfoSec related certifications:
&nbsp;
Within the first 6 months, we are sent to training to obtain our CompTIA Security+ certification. This is roughly a 1-hour, multiple choice test and you need at least an 80% to pass. I would recommend any of these three books to study from:
This is the book that my company had provided me to study from
This is the book my friend had given me. Both her and I studied from this and passed successfully
This is the book we are currently learning from in my Bachelor's program
Take your pick, they'll all achieve the same essentials, mostly. I am awful at studying and mainly just crammed the few topics I wasn't sure about in the night/morning before my test and passed with an 86%.
&nbsp;
Next, we're sent to get our GSEC, which is the GIAC Security Essentials Certification. The Security+ focuses on several main topics and gets in-depth with the information, whereas GSEC covers a wide span of topics but doesn't get very in-depth. This test takes about 5 hours to complete also, compared to the 45 minutes that it took to take the Security+. It's important to note that the GSEC, while 5 hours long, is open-book. My company sent me to a training class that provided 6 different books to cover any topic on the GSEC, however you also need an index. The books themselves don't have a table-of-contents, so you need to make an index yourself that covers just about every topic on every page. In my case, a coworker sent me his that he had used, and it turns out it was out of date so not a single page was correct. Much to my own surprise, I passed with an 82% (the minimum passing score is 74%) so while the index/books are important - they're not completely necessary as long as you paid attention in your classes. It should also be noted that I did not actually study for this. Most of it was just common-sense stuff like "Which of the following does an Intrusion Prevention Device do?" and knowledge that I had obtained from school/work.
&nbsp;
After GSEC is the GCIH, or, GIAC Certified Incident Handler. I haven't taken this yet, nor the next one, so I can't speak to their difficulty or process, but I've been told by other analysts it's roughly the same as GSEC, just different information and more hands-on like capture the flag runs.
&nbsp;
Finally, after GCIH, we are sent to get our GCIA, or, GIAC Certified Intrusion Analyst. Same with GCIH, I have not been sent to obtain this cert just yet, but I can only imagine it's somewhat similar to the last 2 as they follow GIAC's tiered structure.
&nbsp;
So TLDR - as a current InfoSec Analyst - the recommended certs are Security+, GSEC, GCIH, and GCIA. There are many more certs out there, though, these are just the ones my company values currently.
&nbsp;
Good luck!
I read this book, it is an amazing one however it is pretty big and might be hard for you since you are not advanced as you said.
On my opinion, I highly recommend this book
https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442/ref=sr_1_18?ie=UTF8&amp;qid=1481534935&amp;sr=8-18&amp;keywords=hacking+books
It is easy to read and follow. And the way the book was written makes you never stop reading, I promise. (: good luck on you education my friend I hope this helps.
hi, i'm totally NOT an expert, but it's almost a year that i'm trying to study security on my own.
As other said, it will be very useful know programming like python, but also (the very hated)Php it's a plus to know.
It's also a must now REST communication and networking in general
i found this book very useful https://www.amazon.it/Hacker-Playbook-Practical-Penetration-Testing/dp/1494932636/
also there are a lot of useful video on youtube!
goodluck, mate
I'm gonna try to give you some real advice, instead of shitting on a newcomer.
First, you really gotta know your systems. You're a software developer, but that doesn't mean you have experience in assembly. Learn assembly. Pick up books on it. Know how overflows work, etc. Also, get a vulnerable system, and start practicing the exploits given to you in Metasploit. Once you feel comfortable exploiting a certain vuln, look at the code for that particular exploit. Learn how it works, what it exploits, etc. Get comfortable with the language.
You also have to figure out what type of hacker you want to be. Do you want to be specialized in host, or web app, network, etc. It really depends. You obviously don't have to pick a specialization up front, but it should guide you on the type of material to learn. In all, it comes with practice. I will copy/paste exactly what I told someone else who asked a few days ago. I feel the list I put together below will get you started.
Offensive Security has some great material for you to browse, and even some lab environments to work in. Read up on Metasploit and OWASP get comfortable with a linux command line, python scripting, and powershell if possible. Other than that, attend security conferences, learn from books, (I personally recommend Hacker Playbook 2) and just learn by practicing on vulnerable boxes like Metasploitable and DVWA
Other than that, you just learn by doing it. Get down a methodology, and learn why and how systems are vulnerable. Further down the road, reverse engineering, static code analysis, and other specialties come into play, but I think thats enough info to get you started. If you need anything else answered, or have any other questions, just DM me.
While Metasploit is a good tool, I would advise you to stray away from it until you learn. (I’m ignoring the fact that you rarely use Metasploit for web penetration testing in the real world anyways...)
You can carry out most of web penetration testing with just few tools like BurpSuite (this is the main one), a directory bruteforcer (gobuster, dirbuster, dirb, wfuzz..) and Nmap. These 3 tools should give you initial idea about the web application and its structure. Then it boils down to your enumeration and ability to spot weird or possibly vulnerable behavior. What is considered as “weird” or “vulnerable” behavior? According to OWASP, countless things. They made a whole web penetration testing guide for that reason - you can find it here: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents.
Alternatively, this book (https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470) covers web based exploitation in great depths and I highly recommend you obtain it. It was one of my first books ever and is definitely among my favorites.
Another useful resources:
https://portswigger.net/web-security
https://www.hackerone.com/hacker101
EDIT:
Yes, there are other very specific tools which come in handy such as wpscan or sqlmap. While I don’t mind wpscan that much, I strongly believe one should be able to do a manual sql injection before using sqlmap (therefore avoid sqlmap when learning). This way you understand what is happening behind the green terminal ;).
PS: Sorry for formatting, typed this up on a phone. I’m also pretty tired so please excuse my janky grammar!
I'm the manager of application security and research at a mid-level software vendor with over 400 developers and testers and I want to recommend you ignore all of the more generic advice currently in this thread. As someone with coding experience and interest, you have a unique path to infosec that so many companies want, but find it extremely difficult to hire for.
Any company that ships software has to consider the security of their application - full stop. Most rely on scanners or annual third-party vulnerability assessments for this, but obviously that falls short. They need people who can build security in from an architectural standpoint. Someone who can actually implement the fixes suggested by the above methods, and ideally, someone who can help implement security as an integral part of the SDLC instead of as a bolt-on premise.
My recommendation is to make your way through 24 Deadly Sins of Software Security and The Web Application Hacker's Handbook. If you can understand the bulk of concepts in these two books, you'll be leagues ahead of almost any developer you find yourself up against in a hiring scenario. For the coup de gras, learn about threat modeling. It's a great way to teach other developers and testers security and to build security into any system during design instead of post-release. Check out this book which is actually probably a little too comprehensive, use this card game from Microsoft (it seems silly, but I promise you it works), and watch this talk one of the guys on my team gave at BSides Cincinnati.
If you have any questions, PM me.
There are online forums that provide with tutorials on how to hack certain things, so read those and try them on your own devices or devices you have the permission to attack.
Examples of those forums : [NullByte] (https://null-byte.wonderhowto.com/) and [BlackMOREOps] (https://www.blackmoreops.com/)
Download Kali, load it onto a USB and look at the tools, especially [Metasploit] (https://www.metasploit.com/) and play with port scanners and such. I'd also recommend running vulnerable VM's such as Metasploitable and running vulnerable web apps such as [DVWA] (http://www.dvwa.co.uk/).
When it comes to writing code, Python excells for writing hacking tools. There are books about that such as [Violent Python] (https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579) and [Black Hat Python] (https://www.nostarch.com/blackhatpython). Im sure there are some about writing payloads and exploits in C, but I cant really remember the names.
If you have any questions, feel free to ask! And remember one thing: Be as creative as you can when experimenting. You'll learn a great deal that way.
The guy that wrote that blog post has a good book called Spam Nation that talks about his deep dive investigation into Russian cybercrime gangs. It's incredibly good, and he's one of the best reporters on the cyber underground.
I'd also look for the coverage of Stuxnet. There's a really good documentary about it called zer0days, and since you specifically asked about books you could do Countdown to Zero though I haven't read it so I don't know how good it is. If you haven't heard about Stuxnet it's a fascinating story about just how advanced US cyber warfare capability is.
Start with basic programming, maybe simple stuff like Ruby/Python to get a hang of functions and dynamic programming, then move onto C/C++ and even Java is good start a full language. The best book I think (it is fairly advanced) is Hacking: The Art of Exploitation, by Jon Erickson (http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441). You can find a pdf yourself, just Google. But the book has an explanation on reading the memory process of a program as well as computational and algorithmic thinking, it's really worth a read, even if it's over your head (as it was for me too haha)
What's Possible With Hacking?:
Things are more possible than you think; the more you know, the more you can do (hacking isn't just one thing to learn, it's a combination of different subjects).
Where can I learn about it?:
I recommend try to learn anything you can get your hands on, E-books, videos, etc. You should take the paid online courses later on, once you advance your knowledge.
!!TIP!!: Recommend reading some questions from him https://www.reddit.com/r/hacking/comments/4up17b/i_am_a_lead_penetration_tester_ama/
This book (recommended by a real pentester): https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1512214566
Video on Kali Linux: https://www.youtube.com/watch?v=7nF2BAfWUEg&amp;list=WL&amp;index=3
(i recommend Kali btw, install it on a virtual machine. )
I got all this just from the internet, the internet has all the information you need; just get it from the right places.
(I know basically squat, i am also starting off as of today) good luck!
What you're asking for is kind of silly.... Here's a series that's all about real theoretical attacks though. You're not going to find information on how to steal money from a bank, but you can read books from hackers who have done a lot of interesting things, like a group of friends who won nearly a million dollars in Las Vegas by reverse-engineering slot machines in Kevin Mitnick's book.
Your welcome.
as you i also like the subject.
i found this books to be a good reading:
http://www.amazon.com/The-Hacker-Playbook-Practical-Penetration/dp/1494932636/ref=pd_bxgy_b_img_y
http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_13?s=books&amp;ie=UTF8&amp;qid=1413800973&amp;sr=1-13&amp;keywords=hackers+play
Have a look at this linux distribution
http://www.kali.org/
Is made for pentesting, it might give u a idea of things and in youtube u will find good tutorials about the tools that come with it.
Have fun
This is a really good book that teaches about software exploitation.
It also includes some great stuff on networking, cryptography etc.
I'm ~70 pages in and it's been invaluable as just a programming resource (C + Assembly) and I haven't even got to the exploitation section yet.
I'd recommend checking the amazon preview of the contents page to see what else it contains. (Bonus, it comes with a linux livecd to help you replicate all the results in the book)
I REALLY enjoyed the "Stealing the Network" series. The final books is especially good. It's a collection of realistic hacker stories/scenarios that all revolve around one main plot. The hacking focuses on being accurate while also outlandishly awesome. here's a link to the series on amazon: www.amazon.ca/gp/aw/d/159749299X
I'm on mobile so that's the best I can do for now..
Let's get down to buisness.
First off you need to start with your wireless card. What operating system are you running on? Kali Linux is a great OS to run off a thumb drive (Or Nexus, Or rasperry pi even) and it comes with all the programs you need to get going. The card you have needs to support monitor mode and packet injection in order to crack a pass. I know that the TP-Link TL-WN722N works well for this. Find a site to check the model of your current card and look for monitor mode capabilties and packet injection support.
Next we need to boot into kali linux. Kali has a fantastic amount of programs for you to use and im going to leave it up to you. It's a matter of preference. Also worth noting, in a unix terminal the command
ifconfig
can find the name of your wireless adapter (wlan0, wlan1, ect ect).
You wont have any issues trying to crack a password which is protected by WEP but WPA might give you some difficulty. Also dont forget to slow down and take some time to learn about what you're really doing! Thats the only way to really learn. Hope this helps.
Start with learning computer systems, networking, and Linux. You need to be able to at least read computer code, know how data flows between computer networks, and how to do things in Linux. Here are few links to get you started:
First and foremost, basics and free stuff:
Intro to Linux
https://www.edx.org/course/introduction-linux-linuxfoundationx-lfs101x-2
Computer Networks
https://www.coursera.org/course/comnetworks
Intro to computer science and programming Python:
https://www.edx.org/course/introduction-computer-science-mitx-6-00-1x-0
Web development -- Will help you when (and if) you go through web pentest route
https://www.udacity.com/course/cs253
Cryptography
https://www.coursera.org/course/crypto
Once you've covered all above topic, you are ready to enter into pure-hacking learning:
First free stuff:
http://www.reddit.com/r/HowToHack
http://www.breakthesecurity.com/p/hacking-tutorials-for-beginners.html
http://www.securitytube.net/
Following cost money but take you through each and every step of a pentest without distractions:
Hacking Exposed ed.7
http://www.amazon.com/Hacking-Exposed-Network-Security-Solutions/dp/0071780289
The Hacker Playbook
http://www.amazon.com/The-Hacker-Playbook-Practical-Penetration/dp/1494932636
Very expansive but well worth it (Bonus: It's a certification):
http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
All wifi adaptors are created equal, just some are created more equal than others.
&#x200B;
I have had great success with Alfa AWUSO36NH before.
You can't "Hack" something with python, python is great as a scripting language and can be used to automate some processes that would take rather a long time doing it by hand ie: "Fuzzing" and writing exploits. if you wanna start "hacking with python" you need to have more than basic knowledge and you need knowledge about what you're going to be using python on.
If the terms "Fuzzing" and exploit writing doesn't sound familiar to you then i suggest you go back and do some more research.
There's a great book on that topic though called Violent Python that should give you an idea of what you're dealing with.
I own the first edition, and looking at the second, it does a much better job of giving some rudimentary programming basics. You might want to pair it with Code, which is great for getting an overall view of how computers work.
"Hacking the art of exploitation" is a book by Jon Erikson
http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441
It is published by a company called No Starch Press.
They are an amazing publisher and certainly know how to throw a party too!
Went to their party at DEFCON last year and had a blast.
I can't recommend a good site, but I will recommend an amazing book which you can find here: https://www.amazon.com/Programming-Language-Brian-W-Kernighan/dp/0131103628
If you have done enough research, aircrack is the go to. Make sure you have an external wifi card that is capable of injection.
You can find that here: http://www.aircrack-ng.org/doku.php?id=compatibility_drivers.
The most common are the alfa cards like the alfa awus036nha or whatever.
You can probably find one for cheaper, but heres one that i use: https://www.amazon.com/dp/B004YD7UBQ/ref=cm_sw_r_awd_c1nvub02KE5SR.
But of course you would know that after some basic research, right?? :)
The best starting point for a n00b is this book: http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441/ref=sr_1_1?ie=UTF8&amp;qid=1342722167&amp;sr=8-1&amp;keywords=hacking
Invest in this book.
some parts are a little outdated but it is by far the best place to start.
I think you're mixing issues... Klisch will certainly let you install software or drivers if you need.
And antennas don't need drivers or software, it's the card that needs a driver.
I use an Alfa external card, and Amazon will recommend several antennas if you need more than that.
https://www.amazon.com/Alfa-802-11b-Wireless-Original-9dBi/dp/B001O9X9EU
I've also heard good stuff about TPLink external cards. https://www.amazon.com/TP-Link-N150-Wireless-Adapter-TL-WN722N/dp/B002SZEOLG
Web applications hacker hand book is the best book I've read on web application security. Goes very in depth in the types of exploits in web applications, how to exploit them, what to use, and how to prevent them. If you have atleast a basic understanding of programming and are willing to read and understand this book (~1000 pages) you'll get up to speed pretty quick.
Here's the book:
https://g.co/kgs/upO3q
Edit: Not as focused on web applications but in my opinion another top contender:
Hacking: The Art of Exploitation, 2nd Edition https://www.amazon.com/dp/1593271441/ref=cm_sw_r_cp_api_zuDpxbSFKDHB1
The Art of Deception: Controlling the Human Element of Security
What Every BODY is Saying: An Ex-FBI Agent’s Guide to Speed-Reading People
Manwatching: A Field Guide to Human Behavior
How to Win Friends & Influence People
Influence: The Psychology of Persuasion
Games People Play: The Basic Handbook of Transactional Analysis
The 48 Laws of Power
https://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/0770436196
I highly recommend this book, you guys will love this one!
>Where to learn kali
Hacker playbook 2
>What to use it with
Your own virtual machines or desktop machines that YOU OWN. The book covers how to set up those machines
>how to not get the fbi to how up at my door
Don't do anything stupid.. Hack your own equipment from the safety of your own subnet, and you aren't doing anything illegal. Have fun!
No its not a stupid question. Most people like the K&R book, which is like the C bible. Link
I recommend checking this out, it has a ton of recommended C books for beginners and Intermediate.
Like BotLenny said, Kali Linux is a good place to start, look at getting a book like this
One thing good to learn is social engineering, as its one of the most common threats faced by basically everyone. If you learn how malicious social engineers think (and how they combine knowledge with tech based hacking), you can defend against them better. I enjoyed Unmasking the Social Engineer.
Also, if you're not experienced with low level systems, you should read The Art of Exploitation.
I second the Alfa suggestion. I have this one myself and it works great! https://www.amazon.com/dp/B0035APGP6/ref=cm_sw_r_cp_apa_mU7SBbSVAMKJR
I made the same mistake, I was sad.
But, I use this (Alfa AWUS051NH 500mW High Gain 802.11a/b/g/n high power Wireless USB A / B / G / N Wireless WiFi Network adapter With a 5dBi and 9dBi Rubber Antenna a https://www.amazon.com/dp/B003YH1X48/ref=cm_sw_r_cp_apap_15GnNzukOZKdU)
to wipe my tears away.
Works pretty well and if you want to grab stuff that's farther away you can get a stronger antenna
Probably the best one out there:
https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441
Buy it, read it, understand it. Skip nothing, and suck it in!
Good? Now go to town on Blowfish at www.smashthestack.org
I have had great results with this card:
http://www.amazon.com/gp/product/B002SZEOLG
This book is great
This youtube channel is also great.
And r/HowToHack
http://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
this book is definitely what you're looking for, it talks about EVERYTHING in web security.
get a TP-LINK TL-WN722N. I've been using it for a while and am very happy with it.
Don't worry about the 2 year experience in Security+ Cert. They don't check that, they just say it's required to have to better understand the materials. But if you study hard enough, you will be fine. Get Darril Gibson's Security+ Book and use Professor Messer Security+ Videos it helped me pass my Sec+.
An NEH is indespensible for 802.11-specific stuff, but to really get into hacking itself, take a look at Hacking: The Art of Exploitation and maybe pick up a practical pentesting book like http://www.amazon.com/Penetration-Testing-Hands--Introduction-Hacking/dp/1593275641/ref=sr_1_1?ie=UTF8&amp;qid=1420380278&amp;sr=8-1&amp;keywords=penetration+testing or http://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1494932636/ref=sr_1_2?ie=UTF8&amp;qid=1420380278&amp;sr=8-2&amp;keywords=penetration+testing
Yeah, sure. Here you go.
Learn sysadmin skills (linux sysadmin especially), learn to program in atleast one language can be anything: javascript or even python. Learn to hack web applications. Learn about infrastructure penetration testing. Have a look at hackerone.com and bugcrowd.com. Here are some guides to get your started:
Here is a copy paste of what I sent to another guy. Anyways here is my reading list: Check this too for practice: (List of vulnerable web applications that you can try on)https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project Try hackerone and bugcrowd too. Live sites you can hack. Some Stuff to read: https://forum.bugcrowd.com/t/common-assessment-tool-cheatsheets/502 https://forum.bugcrowd.com/t/researcher-resources-tutorials/370 https://ghostbin.com/paste/5o5zc https://www.reddit.com/r/netsec/comments/4k7y0q/video_of_hack_on_catalan_police_union/ http://0x27.me/HackBack/0x00.txt https://www.reddit.com/r/netsec/comments/3782hv/here_are_some_burp_suite_tutorials_for_you_guys/ Also read: 1. The Web Application Hacker's Handbook. (800 pages but just browser through it) 2. The Database Hackers's Handbook 3. Android Hacker's Handbook 4 . This book is good if you still very new: https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641 Also read this: https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf and this: https://github.com/jhaddix/tbhm Also check my subbreddit: /r/netsec_reading http://www.slideshare.net/bugcrowd/how-do-i-shot-web-jason-haddix-at-defcon-23 Some more blackhat stuff: https://ghostbin.com/paste/5o5zc https://www.reddit.com/r/netsec/comments/4k7y0q/video_of_hack_on_catalan_police_union/ http://0x27.me/HackBack/0x00.txt https://www.reddit.com/r/netsec/comments/3782hv/here_are_some_burp_suite_tutorials_for_you_guys/
I'm always advocating hak5.org for newbies on here. Though I'd also toss in this: http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_1?ie=UTF8&amp;qid=1324017233&amp;sr=8-1
One thing to remember as you're getting started: don't expect to become a 1337 hax0r in one tutorial or over a few days. It's going to take time, effort, and lots of reading.
You mean the seventh edition? Yeah, you're right. I read the fifth one (2005!), and I can tell some methods are now deprecated or have increasingly evolved. But I don't know about 2012... However, I was still able to learn a lot from it. And it taught me to find resources to keep learning, so, it definitely wasn't a waste of my time.
My one-liner answer:
It was a slow process of steady improvement that started with physical logic gates and/or commands directly to your hardware.
My longer answer:
Go read this book....
https://www.amazon.com/Code-Language-Computer-Hardware-Software/dp/0735611319/
This is one of my security starter trifecta:
Hacking: The Art of Exploitation
Rtfm: Red Team Field Manual
Blue Team Handbook: Incident Response Edition
OK. If you can get to civilization, you might find this useful:
https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641/
This one will work but it's a bit pricey: https://www.amazon.com/Alfa-AWUS036NHA-High-Wireless-Adaptor/dp/B004YD7UBQ
I know that Hak5 recently started selling their brand of cards but I'm not sure how much those cost. You can also check out Hacker Warehouse and see if they're selling the original version of the TP-Link.
Start playing around with:
http://www.dvwa.co.uk/
http://sourceforge.net/projects/metasploitable/files/Metasploitable2/
https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
Download some of these:
http://vulnhub.com/
Get yourself a copy of:
http://www.amazon.co.uk/gp/product/1118026470/ref=pd_lpo_sbs_dp_ss_1?pf_rd_p=569136327&amp;pf_rd_s=lpo-top-stripe&amp;pf_rd_t=201&amp;pf_rd_i=0470170778&amp;pf_rd_m=A3P5ROKL5A1OLE&amp;pf_rd_r=0VDGSR97R5Y5N3SS6QTB
You don't need courses to learn
I was personally recommended by my mentor Hacking: The Art of Exploitation, and The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Also some companions sent me some readings on index articles. I'm not so sure of the titles, but just browse around.
http://slav0nic.org.ua/static/books/
http://hackbbs.org/article/book/
Try Violent Python
I may add the book.
Hacking: The Art of Exploitation
https://www.amazon.es/Hacking-2e-Exploitation-Jon-Erickson/dp/1593271441
Learn C. Eventually Assembly. Buy this book too: http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441/ref=sr_1_1?ie=UTF8&amp;qid=1334790681&amp;sr=8-1
PM me your paypal address - My shout.
http://www.amazon.com/gp/offer-listing/1597499579/ref=dp_olp_used?ie=UTF8&amp;condition=used
Book:
Hacking: the art of exploitation
https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_1?ie=UTF8&amp;qid=1491881386&amp;sr=8-1&amp;keywords=hacking+the+art+of+exploitation
https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441
Start here.
Just tell him to go read the R.T.F.M. book
This one worked for me:
https://www.amazon.com/TP-Link-N150-Wireless-Adapter-TL-WN722N/dp/B002SZEOLG
Learn Python The Hard Way
Violent Python
Bought this a little while ago https://www.amazon.com/dp/B003YH1X48/ref=cm_sw_r_awd_f9YFub1EAF39N works like a charm.. My only problem is the suction cup suck ass...