(Part 2) Best products from r/hacking
We found 24 comments on r/hacking discussing the most recommended products. We ran sentiment analysis on each of these comments to determine how redditors feel about different products. We found 176 products and ranked them based on the amount of positive reactions they received. Here are the products ranked 21-40. You can also go back to the previous section.
21. Beinhome FM Transmitter Audio Adapter Car Kit, Wireless in-Car Radio Transmitter Built-in 3.5mm Aux Port for Car iPhone 6s 5 SE iPod iPad Smart Phones MP3 MP4 Audio Players
UNIVERSAL WIRELESS FM TRANSMITTER - This FM transmitter eliminates the need for an audio jack or Bluetooth in your car audio system - just plug it into your phone or MP3 player and turn on the radio!QUITE EASY USE - Insert the 3.5mm plug into your device just as you would a pair of headphones. Turn ...
22. JBtek Windows 8 Supported Debug Cable for Raspberry Pi USB Programming USB to TTL Serial Cable
- Connect to your micro controller, Raspberry Pi, WiFi router with ease
- The power pin provides 500mA directly from the USB port and the RX/TX pins are 3.3V level for interfacing with the most common 3.3V logic level chipsets
- Windows XP/Vista/7 & Windows 8 supported, MacOS X; PL2303 TA. drivers on your computer and connect with a terminal program at 115200 baud
Features:
23. Transcend 1 TB StoreJet M3 Military Drop Tested USB 3.0 External Hard Drive
- Military-grade shock resistance, SuperSpeed USB 3.0 compliant and backwards compatible with USB 2.0
- Advanced 3-stage shock protection system, Durable anti-shock rubber outer case
- Advanced internal hard drive suspension system, Quick Reconnect Button - re-enable safely removed USB hard drive without unplug and reinsert
- One Touch Auto-Backup button, 256-bit AES file & folder encryption, Exclusive Transcend Elite data management software
Features:
24. The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition
- John Wiley Sons
Features:
25. The Hacker Ethos: The Beginner's Guide to Ethical Hacking and Penetration Testing
29. Learn Python the Hard Way: A Very Simple Introduction to the Terrifyingly Beautiful World of Computers and Code (3rd Edition) (Zed Shaw's Hard Way Series)
- Pearson P T R
Features:
30. Learn Ruby the Hard Way: A Simple and Idiomatic Introduction to the Imaginative World Of Computational Thinking with Code (3rd Edition) (Zed Shaw's Hard Way Series)
- Custom Three-Capsule Array: Produces clear, powerful, broadcast-quality sound for YouTube, game streaming, podcasting, Zoom calls and music.
- Blue VOICE Software: Craft the perfect broadcast vocal sound and entertain your audience with enhanced effects, advanced modulation and HD audio samples. Advanced Blue VOICE is compatible with Yeti, Yeti Nano and Yeti X. To access Blue VOICE, please download Logitech’s free G HUB software.
- Four Pickup Patterns: Flexible cardioid, omni, bidirectional, and stereo pickup patterns allow you to record in ways that would normally require multiple mics.
- Onboard Audio Controls: Headphone volume, pattern selection, instant mute, and mic gain put you in charge of every level of the recording and streaming process.
- Plug 'n Play on Mac and PC: Instantly start recording and streaming on Mac or PC.
Features:
31. Learn C the Hard Way: Practical Exercises on the Computational Subjects You Keep Avoiding (Like C) (Zed Shaw's Hard Way Series)
- Addison-Wesley Professional
Features:
32. The Practice of Network Security Monitoring: Understanding Incident Detection and Response
- Used Book in Good Condition
Features:
34. 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
- McGraw-Hill Osborne Media
Features:
35. PortaPow 5ft Data Blocker Micro USB Cable Compatible with Android Smartphones etc.
Uses 20AWG copper cable for lower resistance and faster charging than a budget micro USB cable.Prevents your device going into 'data transfer' mode when connected to a computer, prevents data theft / viruses when charging from an unknown USB socket and lets you use a computer just like a mains charg...
36. Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder.
- 98dB of room filling, crystal clear sound with less than 1% total harmonic distortion (Sound Pressure Level measured using pink noise at 1 meter, C-weighted. Total harmonic distortion calculated as electrical measurement of amplifier distortion)
- Deep Bass Modules add serious low end frequency without the need for an external subwoofer
- Connect to your TV with an easy, one-cable setup (analog and digital cables included in the box) - The perfect complement to any small to medium size HDTV
- Wirelessly stream your music from a smartphone or tablet via Bluetooth
Features:
37. Generic SATA/PATA/IDE Drive to USB 2.0 Adapter Converter Cable for 2.5 / 3.5 Inch Hard Drive / 5 inch Optical Drive with External AC Power Adapter
Connect to the IDE device using USB interface and SATA device tooTransfer rate upto 480MBps (USB 2.0 specification), limit depend on the IDE device/SATA device and the driverSupports SATA Hard Disk / ATA/ATAPI CD-ROM/R/RW DVD-ROM (based on ATAPI spec.)External power adapter included, for power up th...
Probably going to make my own router sometime this month, been wanting to play about with PFsense.
uh that's about it, not just hacking stuff just general useful stuff I use quite often/think is cool.
Wow, it's really encouraging to see people new to hacking actually following the right path. Far too many people disassociate hacking with what it truly is, but you're not one of them; I see that you've got your answer already, but l feel it's necessary to keep pushing you in the right direction. Good luck in your endeavours :)
Some neat resources for someone interested in Binary Exploitation:
Smash The Stack
And a few books:
Hacking: The Art of Exploitation
The Shellcoders Handbook
I've got both of these books and a few on ASM, so I can vouch for them (as can their reviews and ratings).
Happy Hacking
I wrote a book a little over a year ago to answer exactly these types of questions...
https://www.amazon.com/Hacker-Ethos-Beginners-Ethical-Penetration/dp/1523764368
There is a free preview with 100 pages from one of my early drafts if you want a sneak peek at what you'd be reading...
https://drive.google.com/file/d/0B8JvWS_y2CHqZ2EwWG9pcENjazQ/view
Reading the subreddits is certainly helpful as well. I would definitely recommend building your own lab of vulnerable machines to practice. You can get plenty of these from Vulnhub.com
Of course, you'll need some tutorials, chiefly of which I recommend www.cybrary.it, an excellent site for tutorials on all things security and infosec, including pentesting.
Other books I highly recommend...
Good luck, OP hat-tip
In all honesty mate, my best advice would be to learn about the techniques used in social engineering. This can span from NLP, building rapport, covert hypnosis and micro expressions and much, much more.
I started on this book ages ago and it was a great introduction to this whole world.
After you have an understanding of how body language and words effect peoples behaviour, then you can move on to more advanced techniques.
This guy has a great YouTube channel with so many videos about NLP and hypnosis. If you browse a few of them just to get a real, physical idea of how people use language, and what words can be emphasised for a specific purpose.
In terms of other books, Kevin Mitnick has a few good ones about his life (google him if you don't know who he is). And also a guy called Kevin Dutton wrote a book called Flipnosis - The art of split second persuasion
The other thing I would say, and I can't really stress this enough, is try to observe your own and others behaviour and understand why and how people say what they say and do what they do. I like to do this by sitting in a relatively busy cafe and simply observing what goes on and how people interact.
Hope this helps.
Let me start by telling you that InfoSec jobs are in-demand now more than ever and that's not likely to change as more and more of the world are starting to use computers, computers continue advancing, etc. So, barring any sort of impending dark ages and assuming you're putting enough effort into your education and continuing education, you should be able to work your way up without too much trouble. Focus on getting your foot in the door and be professional.
 
Now then, I'm currently an Information Security Analyst in the US, so this information may be completely irrelevant to you out there in NZ. I initially only graduated with an Associate's (2-year) in Information Security & Computer Forensics. I managed to get my job before I had even graduated as I worked hard in school (a stressful amount, really) and knew how to conduct myself in a professional manner. They actually paid for my certifications, and a lot of companies out there will as well. Here's the tiered structure we followed - all InfoSec related certifications:
 
Within the first 6 months, we are sent to training to obtain our CompTIA Security+ certification. This is roughly a 1-hour, multiple choice test and you need at least an 80% to pass. I would recommend any of these three books to study from:
This is the book that my company had provided me to study from
This is the book my friend had given me. Both her and I studied from this and passed successfully
This is the book we are currently learning from in my Bachelor's program
Take your pick, they'll all achieve the same essentials, mostly. I am awful at studying and mainly just crammed the few topics I wasn't sure about in the night/morning before my test and passed with an 86%.
 
Next, we're sent to get our GSEC, which is the GIAC Security Essentials Certification. The Security+ focuses on several main topics and gets in-depth with the information, whereas GSEC covers a wide span of topics but doesn't get very in-depth. This test takes about 5 hours to complete also, compared to the 45 minutes that it took to take the Security+. It's important to note that the GSEC, while 5 hours long, is open-book. My company sent me to a training class that provided 6 different books to cover any topic on the GSEC, however you also need an index. The books themselves don't have a table-of-contents, so you need to make an index yourself that covers just about every topic on every page. In my case, a coworker sent me his that he had used, and it turns out it was out of date so not a single page was correct. Much to my own surprise, I passed with an 82% (the minimum passing score is 74%) so while the index/books are important - they're not completely necessary as long as you paid attention in your classes. It should also be noted that I did not actually study for this. Most of it was just common-sense stuff like "Which of the following does an Intrusion Prevention Device do?" and knowledge that I had obtained from school/work.
 
After GSEC is the GCIH, or, GIAC Certified Incident Handler. I haven't taken this yet, nor the next one, so I can't speak to their difficulty or process, but I've been told by other analysts it's roughly the same as GSEC, just different information and more hands-on like capture the flag runs.
 
Finally, after GCIH, we are sent to get our GCIA, or, GIAC Certified Intrusion Analyst. Same with GCIH, I have not been sent to obtain this cert just yet, but I can only imagine it's somewhat similar to the last 2 as they follow GIAC's tiered structure.
 
So TLDR - as a current InfoSec Analyst - the recommended certs are Security+, GSEC, GCIH, and GCIA. There are many more certs out there, though, these are just the ones my company values currently.
 
Good luck!
I second Python as a great beginner language.
Here you go /u/moonknightspidey - http://learnpythonthehardway.org/
You don't have to buy the book, it's available through the web site for free. If you prefer a physical book: https://www.amazon.com/Learn-Python-Hard-Way-Introduction/dp/0321884914
The person I'm replying to also recommended Ruby. Zed Shaw also wrote a ruby book.
Online (free): http://learnrubythehardway.org/book/
Print: https://www.amazon.com/Learn-Ruby-Hard-Way-Computational/dp/032188499X
And if you're feeling crazy then you can learn you a haskell (don't do this).
Bookmark these for when you get into C later:
http://c.learncodethehardway.org/book/ Same guy who wrote Learn Python the Hard Way. The online (free) copy of Learn C etc is incomplete, but is now available in print in full: https://www.amazon.com/Learn-Hard-Way-Practical-Computational/dp/0321884922
Then there's beej: http://beej.us/guide/
And the obligatory TCP/IP book: https://www.nostarch.com/tcpip.htm
If anyone's wondering about why I just spammed the shit out of Zed Shaw's books, it's because his writing style is very easy to get into and keeps your attention. It's anything but dry, and focuses on making you write code, break it, and figure out why it broke.
There are other good Python books as well, like this one: https://www.nostarch.com/automatestuff
And here's another No Starch book on Ruby (I like No Starch - Absolute OpenBSD is a great reference) - https://www.nostarch.com/ruby
Security onion is amazing, I use it myself as a VM in a home esxi server with a cheap 5 port smart switch.
A few quick notes:
My suggestion is to get a cheap switch with port mirror capabilities, like the Mikrotik Routerboard 260gs. Get a wireless AP (or an old router which has AP only mode), and plug this into your switch. Plug your actual router (the one doing the NAT) into the switch, and mirror these to a port that is connected to the security onion box.
That way will get you both ethernet and WiFi traffic. If you have any questions about running security onion in a home setting, feel free to send me a PM.
I'm the manager of application security and research at a mid-level software vendor with over 400 developers and testers and I want to recommend you ignore all of the more generic advice currently in this thread. As someone with coding experience and interest, you have a unique path to infosec that so many companies want, but find it extremely difficult to hire for.
Any company that ships software has to consider the security of their application - full stop. Most rely on scanners or annual third-party vulnerability assessments for this, but obviously that falls short. They need people who can build security in from an architectural standpoint. Someone who can actually implement the fixes suggested by the above methods, and ideally, someone who can help implement security as an integral part of the SDLC instead of as a bolt-on premise.
My recommendation is to make your way through 24 Deadly Sins of Software Security and The Web Application Hacker's Handbook. If you can understand the bulk of concepts in these two books, you'll be leagues ahead of almost any developer you find yourself up against in a hiring scenario. For the coup de gras, learn about threat modeling. It's a great way to teach other developers and testers security and to build security into any system during design instead of post-release. Check out this book which is actually probably a little too comprehensive, use this card game from Microsoft (it seems silly, but I promise you it works), and watch this talk one of the guys on my team gave at BSides Cincinnati.
If you have any questions, PM me.
>CHARGING your smartphone by plugging it into a computer or public charging station is enough to get your hacked, security experts have claimed.
This article is refering to what i was saying about charging stations where sometimes the USB ports in those stations can be used to install or break into your device IF you are using a one of those ports directly but if you use the power adapters you are perfectly fine given that i have never seen a power outlet that transfers data. As for the computer side of things well its a given that: One, Public WiFi is a venerability in it of itself, Two where if you connect to your machine your device would be as secure as the machine itself (IE firewalls, antivirus, ETC). If you really want to be secure use a power adapter OR a power only usb cable Like this
Make friends with someone local and technically competent, or get familiar with simple hardware and software work. You'll need a Windows install disk, a new hard drive, an USB to hard drive connector and a screwdriver set to do this.
Good luck. Recognize that if he's a douchebag, he'll threaten you with exposure of anything he's already obtained. You'll have to accept that or he'll have power over you.
The guy that wrote that blog post has a good book called Spam Nation that talks about his deep dive investigation into Russian cybercrime gangs. It's incredibly good, and he's one of the best reporters on the cyber underground.
I'd also look for the coverage of Stuxnet. There's a really good documentary about it called zer0days, and since you specifically asked about books you could do Countdown to Zero though I haven't read it so I don't know how good it is. If you haven't heard about Stuxnet it's a fascinating story about just how advanced US cyber warfare capability is.
Everyone seems to be pretty on point with their responses so I'll just throw some ideas out there that you can look into to maybe find a more exciting vector:
Good luck!
You might be interested in reading Practical C Programming. This book is about C (obviously) but it has really helped me understand what good code is supposed to look like. It looks very much like yours! I recommended it to all.
Find an FM transmitter for the car like this one: https://www.amazon.com/Transmitter-Adapter-adapter-Built-Players/dp/B076X3GSMH and set it to 98.1FM and hide it somewhere as close to the antenna of the radio as possible. Depending on the strength of the FM transmitter it will cause a lot of static and interference and force your manager to use another station. Connect to an ipod and play grindcore/deathmetal on repeat for an even more annoying effect.
Have you read Blue Team Handbook? It could be a good place to start and I'm guessing your company can swing you $15
Hey all, sorry I didn't post specs I was asleep
This is my general purpose tech kit. I used to do security research for the gov so I've collected some stuff over the years.
Keyboard is Rii Mini i8
Various adapters for HDMI, USB-C, Mini/Micro USB, and a USB-to-TTL Serial (Blue Cord)
RPI 3 with a bunch of microSD cards. This has many purposes such as wardriving, rogue hotspot, and general purpose linux.
Alfa USB Wireless Adapter
Ethernet Cables
Power Extender
USB Power Bank
And a static free bag
The USBs have since been replaced by a single YUMI USB I keep on my person but contain:
Spinrite, Kali, Tails, Hirens Boot CD, Rubber Duck, Windows Recovery, Mac Recover, and random tool installers
Expanded View https://i.imgur.com/mXPSR1s.jpg
USB-to-TTL Serial https://www.amazon.com/gp/product/B00QT7LQ88/ref=ppx_yo_dt_b_asin_title_o05__o00_s00?ie=UTF8&psc=1
Edit: This isn't actually really the "good" stuff because that's all in my notebook. I guess I could post a few pages from that?
This is one of my security starter trifecta:
Hacking: The Art of Exploitation
Rtfm: Red Team Field Manual
Blue Team Handbook: Incident Response Edition
Books:
1.amazon.com/Rootkit-Arsenal-Escape-Evasion-Corners/dp/144962636X
2.amazon.com/Art-Memory-Forensics-Detecting-Malware/dp/1118825098
3.nostarch.com/rootkits
Blogs/Forums:
1.0x00sec.org/
2./r/rootkit
3.rootkitanalytics.com/
4.turbochaos.blogspot.co.uk/?m=1
5./r/malware
6./r/reverseengineering
7.r00tkit.me/