(Part 2) Best products from r/netsec

Hey /u/Xerack! I'm the original author of the post linked here.

Appreciate the feedback! If you think I could clarify anything better, please let me know.

As far as resources for Reverse Engineering, I can provide you with a baseline that I would recommend starting with.

x86 Assembly:


If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.


A few good books would be:

• Hacking: The Art of Exploitation I am a huge advocate for this book. I learned a lot from this and have read it multiple times. It is written very well and teaches someone with no experience how to do C programming and assembly. This is mainly a book for learning exploitation/vulnerability research, but that can play hand and hand with Reverse Engineering. It will show you the assembly language break down of basic exploits and this can help you with RE.
  
  
• Practical Reverse Engineering I read through the beginning of this book and it gave me some good foundations of understanding memory and computer architecture for RE along with assembly of course
  
  
• Secrets of Reverse Engineering This book is a bit in depth, but the beginning gives another good foundation for Comp Architecture and assembly stuff.
  
  
• The IDA Pro Book Haven't personally read this book yet, but I have been told it is the defacto standard for learning IDA Pro, and it has examples you can learn from.
  
  Hands On:
  
  
  
• Legend of Random Very useful hands on with tutorials. Mainly based on cracking, but that requires reverse engineering. Highly recommend this!
  
  
• Lenas Tutorials Again, another awesome hands on tutorial, mostly based on cracking as well.
  
  
• Crackmes These are more of challenges once you start to have a little understanding down
  
  Courses:
  
  Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:
  
  
  
• Basic Dynamic Analysis
  
• Real World Decompilation There are a few videos to this series and he disassembles a game, definitely nice to learn from.
  
  
  Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.

Let me preface this by saying I know nothing about netsec but can offer a general framework.

To make a career out of netsec you need to know the answers to three questions:

1. Who will I work for?
   
2. What will they want me to do?
   
3. How can I get them to employ me?
   
   As a starting point you might like to check out
   
   http://www.amazon.com/InfoSec-Career-Hacking-Sell-Skillz/dp/1597490113
   
   That book covers nominally what you are after but it's a touch old (2005) so things might have changed since it was published. Apparently it discusses the various job types within the industry which should give you a sense of what is possible.
   
   With this information you next want to find a list of employers you'd like to work for. Your goal is to try to build relationships with those companies: do they offer internships? What knowledge/experience are they looking for from new employees? Could you meet with someone to talk about the industry? Etc.
   
   You might be able to do this by blindly emailing or phoning the companies. However, it will probably be more effective if you can meet someone face to face. The obvious way to do this is to go to university careers fairs, conferences, local clubs etc. If you're at university you might be able to ask your teachers if there is anyone they know of who they could introduce you to.
   
   At the very start of this networking phase you could be quite broad in who you talk to. If you know 20 people and they each know 20 people then you have access to 400 friends-of-friends. Sometimes someone knows of someone who could be helpful for you. Once this lead generation has kicked into gear though you can focus down on the people most relevant to you.
   
   At this stage you hopefully be able to answer the question 'What do I need to know?' with 'If I can do x,y,z then ABC Inc will give me work.'
   
   You will now want to start learning those skills. Your contacts might be able to give you some suggested reference sources but you're probably best off learning by doing a series of small projects. The reason is that they will give you a sense of 'what it is really like' beyond the textbook theory, but also because they will prove that you can actually do something. It's one thing to say "I know some basic reverse engineering." and another to say "I know some basic reverse engineering, here is a 'Hello World!' program I wrote in C and here is a crack I wrote which makes it output 'Goodbye World!' instead."
   
   If you're really pushing this you could start a blog detailing your projects. From your perspective it's a way to track your progress. From a more pragmatic perspective it is an advertisment for yourself and a way to keep bubbling at the back of your prospective employers mind as they can see what you are working on.
   
   As you continue along this path eventually you'll get the necessary skill set to start applying for positions. When you do apply you'll hopefully have two aces up your sleeve: projects which prove you are capable of undertaking the required work, and ideally some sort of reference from an established figure within the industry (or even better, company.)
   
   I am vaguely aware of a netsec one-person consultancy company vibe. I don't know how common that is or how you would set up as an independent contractor but that is another path to look into.
   
   ----
   
   This approach is loosely based on this which might be interesting to you for a much more detailed application in an academic setting.

I was hoping to get specifically into crypto/privacy. I've been learning from these books:

• http://www.amazon.com/Understanding-Cryptography-Textbook-Students-Practitioners/dp/3642041000
  
  
• http://www.amazon.com/Concrete-Mathematics-Foundation-Computer-Science/dp/0201558025/ref=sr_1_1?s=books&ie=UTF8&qid=1348702359&sr=1-1&keywords=concrete+mathematics
  
  and supplementing that with the Coursera Cryptography I class
  
  my eventual goal is to do either information security or penetration testing, but pen testing seems like one of those jobs that sounds great and seems so cool that everyone wants it. Like the job equivalent of planning on being a rock star.
  
  I've got a working knowledge at least of Java, but no programs to show for it yet (which was the source of my wanting this advice here.)
  
  Also, I have been doing this without a college, and don't really plan on going to college at any point soon.
  
  I do want to look into certifications, they were something I've had an eye on, but the opinions on their use is so varied on them I just figured I'd wait to get them until after I had a working knowledge base, then just blow through them to have the piece of paper.
  
  I've read around that the CISSP takes 5 years to take credit for, and the associates is like 3 or so. While I do want the most laudable one (i've read the DoD/Gov'ts cert requirements and it cares a LOT about the CISSP), That would mean 3-5 years of a catch-22 of not having the job to get the CISSP exp. with, because it would be my only cert so far and I can't take credit for it, therefore I have no certs and can't get exp.
  
  I've messed around with backtrack and armitage, and got through as much of Hacking Exposed (6th edition) to know at least the process, but haven't applied any of it and it seemed like it might be better to learn how things work before subverting details and breaking protocols for fun and profit.
  
  I do plan on getting the CISSP, but I'm not gonna start that process until I already have a job in the field i can use as experience to get more jobs, otherwise I'll just be sitting on my hands.
  
  Does that all seem alright, or do you have any advice? Sorry for talking your ear off, if that's what i did just now.
  

Ok - Here's a list of books I've read in the last few years

• Gray Hat Hacking - The Ethical Hacker's Handbook - Really good intro to Software Sec / Reverse Enginering / Disclosure
  
• Counter Hack Reloaded - A 'bible' of phased attacks - classic book.
  
• Guide to Network Defense and Countermeasures - Technically designed as a 'prep' book for the SCNP, it's still a great read about IPS, IDS, NetSec Policies, Proxies, firewalls, packet filtering, etc
  
• Hacking Wireless Exposed - Great intro read on 802.11 sec.
  
• CWNA/CWSP Exam Guide - Assumes 0 knowledge about RF. More intense than Hacking Wireless Exposed, but also easier to learn from. I went into this book knowing very little about RF, left it feeling confident. Well written.
  
• Snort 2.1 - Self explanatory, but a book about the IDS system Snort. Not perfect, but again, great starter book.
  
• The Web Application Hacker's Handbook - The best for last. The holy grail of web hacking. Second edition SHOULD be coming very soon, depending on the drop date may be worth it to wait.
  
  As you can tell, I'm big on the technical books, and even exam prep books. This is just a selection, but I think it's a good starter pack to some different fields.
  

I've read a lot of these but I'm glad to see not all of them :) Adding to my reading list for sure.

Thanks!

EDIT: forgive me if these are already listed but just in case...

Bug Hunter's Diary - http://www.amazon.com/Bug-Hunters-Diary-Software-Security/dp/1593273851
Gives real hands on real-life experience in a "diary" format and covers some great bugs

Gray Hat Hacking - http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071742557
Despite a bad generic "ethical" title this book goes really in-depth on a lot of subjects (almost to the point of rambling actually) including fuzzing, client-side exploits (mostly browser-based), and much more.

Hacking Windows Exposed - http://www.amazon.com/Hacking-Exposed-Windows-Microsoft-Solutions/dp/007149426X
Another generic title but this book has small good parts scattered throughout, really written more for pentesters it has some very common red team methods but also has a few hidden gems hidden within the various subjects it tries to cover.

Also for anyone looking to get TAOSSA (The Art of Software Security Assessment) it's absolutely huge and WILL split down the middle while reading...it's sitting on my bookshelf right now in its ripped state but I've read it 4 times and still don't feel like all the material has sunken in, if you're going to buy any book at all it should be that one as it will provide countless hours/days/weeks/months of reading.

this one

price has gone up i think, but it works really well on *nix (tested on Ubuntu and Kali), and works well with all the major SDR software suites i tried (their names escape me, its been a while).

Note that it gets very hot, so maybe get some of those adhesive heatsinks that amazon sells as add-on items. The heat never caused me issues, but i'd say it's a good idea anyway.

The one you linked uses the exact same demodulator, so it should also be decent.

However, the NooElec stuff tends to have better support, and good build quality. The NooElec one has separate add-ons for Ham radio (called "ham it up"), and another one for Wi-Fi.

Anything with a RTL2832U demodulator should work on linux pretty well, though.

If you're a novice, as most people start out as, then I would recommend the following:

The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy

Hacking For Dummies

Grey Hat Hacking

Hacking Exposed - 5th Edition - May be outdated

Network Security Bible

So now people here may disagree on the books I've suggested, and that's fine, but it definitely depends on what you're trying to learn and/or accomplish. Google is a great place to start as well without spending a fortune on books.

Some great websites:

SANS
Dark Reading

I'm sure you can find plenty more.

And always ask questions, even if you think its a stupid question. Being on Reddit and having the luxury of anonymity, you can ask away without worrying about getting personally ridiculed.

As far as hackerspaces and defcon, they were just a suggestion. If you ever are able to get to a hackerspace though, I highly recommend it.

1. Can you talk a little about what you do at Bromium? What companies do you work with? What do you do for them specifically? Whats your day to day job like? Is traveling involved?
   
   
2. Your book was a great read, and I definitely recommend people buy it. Are you considering writing a part 2?
   
   
3. What does your ideal second edition of your book look like? Do you have any sections that didn't make the final cut? (I saw you had already mentioned the impact on Tibia chapter getting cut as well as a section on API Monitor)
   
   
4. Are there legal issues surrounding writing about Anti-cheat? What legal issues did you run into when writing the book?
   
   
5. I know your name is out there and I saw you have made numerous videos for your Tibia Bot. Have you ever run into legal issues there?
   
   Thanks again man, I really enjoyed reading your story!

Since searching wikipedia turned up the Timeline of Non-Sexual Social Nudity(TIL) I'm just going to guess you're you're looking for a more techie true to life rendition of the hacker archetype based on the amazon synopsis.

Based on that I'd recommend:

Cryptonomicon

just.go.read.it.right.now.

It may take a little effort to get into, damn thing is a tomb, but give it a chance. You will not be disappoint.

--------------

Stealing the Network Series

How to Own a Box

How to Own a Continent

How to Own an Identity

How to Own a Shadow

comments

These are told in a chapter/viewpoint style, each chapter is usually written by a different knowledgeable, and sometimes security famous, security dude. Out of those I've only read How to Own an Identity so far, but it was pretty good and and my guess is that the rest hold up to that standard, so dive in. They are a series from what I understand so reading them in order is probably a good idea, but not completely necessary.

_____

And then for flair (these are more scifi/cyberpunk-ish; so if that's not your thing avoid):

Snowcrash

comments

The main character's name is Hiro Protagonist. No seriously. He's a ninja, he's a hacker, he lives in a U-Store-it container, and he delivers pizza for the Mob in a post-collapse USA, can you really not read this book now?

--------------

The Diamond Age

comments

All about the practical social implications of nanotechnolgy told through the eyes of a young girl, her father, and an assortment of disposable associates.

--------------

The Sprawl Trilogy

Neuromancer

Count Zero

Mona Lisa Overdrive

comments

I've only read Neuromancer and Mona Lisa Overdrive, which were both great, so I'm guessing Count Zero is probably good too.

Similar to Snowcrash in the lone gun hacker sense, except with more drugs a little bit more of a scattered tone.


And if all else fails there's always the DEF CON reading list.

ninja edits because I suck at markdown

• Malware Analyst's CookBook is pretty good, lots of examples of techniques with example code.
  
• The Rootkit Arsenal is also supposedly really good.
  
• The Shellcoders Handbook (2nd edition) will help you get up to speed with mainstream exploitation techniques.
  
• Linux Kernel Development is a short read and describes the architecture of the Linux Kernel. Also explains many basic Operating System concepts.
  
• UNIX Network Programming, Volume 1: The Sockets Networking API (3rd Edition) introduced IP/IPv6/IPSec/TCP/UDP/SCTP as well as the POSIX Socket API.
  
• Cannot stress this enough, pickup your choice of a C/C++/Java/C#/Python/Ruby/etc book. Having a solid understanding of a programming language will make life much easier.

Two good books I'd recommend for getting started in exploitation:

• http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441
  
  
• http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/ref=sr_1_2?s=books&ie=UTF8&qid=1344637332&sr=1-2&keywords=shellcoder%27s+handbook
  
  Both are good resources to start with. Other than that, learn vdb/windbg/ollydbg/your debugger of choice, use it, and start making binaries do your whim. I started by debugging notepad back in the day.

This is why I recommend all my pen testing peers read a book on cryptography, to better understand how things like this can break in very not obvious ways.

http://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246

It doesn't do anything you don't tell it to. You can tell it to do a lot.

I'd recommend testing the wifi stuff out at home with some old APs, or something like range-box (image here). Other features can be tested with VMs in virtualbox.

Metasploit unleashed or Penetration Testing have some decent suggestions about building test machines (as well as directions for some of the tools of course).

I have the updated version: Cryptography Engineering. This was just a post to point out the updated version, I'm sure they're of equal value.

Learn sysadmin skills (linux sysadmin especially), learn to program in atleast one language can be anything: javascript or even python. Learn to hack web applications. Learn about infrastructure penetration testing. Have a look at hackerone.com and bugcrowd.com. Here are some guides to get your started:

Here is a copy paste of what I sent to another guy. Anyways here is my reading list: Check this too for practice: (List of vulnerable web applications that you can try on)https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project Try hackerone and bugcrowd too. Live sites you can hack. Some Stuff to read: https://forum.bugcrowd.com/t/common-assessment-tool-cheatsheets/502 https://forum.bugcrowd.com/t/researcher-resources-tutorials/370 https://ghostbin.com/paste/5o5zc https://www.reddit.com/r/netsec/comments/4k7y0q/video_of_hack_on_catalan_police_union/ http://0x27.me/HackBack/0x00.txt https://www.reddit.com/r/netsec/comments/3782hv/here_are_some_burp_suite_tutorials_for_you_guys/ Also read: 1. The Web Application Hacker's Handbook. (800 pages but just browser through it) 2. The Database Hackers's Handbook 3. Android Hacker's Handbook 4 . This book is good if you still very new: https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641 Also read this: https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf and this: https://github.com/jhaddix/tbhm Also check my subbreddit: /r/netsec_reading http://www.slideshare.net/bugcrowd/how-do-i-shot-web-jason-haddix-at-defcon-23 Some more blackhat stuff: https://ghostbin.com/paste/5o5zc https://www.reddit.com/r/netsec/comments/4k7y0q/video_of_hack_on_catalan_police_union/ http://0x27.me/HackBack/0x00.txt https://www.reddit.com/r/netsec/comments/3782hv/here_are_some_burp_suite_tutorials_for_you_guys/

For fiction, you MUST read Daemon and Freedom(TM)

I also enjoyed Snowcrash and Cryptonomicon, though in my opinion the latter was a little bit of a difficult read. Worth it though.

The Web Application Hacker's Handbook is a pretty good read. I didn't read the 3rd edition of Hacking Exposed but the second one was only mediocre.

Along that same vein is Web App hackers' handbook


Someone already mentioned OWASP, so i'll second that one.

Go read the book

Umm... not sure if this is sarcasm, or if you don't belong in this sub.

In case it's the latter:

• http://www.wiley.com/WileyCDA/WileyTitle/productCd-0471117099.html
  
• http://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246
  
• https://en.wikipedia.org/wiki/Blowfish_%28cipher%29
  
• https://en.wikipedia.org/wiki/Twofish
  

• The Shellcoders Handbook by Chris Anley
  
• Reversing: Secrets of Reverse Engineering by Eldad Eilam
  
• Hacking: The Art of Exploitation by Jon Erickson
  
• The videos and slides from the NYU Poly class "Penetration Testing and Vulnerability Analysis"