What are some Sup Forums approved programming books for someone wanting to get into hacking/pentesting?
Hacking and Programming
Juan Wood
Other urls found in this thread:
cs.cmu.edu
scs.hosted.panopto.com
cs.cmu.edu
youtu.be
en.wikipedia.org
hopperapp.com
intel.com
hopperapp.com
cs.colorado.edu
twitter.com
Michael Hill
freecst.com books, and if you really want good books I heard that SANS books are the good shit check ebay for them and enjoy paying $500 for books that will possibly be over your head.
Hudson Gutierrez
bump
Brody Cooper
>paying for things
found the jew
Colton Gray
bump
Jonathan James
bump
Caleb Fisher
bumping for intrest
Joshua Scott
What you need is:
(a) native-level proficiency with C and the memory hierarchy that C tries to abstract (ie: you want to understand what goes in registers, when, and why, and how a stack frame is laid out and why)
(b) at least limited working proficiency with compiler theory, most especially the analysis of control flow graphs
Understanding compiler IRs (particularly LLVM) is getting more important. Both exploit dev and reversing is becoming more and more theoretical (predicate translations and satisfiability, symbolic execution, &c) and less and less systems/network as that is getting larger-scale: like, writing whole-system emulators to reverse firmware targets.
This is the current state
Ryan Robinson
thnx for bumps
Austin Nguyen
This thread gets posted like every week.
I wish a 'Cyber Security General" would get made or something.
Kayden Lopez
>another shitty general where 1 or 2 people post actual information in between the garbage shit posting until the thread dies after 30 posts
fuck off. i am security engineer and ive posted resources a couple times. not today though buddy
Brayden Morales
That would be awesome.
I already have a basic understanding of systems and networking(TCP/IP, DNS, OSI Model, etc)
Jack Miller
Also, here's how you learn it:
15-122
cs.cmu.edu
This will teach you how imperative languages work (C) and how to proof/reason code correctness (in C0, then they transfer to C).
Then take some Compiler theory
cs.cmu.edu
Also implement the little compiler in SICP at the end of the book. Now find the Handbook of Satisfiability (SAT) and every other resource you can on modern analysis/SAT
youtu.be
en.wikipedia.org
Finally read The Art of Software Security Assessment which will teach you how to exploit those bugs that are revealed to write a PoC so you can sell your bugs to the NSA lul
Connor Ward
is reversing viable on linux? i feel like i cant reverse as many exes or dlls as i can on windows.
unless i use a vm.
Lucas Cook
I did with hopper
hopperapp.com
License is only $120 compared to $1k for IDA pro
Henry Cook
I've just been running Ida in Wine. Works surprisingly good. But I feel like I'm getting nipped out of reversing opportunities Can you reverse normal Windows EXEs with Hopper?
Jaxon Moore
You can start by reading this.
Andrew Allen
Yes, try the demo hopperapp.com
I just grab the CFG and run analysis on it. cs.colorado.edu
Isaac Wood
You can reverse iOS apps with it too, android apps, hopper is awesome.
Reverse the google play framework and write your own crude alternative if you want to go full Stallman as that's the kind of shit he used to do at MIT labs. Run a phone free of google AIDS yet you can still use Signal/Textsecure
Benjamin Morgan
so exploit dev is becoming math analysis? good to know.
Jaxson Lopez
I don't get it. You're a Jew if you pay for things and Jew if you don't.
Somebody teach me the Kabbalah.
Colton Sanchez
He's just poor and finds no value in buying physical books.
Evan Gomez
Yes, it's actually much easier now. You use an Inductive Map to map each node to a set of program states then bash the shit out of the CFG logic with edge cases.
Most of the tools are already developed for automating this, but expensive. To do it yourself just learn some basic proof by induction which is standard in any first year calc course, and discrete Satisfiability.
Camden Powell
Interesting, could you provide some more info/papers to read?
Tyler Allen
k, nvm did not see
Liam Evans
>Understanding compiler IRs (particularly LLVM) is getting more important. Both exploit dev and reversing is becoming more and more theoretical (predicate translations and satisfiability, symbolic execution, &c) and less and less systems/network as that is getting larger-scale: like, writing whole-system emulators to reverse firmware targets.
What tools do you use to start with this part?
Are there crackmes specifically designed to hold your hand through taking first babby steps?
I'm fairly well-versed in assembly and compiler quirks, but outside of crackmes real world programs of today are just so fucking massive. I have no problems solving the "difficult" rated crackmes on crackmes.de for instance, because they throw you the relevant code in the face. Though I am really struggling just finding the serial algorithm for a small, real world program. There is so much to strip away just to get at the core.
Colton Richardson
start with C++ tutorials on YouTube, google anything u don't understand (Stack Owerflow got me most of answers), search GitHub for some code examples, and ofc buy some books( I personaly didn't use any book for programming).
After some time with C++ start with C# (Visual Studio 2015 is badass imo).
To start hacking u need a lot of fundamentals (and to know roots I quess...), for that u will need books, most tutorials on YouTube are shit. First u need to learn how to use hacking tools, only after that u will understand how to program one (like keylogger and worm). And ofc use some already made exploits to understand how to make ones.
Check Offensive Security and OWASP. They have exploit database and virtual labs.
For XSS (cross site scripting) u will need to know some PHP and JavaScript (and overall some HTML and CSS, its web afterall)
For SQL injection u will need to learn some database languages, PostgreSQL, MySQL ect. (same shit).
Here are some good books that i read. Tho there is much more to hacking and i rly dont have patience to write all the stuff.
Gray Hat Hacking The Ethical Hackers Handbook
Hacking Exposed Web 2.0
Hacking Exposed Malware and Rootkits (and all other Hacking Exposed series)
The Hackers Underground Handbook (this is oldschool book)
Metasploit
(just go google for books and check reviews on formus)
Julian Cox
I assume you used the book cover for illustrative purposes. I read it when I was an edgy teenager and it was more a low-level system architecture book and compiler book. It's prerequisite knowledge for security stuff, but not comprehensive.
Anthony Jones
There are amazing pentesting books for python.
Jordan Baker
>(a) native-level proficiency with C and the memory hierarchy that C tries to abstract (ie: you want to understand what goes in registers, when, and why, and how a stack frame is laid out and why)
Check.
>(b) at least limited working proficiency with compiler theory, most especially the analysis of control flow graphs
Check.
>Understanding compiler IRs (particularly LLVM) is getting more important. Both exploit dev and reversing is becoming more and more theoretical (predicate translations and satisfiability, symbolic execution, &c) and less and less systems/network as that is getting larger-scale: like, writing whole-system emulators to reverse firmware targets.
Agreed.
When do I get my haxor diploma?
Lucas Anderson
I want to learn more about the low-level stuff, like computer architecture, assembly, how operating systems work, etc. Is "Computer Systems, A Programmer’s Perspective" a good book to start
Ayden Fisher
Here's a good place to start: wiki.osdev.org
Alexander Morgan
this is great. thanks!
Michael Walker
when i try to use an html injection to mess around with my profile on a website the site just takes what i've entered and saves it as text instead of being tricked into thinking that the text includes tags that are meant to be there
any ideas?
Jaxson Lewis
intel manuals. now kill yourself
Mason Barnes
> Jews "paying for things"
So you're poor and are a racist lacking even the basic knowledge of race stereotypes.
Nathan Reed
Don't be a one-trick pony, if the site is secure against XSS, try something else or try somewhere else.
The difference between a script kiddie and a hacker is one of them can thnk.