All Comments
TopTalkedBooks posted at August 19, 2017

So this is aimed at people in a cyber security degree? What kind of knowledge do they have?

> using all the tools of kali

Pleaseeee no. There are hundreds of programs and scripts in Kali, it would not be feasible to learn and remember them all. Off the top of my head what I would do is:

  • Have people do some of the starter wargames at overthewire so they are familiar with the linux command line. Maybe even make this a requirement to participate so you know that people are committed and have a base level of knowledge.

  • Read write-ups on attacks and attackers, here is a good one by Mandiant<--(PDF link)

  • Culture. I feel like this is one of the most neglected fields in cyber security. Read some phrack.

  • Split people into teams to work on projects so that they have experience working together.

  • Find some old CTFs or images on Vulnhub. See if you can register for some CTFs, looks great on a resume.

  • Learn about sql and sql injection.

  • Learn python, take a look at violent python or Grey Hat Python and Black Hat Python for more advanced stuff. There is also Hacking Secret Ciphers with Python for more of a crypto angle.

  • linux, linux, linux. feel at home in the terminal and be able to script bash.

  • Going over basic tools like nmap, aircrack-ng (airmon-ng, etc.), sqlmap, hydra, hashcat, metasploit, etc. Make whole day labs that use just one tool, You could maybe find an easy Vulnhub image or use Metasploitable to practice these.

  • Make sure everyone has a github and populates it with stuff they create in this class. Incorporate it into your class so you got people forking and contributing to other members/teams projects.

  • Look over books like The Hacker Playbook , Hacking, the Art of Exploitation , and so on for more ideas.

  • Maybe most importantly, have the students teach. I'm sure there are people in there who specialize in one tool or subject. Have them design and lead a lesson/lab/activity. The best way to solidify and expand on what you know is to teach it.

TopTalkedBooks posted at August 19, 2017

If you're interested in Computer Security I'd recommend learning the C programming language.

A really good book that includes some information on C and Computer Security is Hacking: The Art of Exploitation by Jon Erickson.

TopTalkedBooks posted at August 19, 2017
I'm the same as you. I got this book:

https://www.amazon.ca/Hacking-Art-Exploitation-Jon-Erickson/...

Which I've dabbled in, and haven't gotten further than what I already know from my CS education, but the consensus seems to be it's a good book to learn from.

TopTalkedBooks posted at August 20, 2017

Definitely learn the dark side. Even if you don't learn the actual techniques, at least make the effort to learn what's possible.

alt text http://ecx.images-amazon.com/images/I/51rqNSV141L._BO2,204,203,200_PIsitb-sticker-arrow-click,TopRight,35,-76_AA240_SH20_OU01_.jpgalt text http://ecx.images-amazon.com/images/I/519BX6GJZVL._BO2,204,203,200_PIsitb-sticker-arrow-click,TopRight,35,-76_AA240_SH20_OU01_.jpg

Good resources to learn the tricks of the trade are Reversing: Secrets of Reverse Engineering and Hacking: The Art of Exploitation. They're written for both sides - these could be used to LEARN how to hack, but they also give ways to prevent these kinds of attacks.

TopTalkedBooks posted at August 20, 2017

I found Hacking: The Art of Exploitation to be an interesting and useful way into this topic... can't say that I have ever used the knowledge directly, but that's really not why I read it. It gives you a much richer appreciation of the instructions that your code compiles to, which has occasionally been useful in understanding subtler bugs.

Don't be put off by the title. Most of the first part of the book is "Hacking" in the Eric Raymond sense of the word: creative, surprising, almost sneaky ways to solve tough problems. I (and maybe you) was a lot less interested in the security aspects.

TopTalkedBooks posted at August 20, 2017

I finally found the issue!!! I have to put #include <unistd.h> in order to use the correct lseek(). However I'm not sure why without including unistd.h it was compile-able though resulting in unexpected behavior. I thought that without including the prototype of a function, it shouldn't even compile-able.

The code was written in Hacking: The Art of Exploitation 2nd Edition by Jon Erickson and I have verified that in the book, there is no #include <unistd.h>.

TopTalkedBooks posted at August 20, 2017
We mean hacker in the pg (http://www.paulgraham.com/gba.html) esr (http://www.catb.org/~esr/faqs/hacker-howto.html) sense of the word, namely an awesome programmer who loves learning, groks hacker culture, and self identifies as a hacker. Not a cracker. Certainly learning about computer security is part of being a good hacker, but it's not primarily what Hacker School is about.

Incidentally, have you ever read Hacking: The Art of Exploitation (http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/d...)? It's my favorite book on the subject.

TopTalkedBooks posted at August 20, 2017
I would really suggest purchasing a good book about it. From my point of view, I would go for "Hacking: The Art of Exploitation, 2nd Edition" from Jon Erickson which goes in depth about how to crack programs using gdb and other tools. It's really a wonderful book if you want to learn more about the world of cracking in general, and it doesn't require much prior security experience.

Quick link to Amazon: http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/d...

Top Books
We collected top books from hacker news, stack overflow, Reddit, which are recommended by amazing people.