So my advice is to learn python for programming bc hacking is making and running programs. But I reccomend this book: https://www.amazon.com/dp/1593271441/ref=cm_sw_r_cp_apa_i_1bO9CbHB9MQFT
I'm not a hacker per say but ik the path to get there and that's where I suggest to go into.
But the absolute first thing is to learn about computers because if you don't know anything about computers then why would you be able to right programs for them right? So I suggest taking a course to get the A+ certification because it really is good to learn about s computers, also I recommend learning some networking...eli the computer is great for that, but that's about it just learn programming and computers and hacking will come naturally with creative thinking.
by rrriot 2019-11-17
Been a while since I studied memory corruption attacks, but Hacking: The Art of Exploitation was by far the most instructive book on learning buffer overflows for me.
by cookenmeth 2019-11-17
“Hacking: The Art of Exploitation”
https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441
by eRIPlinuOusI 2019-11-17
Plus one for violent python! Blackhat python is a similar book to violent python too that seems good.
If you're coming from a compsci background or have some C knowledge then "Hacking: The art of Exploitation" is a really good one. I found it pretty hard going not knowing absolutely anything, but revisiting it with what I know now, it really does cover a lot of great topics in really good detail. It's really good at explaining the why of things too, whereas a lot of other materials focus on the how it's done only.
by cookenmeth 2019-11-17
There’s a book called, “Hacking: The Art of Exploitation,” that includes a lot of assembly.
https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441
Excellent questions! If you are a CS grad you are ahead of the game. However, it all depends on what you want to do. I suggested learning programming/CS principles for two reasons:
The more you understand how computers, code, compliers, software, stacks, memory randomization, CPU protection rings, and the such work the better you are at hacking. You can find novel ways to get into systems and exploit them, etc.
You can write basic tools on the fly. It is amazing the tools you can create with a few lines of code when you have access to nothing but a GCC compiler in a *nix environment.
If you want to find zero day exploits, yes learn how low level languages work. It would be very helpful in that case.
Otherwise, Learn python (or whatever is popular at the time) to write your own exploit tools....or to modify existing ones.
If you want to be apart of a red team learning lower level languages could make you a better exploiter. However, IMO, I would start with just learning the basics of hacking.
These two books are old but they are absolute standards for anyone starting off:
Also, learn as much as you can on how windows/Linux/virtual machines (and containers) work. The more you know about how an OS works the easier it is to exploit.
Learn to exploit, there are a ton of free sites to help you learn:
http://overthewire.org/wargames/
https://www.cybrary.it
www.vulnhub.com
http://google-gruyere.appspot.com
Learn CTF challenges:
https://ctflearn.com
When you are able to hack take part in real challenges:
https://ctf365.com
Then start your career with a RESPECTED CERT, OSCP:
The OSCP is no joke and it is a timed, 24 hour cert test. Yes, you read that right, 24 hours.
Unless you want a government gig stay away from C|EH, it is a joke cert in the community. Again, unless you need to work for a gov agency
Finally, and I cannot stress this enough.....LEARN CLOUD COMPUTING!!! It is here to stay and on-prem systems are dying a slow death. It will change how you exploit systems and how software is engineered/deployed.
Incredibly good book that gets you started with the fundamentals. This is absolutely barebones fundamentals, and you'll cover a lot of shell scripting and just, in general, what is REALLY happening when someone is "hacking" something.
That is probably a little too low level compared to "cloud security". You could try picking up a CISSP book (don't bother taking the actual exam) and just studying that. Learning how data travels from your application to the OS to the network layer to bare metal onto another computer/machine and back up.
by anonymous 2019-07-21
I highly recommend:
Hacking: The Art of Exploitation
Gray Hat Hacking, Second Edition: The Ethical Hacker's Handbook
There are numerous guides across the internet for learning pointers. Here's one: http://pweb.netcom.com/~tjensen/ptr/pointers.htm which I've used.
I'm also going to suggest this book to you: Hacking, the Art of Exploitation 2nd Ed.
This book will not make you a "hacker". Nothing but lots of reverse engineering / studying binary code, trial and error etc is going to do that. It does, however, introduce to you how you start doing these things and that comes down to a fundamental understanding of how C works, including pointers. Its introduction to assembly/C is one of the best I've seen because it runs you through several C examples and how you investigate what's going on with gdb, a command line debugging tool. That way you can see the C and see the assembly. This includes a fundamental understanding of what pointers are.
This book will as a side-effect give you an introduction to the stack and the heap, data structures etc. In short, reading the intro sections will give you a lot of benefit for the rest of your course.
RCE is great skill for security guys (research, exploitation, IDS, IPS, AV etc.) but also it proves that you've got a deep and low level understanding of the subject.
Finding your way way around easier when working with 3rd party libraries as well.
If you are not working in security industry, if you are not good at ASM don't bother to learn it, generally it's hard to learn.
Books
Hacking the art of exploitation talks about the subject from security point of view.
Also you might want to read books about Ollydbg and IDA Pro
If anyone has any trouble with something in the walk-through as far as needing clarification or they are attempting to do it themselves and find I messed up somewhere, please let me know! Thank you.
The binary can be found on my github: https://github.com/emtuls/ctf/tree/master/2018-hacktober.org/Binary_Analysis/binaries -> Larry.out
For anyone that needs resources for learning Reverse Engineering, I can provide you with a baseline that I would recommend starting with. Eventually, I plan on making my own set of tutorials...but that's in the works.
x86 Assembly:
If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.
Legend of Random Very useful hands on with tutorials. Mainly based on cracking, but that requires reverse engineering. Highly recommend this!
Lenas Tutorials Again, another awesome hands on tutorial, mostly based on cracking as well.
Crackmes These are more of challenges once you start to have a little understanding down
Courses:
Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:
Basic Dynamic Analysis
Real World Decompilation There are a few videos to this series and he disassembles a game, definitely nice to learn from.
Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.
by emtuls 2019-01-13
If anyone has any trouble with something in the walk-through as far as needing clarification or they are attempting to do it themselves and find I messed up somewhere, please let me know! Thank you.
The binary can be found on my github: https://github.com/emtuls/ctf/tree/master/2018-hacktober.org/Binary_Analysis/binaries -> Larry.out
For anyone that needs resources for learning Reverse Engineering, I can provide you with a baseline that I would recommend starting with. Eventually, I plan on making my own set of tutorials...but that's in the works.
x86 Assembly:
If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.
Legend of Random Very useful hands on with tutorials. Mainly based on cracking, but that requires reverse engineering. Highly recommend this!
Lenas Tutorials Again, another awesome hands on tutorial, mostly based on cracking as well.
Crackmes These are more of challenges once you start to have a little understanding down
Courses:
Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:
Basic Dynamic Analysis
Real World Decompilation There are a few videos to this series and he disassembles a game, definitely nice to learn from.
Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.
by anonymous 2018-01-07
I'm using ggc under Linux, but this is a copy from a book: https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_1?ie=UTF8&qid=1515250375&sr=8-1&keywords=hacking+the+art+of+exploitation%2C+2nd+edition
I would really suggest purchasing a good book about it. From my point of view, I would go for "Hacking: The Art of Exploitation, 2nd Edition" from Jon Erickson which goes in depth about how to crack programs using gdb and other tools. It's really a wonderful book if you want to learn more about the world of cracking in general, and it doesn't require much prior security experience.
Quick link to Amazon: http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/d...
We mean hacker in the pg (http://www.paulgraham.com/gba.html) esr (http://www.catb.org/~esr/faqs/hacker-howto.html) sense of the word, namely an awesome programmer who loves learning, groks hacker culture, and self identifies as a hacker. Not a cracker. Certainly learning about computer security is part of being a good hacker, but it's not primarily what Hacker School is about.
Incidentally, have you ever read Hacking: The Art of Exploitation (http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/d...)? It's my favorite book on the subject.
I finally found the issue!!! I have to put #include <unistd.h> in order to use the correct lseek(). However I'm not sure why without including unistd.h it was compile-able though resulting in unexpected behavior. I thought that without including the prototype of a function, it shouldn't even compile-able.
Don't be put off by the title. Most of the first part of the book is "Hacking" in the Eric Raymond sense of the word: creative, surprising, almost sneaky ways to solve tough problems. I (and maybe you) was a lot less interested in the security aspects.
Low level h4cking.
https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441
So my advice is to learn python for programming bc hacking is making and running programs. But I reccomend this book: https://www.amazon.com/dp/1593271441/ref=cm_sw_r_cp_apa_i_1bO9CbHB9MQFT I'm not a hacker per say but ik the path to get there and that's where I suggest to go into. But the absolute first thing is to learn about computers because if you don't know anything about computers then why would you be able to right programs for them right? So I suggest taking a course to get the A+ certification because it really is good to learn about s computers, also I recommend learning some networking...eli the computer is great for that, but that's about it just learn programming and computers and hacking will come naturally with creative thinking.
Been a while since I studied memory corruption attacks, but Hacking: The Art of Exploitation was by far the most instructive book on learning buffer overflows for me.
“Hacking: The Art of Exploitation” https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441
Plus one for violent python! Blackhat python is a similar book to violent python too that seems good.
If you're coming from a compsci background or have some C knowledge then "Hacking: The art of Exploitation" is a really good one. I found it pretty hard going not knowing absolutely anything, but revisiting it with what I know now, it really does cover a lot of great topics in really good detail. It's really good at explaining the why of things too, whereas a lot of other materials focus on the how it's done only.
There’s a book called, “Hacking: The Art of Exploitation,” that includes a lot of assembly. https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441
https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441
Excellent questions! If you are a CS grad you are ahead of the game. However, it all depends on what you want to do. I suggested learning programming/CS principles for two reasons:
The more you understand how computers, code, compliers, software, stacks, memory randomization, CPU protection rings, and the such work the better you are at hacking. You can find novel ways to get into systems and exploit them, etc.
You can write basic tools on the fly. It is amazing the tools you can create with a few lines of code when you have access to nothing but a GCC compiler in a *nix environment.
If you want to find zero day exploits, yes learn how low level languages work. It would be very helpful in that case.
Otherwise, Learn python (or whatever is popular at the time) to write your own exploit tools....or to modify existing ones.
If you want to be apart of a red team learning lower level languages could make you a better exploiter. However, IMO, I would start with just learning the basics of hacking.
These two books are old but they are absolute standards for anyone starting off:
https://www.amazon.com/dp/1593271441/ref=cm_sw_r_cp_awdb_t1_GYIACb1Z2YXFA
And:
https://www.amazon.com/dp/1593275641/ref=cm_sw_r_cp_awdb_t1_zZIACbMH0WTMP
Also, learn as much as you can on how windows/Linux/virtual machines (and containers) work. The more you know about how an OS works the easier it is to exploit.
Learn to exploit, there are a ton of free sites to help you learn:
http://overthewire.org/wargames/
https://www.cybrary.it
www.vulnhub.com
http://google-gruyere.appspot.com
Learn CTF challenges:
https://ctflearn.com
When you are able to hack take part in real challenges:
https://ctf365.com
Then start your career with a RESPECTED CERT, OSCP:
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
The OSCP is no joke and it is a timed, 24 hour cert test. Yes, you read that right, 24 hours.
Unless you want a government gig stay away from C|EH, it is a joke cert in the community. Again, unless you need to work for a gov agency
Finally, and I cannot stress this enough.....LEARN CLOUD COMPUTING!!! It is here to stay and on-prem systems are dying a slow death. It will change how you exploit systems and how software is engineered/deployed.
https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441
Incredibly good book that gets you started with the fundamentals. This is absolutely barebones fundamentals, and you'll cover a lot of shell scripting and just, in general, what is REALLY happening when someone is "hacking" something.
That is probably a little too low level compared to "cloud security". You could try picking up a CISSP book (don't bother taking the actual exam) and just studying that. Learning how data travels from your application to the OS to the network layer to bare metal onto another computer/machine and back up.
I highly recommend:
Hacking: The Art of Exploitation
Gray Hat Hacking, Second Edition: The Ethical Hacker's Handbook
There are numerous guides across the internet for learning pointers. Here's one: http://pweb.netcom.com/~tjensen/ptr/pointers.htm which I've used.
I'm also going to suggest this book to you: Hacking, the Art of Exploitation 2nd Ed.
This book will not make you a "hacker". Nothing but lots of reverse engineering / studying binary code, trial and error etc is going to do that. It does, however, introduce to you how you start doing these things and that comes down to a fundamental understanding of how C works, including pointers. Its introduction to assembly/C is one of the best I've seen because it runs you through several C examples and how you investigate what's going on with gdb, a command line debugging tool. That way you can see the C and see the assembly. This includes a fundamental understanding of what pointers are.
This book will as a side-effect give you an introduction to the stack and the heap, data structures etc. In short, reading the intro sections will give you a lot of benefit for the rest of your course.
RCE is great skill for security guys (research, exploitation, IDS, IPS, AV etc.) but also it proves that you've got a deep and low level understanding of the subject.
Finding your way way around easier when working with 3rd party libraries as well.
If you are not working in security industry, if you are not good at ASM don't bother to learn it, generally it's hard to learn.
Books
Hacking the art of exploitation talks about the subject from security point of view.
Also you might want to read books about Ollydbg and IDA Pro
I personally recommend:
CEHv9 [https://toptalkedbooks.com/amzn/1119252245)
Hacking the art of exploitation [https://toptalkedbooks.com/amzn/1593271441)
Penetration Testing: A hand on Introduction to hacking: [https://toptalkedbooks.com/amzn/1593275641)
If anyone has any trouble with something in the walk-through as far as needing clarification or they are attempting to do it themselves and find I messed up somewhere, please let me know! Thank you.
The binary can be found on my github: https://github.com/emtuls/ctf/tree/master/2018-hacktober.org/Binary_Analysis/binaries -> Larry.out
For anyone that needs resources for learning Reverse Engineering, I can provide you with a baseline that I would recommend starting with. Eventually, I plan on making my own set of tutorials...but that's in the works.
x86 Assembly:
If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.
A few good books would be:
Hacking: The Art of Exploitation I am a huge advocate for this book. I learned a lot from this and have read it multiple times. It is written very well and teaches someone with no experience how to do C programming and assembly. This is mainly a book for learning exploitation/vulnerability research, but that can play hand and hand with Reverse Engineering. It will show you the assembly language break down of basic exploits and this can help you with RE.
Practical Reverse Engineering I read through the beginning of this book and it gave me some good foundations of understanding memory and computer architecture for RE along with assembly of course
Secrets of Reverse Engineering This book is a bit in depth, but the beginning gives another good foundation for Comp Architecture and assembly stuff.
The IDA Pro Book Haven't personally read this book yet, but I have been told it is the defacto standard for learning IDA Pro, and it has examples you can learn from.
Hands On:
Legend of Random Very useful hands on with tutorials. Mainly based on cracking, but that requires reverse engineering. Highly recommend this!
Lenas Tutorials Again, another awesome hands on tutorial, mostly based on cracking as well.
Crackmes These are more of challenges once you start to have a little understanding down
Courses:
Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:
Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.
If anyone has any trouble with something in the walk-through as far as needing clarification or they are attempting to do it themselves and find I messed up somewhere, please let me know! Thank you.
The binary can be found on my github: https://github.com/emtuls/ctf/tree/master/2018-hacktober.org/Binary_Analysis/binaries -> Larry.out
For anyone that needs resources for learning Reverse Engineering, I can provide you with a baseline that I would recommend starting with. Eventually, I plan on making my own set of tutorials...but that's in the works.
x86 Assembly:
If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.
A few good books would be:
Hacking: The Art of Exploitation I am a huge advocate for this book. I learned a lot from this and have read it multiple times. It is written very well and teaches someone with no experience how to do C programming and assembly. This is mainly a book for learning exploitation/vulnerability research, but that can play hand and hand with Reverse Engineering. It will show you the assembly language break down of basic exploits and this can help you with RE.
Practical Reverse Engineering I read through the beginning of this book and it gave me some good foundations of understanding memory and computer architecture for RE along with assembly of course
Secrets of Reverse Engineering This book is a bit in depth, but the beginning gives another good foundation for Comp Architecture and assembly stuff.
The IDA Pro Book Haven't personally read this book yet, but I have been told it is the defacto standard for learning IDA Pro, and it has examples you can learn from.
Hands On:
Legend of Random Very useful hands on with tutorials. Mainly based on cracking, but that requires reverse engineering. Highly recommend this!
Lenas Tutorials Again, another awesome hands on tutorial, mostly based on cracking as well.
Crackmes These are more of challenges once you start to have a little understanding down
Courses:
Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:
Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.
Quick link to Amazon: http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/d...
Incidentally, have you ever read Hacking: The Art of Exploitation (http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/d...)? It's my favorite book on the subject.
I finally found the issue!!! I have to put
#include <unistd.h>in order to use the correct lseek(). However I'm not sure why without includingunistd.hit was compile-able though resulting in unexpected behavior. I thought that without including the prototype of a function, it shouldn't even compile-able.The code was written in Hacking: The Art of Exploitation 2nd Edition by Jon Erickson and I have verified that in the book, there is no
#include <unistd.h>.I found Hacking: The Art of Exploitation to be an interesting and useful way into this topic... can't say that I have ever used the knowledge directly, but that's really not why I read it. It gives you a much richer appreciation of the instructions that your code compiles to, which has occasionally been useful in understanding subtler bugs.
Don't be put off by the title. Most of the first part of the book is "Hacking" in the Eric Raymond sense of the word: creative, surprising, almost sneaky ways to solve tough problems. I (and maybe you) was a lot less interested in the security aspects.