How to learn hacking(fsecurify.com)
fsecurify.com
How to learn hacking
http://fsecurify.com/how-to-learn-hacking/
45 comments
I just read How To Become A Hacker the other day and I highly recommend it. Not only is it a good read but the resources for continued reading mentioned in the text is very good content.
Be careful not to confuse this blog with F-Secure the Finnish Security company. Seems to me the two are totally unrelated.
ESR is a racist and a misogynist. And that document might as well be called "how to be ESR".
fao_(1)
What if we separated his work from himself?
I don't know Eric enough. I know he is right wing, but not sure if he is racist.
Suppose he is a racist, can't his text about being a hacker be great?
I read "How to become a hacker" in 2014. It is awesome and he does not say anything about woman and race on the text.
According to some historians, Da Vinci was a dushbag. Should we ignore his crafts just because, apparently, he was a bad person?
I don't think so.
I don't know Eric enough. I know he is right wing, but not sure if he is racist.
Suppose he is a racist, can't his text about being a hacker be great?
I read "How to become a hacker" in 2014. It is awesome and he does not say anything about woman and race on the text.
According to some historians, Da Vinci was a dushbag. Should we ignore his crafts just because, apparently, he was a bad person?
I don't think so.
That's true, but the bigger problem with the document is that ESR's role in "hacking" is largely "making things to assign CVEs to".
Except all this has in common with the original post is the word 'hack'. Actually what you've posted is quite clearly against what the original post is about.
> There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.
> There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.
I suspect this is a cultural thing. Here in Germany, most journalists and writers use the term "hacker" for both, the constructive and destructive parts. For example, the Chaos Communication Congress is described by media as "hacker congress" even though it has a wide scope where presentations about breaking into systems are just a minor part of it.
oh, for sure. Hacker I think has a much more broad meaning than JUST security. I don't think security should be excluded from it though as the How to be a Hacker article promotes.
Apologies if you find it disappointing. The people who daily ask me questions about hacking are mostly interested in "Getting a swag from Google" part and I was a little bit inclined to give resources to such people. It is by no means a thorough guide covering everything. It's just a start for people wanting to learn some stuff. I found these resources to be quite good.
Best Regards.
Best Regards.
It doesn't actually say.
I did get the impression he was quite accomplished -- given his acknowledgement from NASA -- so I guess... success?
step 0: google "wordpress exploit" or "windows exploit framework".
step 1: figure out how to run it
step 10: deface some useless site or get access to computer of your friend.
step 11: buy t-shirt with words "haxx00r" or "the matrix green failing letters".
step 1: figure out how to run it
step 10: deface some useless site or get access to computer of your friend.
step 11: buy t-shirt with words "haxx00r" or "the matrix green failing letters".
So what's the business of this company and its CEO? Other than trying to collect subscribers to his blog.
Also really confusing name considering there's the Finnish security company called F-Secure who also have a technical blog: https://labsblog.f-secure.com/
And now also run a security course in Helsinki University: http://mooc.fi/courses/2016/cybersecurity/
Also really confusing name considering there's the Finnish security company called F-Secure who also have a technical blog: https://labsblog.f-secure.com/
And now also run a security course in Helsinki University: http://mooc.fi/courses/2016/cybersecurity/
If you think I am trying to collect subscribers, I have removed the "Subscribe to us" text from the post. F stands for my name and I liked the domain.
There is no business of this company. All I do is learn stuff, try to come up with good articles and post them. I plan to convert it into a proper company once my studies are over. I am just a student at the moment.
Hope everything is good now.
Best Regards.
There is no business of this company. All I do is learn stuff, try to come up with good articles and post them. I plan to convert it into a proper company once my studies are over. I am just a student at the moment.
Hope everything is good now.
Best Regards.
"All I do is learn stuff" sounding phrase dot com would be more inline with your stated objectives.
Currently, name & logo look like something a company would use and are potientally easily confused with other companies using similar names; as mentioned in other comments.
Just to be clear, it is obvious you put a lot of work into this, thanks for sharing. Keep it up!
Currently, name & logo look like something a company would use and are potientally easily confused with other companies using similar names; as mentioned in other comments.
Just to be clear, it is obvious you put a lot of work into this, thanks for sharing. Keep it up!
If people actually care about this topic, and want to see someone doing a genuinely good job, check out LiveOverflow. Some other posters here will make fun of his dubstep intro music, green on black terminal text intro with the Rabbit, but he admitted in his first QA it was tongue and cheek.
His subreddit:
https://reddit.com/r/liveoverflow
His YouTube channel:
https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
I have taken more traditional infosec coursework for $DAYJOB. I must say this stuff, the more novice stuff beneath and the more advanced stuff above my head, is well structured, even if informal, entertaining, and inspiring. I definitely want to give back to the community like him with solid content and a very unassuming attitude. This is exactly the kind of teacher we need in this space!
(This is not to say F Security is assuming or crappy, I just wanted to talk up someone who really is teaching how to hack the way I think it ought to be done!)
His subreddit:
https://reddit.com/r/liveoverflow
His YouTube channel:
https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
I have taken more traditional infosec coursework for $DAYJOB. I must say this stuff, the more novice stuff beneath and the more advanced stuff above my head, is well structured, even if informal, entertaining, and inspiring. I definitely want to give back to the community like him with solid content and a very unassuming attitude. This is exactly the kind of teacher we need in this space!
(This is not to say F Security is assuming or crappy, I just wanted to talk up someone who really is teaching how to hack the way I think it ought to be done!)
Thank you so much!
I have also recently started building https://liveoverflow.com, which might have a better structure than a YouTube channel or subreddit.
Also some people may have actually seen a video of mine, because my most popular video so far is the DirtyCow video which got referenced by news sites and on the dirtycow github repository.
My personal recommendation is to checkout the AngularJS Sandbox bypass series: https://www.youtube.com/playlist?list=PLhixgUqwRTjwJTIkNopKu...
Criticism and feedback is always welcome.
I have also recently started building https://liveoverflow.com, which might have a better structure than a YouTube channel or subreddit.
Also some people may have actually seen a video of mine, because my most popular video so far is the DirtyCow video which got referenced by news sites and on the dirtycow github repository.
My personal recommendation is to checkout the AngularJS Sandbox bypass series: https://www.youtube.com/playlist?list=PLhixgUqwRTjwJTIkNopKu...
Criticism and feedback is always welcome.
Thank you for the videos. They are such a valuable thing for infosec students. Please keep up the excellent work.
If you have feedback from infosec students, or topics that would benefit students, please contact me :)
As you wish. I will be more vocal on your subreddit.
More stuff with radare, please! Hopper seems cool, as does Binary Ninja, but I see us like scientists, and I don't like IDA and their ilk with their price tag. Not because I cannot afford it, but how do we as IT professionals not take reproducible research seriously!?
Also, keep up with your slick GDB fu. I watched you Boston Key Party vids last night and they are an education, let me tell you.
More stuff with radare, please! Hopper seems cool, as does Binary Ninja, but I see us like scientists, and I don't like IDA and their ilk with their price tag. Not because I cannot afford it, but how do we as IT professionals not take reproducible research seriously!?
Also, keep up with your slick GDB fu. I watched you Boston Key Party vids last night and they are an education, let me tell you.
That is a very nice website/videos you've put up. Thanks.
I am so glad one of my highest grossing comments is talking you up, sir!!! How do I donate to you, by the way? I have been meaning to.
Your Angular stuff is my personal favorite, as I have not even done a sufficient amount of web hacking.
I happened to bring up your videos at a recent, very expensive infosec cert course and no one had heard of you. The instructor did take refs to the guy you cite for the Angular XSS bypasses, as he was European knew that guy, and I sent him your stuff too. Super happy to talk you up!
Your Angular stuff is my personal favorite, as I have not even done a sufficient amount of web hacking.
I happened to bring up your videos at a recent, very expensive infosec cert course and no one had heard of you. The instructor did take refs to the guy you cite for the Angular XSS bypasses, as he was European knew that guy, and I sent him your stuff too. Super happy to talk you up!
Link is dead and returns this error:
"This Account has been suspended. Contact your hosting provider for more information."
_________
Google's Cache: http://webcache.googleusercontent.com/search?q=cache:http://...
"This Account has been suspended. Contact your hosting provider for more information."
_________
Google's Cache: http://webcache.googleusercontent.com/search?q=cache:http://...
As a junior security employee, I am still trying to figure out where to take my career. I have thought about various different paths: pentesting, development (JS, C, python, exploit...), reverse-engineering, web-app hacking, network-engineering and I cannot for the life of me decide where to focus my studies. I have reservations about pentesting because For example, I think a lot of it is unskilled work (e.g., pressing scan on nessus, clicking exploit on Burp) or work which will be automated in the near future. So for those who are more experienced than me, or for those who can share some insight on security-careers, what tech-careers would you choose and what would you study if you were starting right now?
> I have reservations about pentesting because For example, I think a lot of it is unskilled work (e.g., pressing scan on nessus, clicking exploit on Burp) or work which will be automated in the near future
My job title is "Penetration tester" but I don't fall into that category. That's why I often refer to it as doing "application security analysis/audits". My current job is to do black/white box testing of single applications - and not a huge organisations where you just phish some employees. I have not worked for other companies, but as far as I can tell, many "penetration testing jobs" are actually what I do.
It's fun, challenging and very technical. And obviously no scanners are used - I have never in my career used nessus or any other click2exploit tool.
My job title is "Penetration tester" but I don't fall into that category. That's why I often refer to it as doing "application security analysis/audits". My current job is to do black/white box testing of single applications - and not a huge organisations where you just phish some employees. I have not worked for other companies, but as far as I can tell, many "penetration testing jobs" are actually what I do.
It's fun, challenging and very technical. And obviously no scanners are used - I have never in my career used nessus or any other click2exploit tool.
Unrelated: It's not cool to put all the logos of companies just because you found some low sev bug there, not even saying the name is kinda similar to known security corp F-Secure...
I thought it would be a good motivation for others. Also, I did receive a book "Intro to Algorithms" by MIT Press Director on urgent delivery. So I think its okay to show other people what exactly they can achieve by going through the stuff I posted.
Best Regards.
Best Regards.
In case the website does not work, you can try this link:
http://webcache.googleusercontent.com/search?q=cache:http://...
http://webcache.googleusercontent.com/search?q=cache:http://...
It is worth studying common weaknesses in code:
https://cwe.mitre.org/
https://cwe.mitre.org/
Link to first book is dead.
I recommend the all-time classic "How To Become A Hacker" by Eric S. Raymond:
http://www.catb.org/esr/faqs/hacker-howto.html