If you are reading this, you want to become professional hacker, right? Well, prepare for a long journey. First thing you need is a passion, I hope you have it and you are interested in hacking. Let’s start with what you will need to know first. If you want to be complete hacker you must know both: Web Application Security and Reverse Engineering (software applications)
Learn Programming
Programming is very important thing to know in Hacking. You will hack that code so you must know how things works and how to patch vulnerability in code.
Here’s languages you should know if you want to be professional hacker:
- Start with Java or C++ (will be easier to learn your next languages)
- PHP (must-know language for web application hackers, 244M sites use it – most used server-side language)
- Javascript (another most-used language in web applications, but in this case client-side language)
- Ruby (one of the easiest languages to learn, Metasploit use Ruby)
- Python (used for exploit development, automatization, fuzzing tools)
- Perl (used for exploits, automatization, fuzzing…)
Learn using Tools
“Know your tools” – remember this, otherwise you will do nothing.
- Burpsuite (tool #1 for web application pentest)
- Nmap (must-know network discovery and information gathering tool)
- Wireshark (well known network protocol analyzer used to track when fuzzing tool crash the program)
- Reverse engineering tools
- Ollydbg (disassembly-based debugger, maybe best tool for reversing)
- Immunity Debugger (a lot of people use it, also great tool for reversing)
- x64dbg (An open-source x64/x32 debugger for windows)
- Nessus (government and military use it)
- Nexpose (gov and mil use it, too)
- Other tools from Kali Linux distribution
Learn from Hackers
When hackers hack something they usually share that with others, including PoC (proof of concept) – instructions how to reproduce attack (usually it’s already patched, but still a good way to learn).
Here’s some of good blogs to learn from:
- Orange Tsai (this dude hacked Uber, Facebook, Google… his hacks are amazing)
- Shawar Khan (amazing talent)
- Ashar Javed (master of Cross Site Scripting)
- Roy Jansen (he hacked everything)
- others…
The Web Application Hacker’s Handbook
If you want to be good in exploiting web applications, you must read this book. You can find it on Amazon, also you can find it for free online (here..psttt)
Cross Site Scripting Best Explanation by Ashar Javed
This video will make you fully understand how cross site scripting works and when it’s possible to exploit it.
Exploit Development (Buffer Overflow)
Basic explanation about Buffer Overflow and exploit development using Python.
Hands-on Exploit Development (Buffer Overflow)
OWASP
– “Powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list”
When I’m testing website for security issues, I follow OWASP Top 10 vulnerabilities, this is another awesome pleace to learn about web vulnerabilities. Their website is rich with content about web vulns. Visit them
Disclaimer: This tutorial is only for educational purpose. The author or the blog owner is not responsible for any kind of misuse of this information provided.
0 komentar:
Posting Komentar