Top products from r/blackhat

We found 27 product mentions on r/blackhat. We ranked the 30 resulting products by number of redditors who mentioned them. Here are the top 20.

Next page

Top comments that mention products on r/blackhat:

u/root_pentester · 3 pointsr/blackhat

No problem. I am by no means an expert in writing code or buffer overflows but I have written several myself and even found a few in the wild which was pretty cool. A lot of people want to jump right in to the fun stuff but find out rather quickly that they are missing the skills to perform those tasks. I always suggest to people to start from the ground up when learning to do anything like this. Before going into buffer overflows you need to learn assembly language. Yes, it can be excellent sleep material but it is certainly a must. Once you get an understand of assembly you should learn basic C++. You don't have to be an expert or even intermediate level just learn the basics of it and be familiar with it. The same goes for assembly. Once you get that writing things like shellcode should be no problem. I'll send you some links for a few books I found very helpful. I own these myself and it helped me tremendously.

Jumping into C++: Alex Allain

Write Great Code: Volume1 Understanding the Machine

Write Great Code: Volume2 Thinking Low-Level, Writing High Level

Reversing: Secrets of Reverse Engineering

Hacking: The Art of Exploitation I used this for an IT Security college course. Professor taught us using this book.

The Shellcoders Handbook This book covers EVERYTHING you need to know about shellcodes and is filled with lots of tips and tricks. I use mostly shells from metasploit to plug in but this goes really deep.

.

If you have a strong foundation of knowledge and know the material from the ground-up you will be very successful in the future.

One more thing, I recently took and passed the course from Offensive Security to get my OSCP (Offensive Security Certified Professional). I learned more from that class than years in school. It was worth every penny spent on it. You get to VPN in their lab and run your tools using Kali Linux against a LOT of machines ranging from Windows to Linux and find real vulnerabilities of all kinds. They have training videos that you follow along with and a PDF that teaches you all the knowledge you need to be a pentester. Going in I only had my CEH from eccouncil and felt no where close to being a pentester. After this course I knew I was ready. At the end you take a 24-long test to pass. No questions or anything just hands on hacking. You have 24 hrs to hack into a number of machines and then another 24 hours to write a real pentest report like you would give a client. You even write your own buffer overflow in the course and they walk you through step by step in a very clear way. The course may seem a bit pricey but I got to say it was really worth it. http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

u/misconfig_exe · 2 pointsr/blackhat

I feel compelled to lead with this:

> I'm sorry, but you really should have been asking this question a year ago, not now as a graduate.

> Other readers: have a career plan in development while you're in school - otherwise you may find yourself left behind when you graduate.

But anyway, I'm a current student, and here's what advice I can give you based on what I have learned.

If you want to learn offensive security, you can take a certification course that includes Lab Sim like PWK for OSCP, but they are an expensive proposition and intimidating to someone without experience.

You could do what I'm doing, and build your own lab. Interview people in the industry that you have made connections with (and if you haven't made those connections by now, get on it!), and learn a bit about what their network environments look like. Then, emulate them, learn to set them up, and then use that lab as a shooting gallery to follow an online penetration testing guide and other self-learning resources such as The Hacker Playbook.

If you can find some in your area, I would highly suggest taking any in-person pentesting courses you can find. I'm lucky enough to live in the LA area to take Peter Kim's training classes. He's the author of the book mentioned above.

Get involved in local groups! Other people in your area are passionate about security too, and they may be learning or teaching exactly what you're interested in. I've had good luck with meetup.com.

u/dud3z · 18 pointsr/blackhat

The dark side has lot of facets, it depends on what you want to achieve.

If you are already working on web applications and web in general, then you may want to start with the Web Application Hackers Handbook by Dafydd Stuttard and Marcus Pinto.

This is a very valid book and with your existent knowledge it will be a very interesting read: i may also advise you to read The Tangled Web by Michal Zalewski, this instead will give you a very in-depth look of browsers' quirks and their inner working, quirks you'll learn to exploit.. for science!

Then there is the world of binary reverse engineering and exploitation, my preferred literature on this is Hacking: the art of exploitation: keep in mind that the techniques there may be outdated, but the reasoning and much of the concepts are still valid. It's a very specific book with very detailed information and you are required to know a bit of assembler, C and very low-level stuff.

Happy hunting and good luck!

u/dilbertmouse · 1 pointr/blackhat

I think Bender(Bending)Rodriguez was referring to this one:

https://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319/

I would also offer my recommendation for that book as well. It's definitely dated, but an excellent starting point on how to build your own rootkit.

That said, I'm not sure that really answers your "where do I get rootkits?" question. In answer to that, I'll offer a few tools that are heavier on the "post-exploitation agent", but still worth checking out:

u/telchii · 4 pointsr/blackhat

You should really read Brian Krebs' book, Spam Nation (non-affiliate amazon link). Whether you like Krebs' stuff or not, his book covers essentially all of this. He talks a lot about these sorts of things while telling his story with some notorious Russian individuals. Such as private hosts or hosts that are known as "safe" to generally unwanted customers. Even common tactics for how the services/hosts are paid for (stolen credit cards, bitcoins, etc).

As for how, anyone with some programming experience and determination can make a lightweight server and client program to do what they need. Having many clients report to a server program (or three) is a good topic to study if you're into programming. Others find open-source programs and modify them to do what they need. Obviously distributing a client program is a very different topic, that I won't discuss here

u/zkilling · 2 pointsr/blackhat

I really enjoyed Python Crash Coarse and Black hat Python for learning scripting

Also any ting from No Starch Press. They have some great books.

u/steveeq1 · 1 pointr/blackhat

I would go to hackforums.net and browse the posting there. get involved in the discussion. Learn to write your own crypter and experiment with some of the RATs out there (Dark comet, Zeus, etc). Another good book for hacking techniques is "Gray Hat Hacking": http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071742557/ref=sr_1_1?ie=UTF8&qid=1342431573&sr=8-1&keywords=gray+hat+hacking

u/telnetrestart · 19 pointsr/blackhat

I'm taking it right now. The books I read through or started before the OSCP in no particular order: