Top products from r/blackhat
We found 27 product mentions on r/blackhat. We ranked the 30 resulting products by number of redditors who mentioned them. Here are the top 20.
1. Hacking: The Art of Exploitation, 2nd Edition
Sentiment score: 3
Number of reviews: 3
No Starch Press
2. Black Hat Python: Python Programming for Hackers and Pentesters
Sentiment score: 1
Number of reviews: 2
No Starch Press
3. The Hacker Playbook 2: Practical Guide To Penetration Testing
Sentiment score: 1
Number of reviews: 2
The Hacker Playbook 2 Practical Guide to Penetration Testing
4. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Sentiment score: 1
Number of reviews: 1
Wiley Publishing
5. Electro Deflecto "Tin Foil Hat Silver
Sentiment score: 0
Number of reviews: 1
Designed with the shiny side facing out for maximum reflection/deflectionPackaged Flat. Just pull open and wear.One size fits all. Made large and can easily be resized by scrunching foil to fit.Each hat is handmade and unique. Expect some variance from the pictures
6. Write Great Code, Volume 2: Thinking Low-Level, Writing High-Level
Sentiment score: 1
Number of reviews: 1
Used Book in Good Condition
7. Write Great Code: Volume 1: Understanding the Machine
Sentiment score: 1
Number of reviews: 1
Used Book in Good Condition
9. The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
Sentiment score: 0
Number of reviews: 1
10. Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door
Sentiment score: 1
Number of reviews: 1
There is a Threat Lurking Online with the Power to Destroy Your Finances, Steal Your Personal Data, and Endanger Your Life.
11. Advanced Penetration Testing: Hacking the World's Most Secure Networks
Sentiment score: 1
Number of reviews: 1
WILEY
12. Gray Hat Hacking the Ethical Hackers Handbook
Sentiment score: 0
Number of reviews: 1
14. Reversing: Secrets of Reverse Engineering
Sentiment score: 1
Number of reviews: 1
Wiley
15. Code: The Hidden Language of Computer Hardware and Software
Sentiment score: 0
Number of reviews: 1
Microsoft Press
17. The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition
Sentiment score: 1
Number of reviews: 1
John Wiley Sons
18. Security Engineering: A Guide to Building Dependable Distributed Systems
Sentiment score: 0
Number of reviews: 1
John Wiley Sons
No problem. I am by no means an expert in writing code or buffer overflows but I have written several myself and even found a few in the wild which was pretty cool. A lot of people want to jump right in to the fun stuff but find out rather quickly that they are missing the skills to perform those tasks. I always suggest to people to start from the ground up when learning to do anything like this. Before going into buffer overflows you need to learn assembly language. Yes, it can be excellent sleep material but it is certainly a must. Once you get an understand of assembly you should learn basic C++. You don't have to be an expert or even intermediate level just learn the basics of it and be familiar with it. The same goes for assembly. Once you get that writing things like shellcode should be no problem. I'll send you some links for a few books I found very helpful. I own these myself and it helped me tremendously.
Jumping into C++: Alex Allain
Write Great Code: Volume1 Understanding the Machine
Write Great Code: Volume2 Thinking Low-Level, Writing High Level
Reversing: Secrets of Reverse Engineering
Hacking: The Art of Exploitation I used this for an IT Security college course. Professor taught us using this book.
The Shellcoders Handbook This book covers EVERYTHING you need to know about shellcodes and is filled with lots of tips and tricks. I use mostly shells from metasploit to plug in but this goes really deep.
.
If you have a strong foundation of knowledge and know the material from the ground-up you will be very successful in the future.
One more thing, I recently took and passed the course from Offensive Security to get my OSCP (Offensive Security Certified Professional). I learned more from that class than years in school. It was worth every penny spent on it. You get to VPN in their lab and run your tools using Kali Linux against a LOT of machines ranging from Windows to Linux and find real vulnerabilities of all kinds. They have training videos that you follow along with and a PDF that teaches you all the knowledge you need to be a pentester. Going in I only had my CEH from eccouncil and felt no where close to being a pentester. After this course I knew I was ready. At the end you take a 24-long test to pass. No questions or anything just hands on hacking. You have 24 hrs to hack into a number of machines and then another 24 hours to write a real pentest report like you would give a client. You even write your own buffer overflow in the course and they walk you through step by step in a very clear way. The course may seem a bit pricey but I got to say it was really worth it. http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/
I feel compelled to lead with this:
> I'm sorry, but you really should have been asking this question a year ago, not now as a graduate.
> Other readers: have a career plan in development while you're in school - otherwise you may find yourself left behind when you graduate.
But anyway, I'm a current student, and here's what advice I can give you based on what I have learned.
If you want to learn offensive security, you can take a certification course that includes Lab Sim like PWK for OSCP, but they are an expensive proposition and intimidating to someone without experience.
You could do what I'm doing, and build your own lab. Interview people in the industry that you have made connections with (and if you haven't made those connections by now, get on it!), and learn a bit about what their network environments look like. Then, emulate them, learn to set them up, and then use that lab as a shooting gallery to follow an online penetration testing guide and other self-learning resources such as The Hacker Playbook.
If you can find some in your area, I would highly suggest taking any in-person pentesting courses you can find. I'm lucky enough to live in the LA area to take Peter Kim's training classes. He's the author of the book mentioned above.
Get involved in local groups! Other people in your area are passionate about security too, and they may be learning or teaching exactly what you're interested in. I've had good luck with meetup.com.
The dark side has lot of facets, it depends on what you want to achieve.
If you are already working on web applications and web in general, then you may want to start with the Web Application Hackers Handbook by Dafydd Stuttard and Marcus Pinto.
This is a very valid book and with your existent knowledge it will be a very interesting read: i may also advise you to read The Tangled Web by Michal Zalewski, this instead will give you a very in-depth look of browsers' quirks and their inner working, quirks you'll learn to exploit.. for science!
Then there is the world of binary reverse engineering and exploitation, my preferred literature on this is Hacking: the art of exploitation: keep in mind that the techniques there may be outdated, but the reasoning and much of the concepts are still valid. It's a very specific book with very detailed information and you are required to know a bit of assembler, C and very low-level stuff.
Happy hunting and good luck!
I think Bender(Bending)Rodriguez was referring to this one:
https://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319/
I would also offer my recommendation for that book as well. It's definitely dated, but an excellent starting point on how to build your own rootkit.
That said, I'm not sure that really answers your "where do I get rootkits?" question. In answer to that, I'll offer a few tools that are heavier on the "post-exploitation agent", but still worth checking out:
You should really read Brian Krebs' book, Spam Nation (non-affiliate amazon link). Whether you like Krebs' stuff or not, his book covers essentially all of this. He talks a lot about these sorts of things while telling his story with some notorious Russian individuals. Such as private hosts or hosts that are known as "safe" to generally unwanted customers. Even common tactics for how the services/hosts are paid for (stolen credit cards, bitcoins, etc).
As for how, anyone with some programming experience and determination can make a lightweight server and client program to do what they need. Having many clients report to a server program (or three) is a good topic to study if you're into programming. Others find open-source programs and modify them to do what they need. Obviously distributing a client program is a very different topic, that I won't discuss here
http://www.amazon.com/gp/aw/d/1593271441?pc_redir=1396793758&robot_redir=1
Pretty sure that is the text
I really enjoyed Python Crash Coarse and Black hat Python for learning scripting
Also any ting from No Starch Press. They have some great books.
Some dank af infosec books:
Malware Data Science: https://nostarch.com/malwaredatascience
Real World Bug Hunting: https://nostarch.com/bughunting
Penetration Testing: https://nostarch.com/pentesting
Black Hat Python: https://nostarch.com/blackhatpython
Social Engineering: The art of human hacking https://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/0470639539
Linux System Security: https://www.amazon.com/Linux-System-Security-Administrators-Source/dp/0130158070
Advanced Penetration Testing: https://www.amazon.com/Advanced-Penetration-Testing-Hacking-Networks/dp/1119367689
I would go to hackforums.net and browse the posting there. get involved in the discussion. Learn to write your own crypter and experiment with some of the RATs out there (Dark comet, Zeus, etc). Another good book for hacking techniques is "Gray Hat Hacking": http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071742557/ref=sr_1_1?ie=UTF8&qid=1342431573&sr=8-1&keywords=gray+hat+hacking
Also a classic is "The Art of Software Security Assessment"
http://www.amazon.com/The-Software-Security-Assessment-Vulnerabilities/dp/0321444426
I'm taking it right now. The books I read through or started before the OSCP in no particular order:
Honestly, if I could go back and prepare for the course again, I would have just learned the basics of python and then really focused on bash scripting. You're going to learn a metric fuck ton in the course. Remember, you're not paying just for the cert - you're paying for a course to get you to the cert.
https://www.amazon.com/Rootkit-Arsenal-Escape-Evasion-Corners/dp/144962636X/ref=pd_sbs_14_img_0?_encoding=UTF8&psc=1&refRID=YAJ72F60HEKG3T78HXHM
this one?
Red Team Field Manual
Read this.
https://www.amazon.com/Electro-Deflecto-Unisex-Foil-Size/dp/B01I497JAM