Top products from r/netsec

We found 82 product mentions on r/netsec. We ranked the 195 resulting products by number of redditors who mentioned them. Here are the top 20.

Next page

Top comments that mention products on r/netsec:

u/emtuls · 9 pointsr/netsec

Hey /u/Xerack! I'm the original author of the post linked here.

Appreciate the feedback! If you think I could clarify anything better, please let me know.

As far as resources for Reverse Engineering, I can provide you with a baseline that I would recommend starting with.

x86 Assembly:

If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.

A few good books would be:

  • Hacking: The Art of Exploitation I am a huge advocate for this book. I learned a lot from this and have read it multiple times. It is written very well and teaches someone with no experience how to do C programming and assembly. This is mainly a book for learning exploitation/vulnerability research, but that can play hand and hand with Reverse Engineering. It will show you the assembly language break down of basic exploits and this can help you with RE.

  • Practical Reverse Engineering I read through the beginning of this book and it gave me some good foundations of understanding memory and computer architecture for RE along with assembly of course

  • Secrets of Reverse Engineering This book is a bit in depth, but the beginning gives another good foundation for Comp Architecture and assembly stuff.

  • The IDA Pro Book Haven't personally read this book yet, but I have been told it is the defacto standard for learning IDA Pro, and it has examples you can learn from.

    Hands On:

  • Legend of Random Very useful hands on with tutorials. Mainly based on cracking, but that requires reverse engineering. Highly recommend this!

  • Lenas Tutorials Again, another awesome hands on tutorial, mostly based on cracking as well.

  • Crackmes These are more of challenges once you start to have a little understanding down


    Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:

  • Basic Dynamic Analysis
  • Real World Decompilation There are a few videos to this series and he disassembles a game, definitely nice to learn from.

    Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.
u/pasv · 1 pointr/netsec

The tangled web is great. I haven't finished it yet but what I've read so far is pretty insightful stuff. Security Engineering: : probably one of the better titles for security as a whole. I like to think phrack might also be a great resource but it's pretty dated material. Really you'll be learning so much just picking apart existing shit, crashing stuff, making love to your debugger, and just enjoying the shit out of yourself.. books will come secondary but they're still important. :-) Goodluck have fun!

u/DOc713 · 1 pointr/netsec

I am currently a penetration tester with a small Healthcare penetration company. We perform black box security tests for Hospitals and Health Care organizations.

If you are looking for actual schooling then I suggest looking for a university with a Network Security/Information Assurance Degree. There are not too many with dedicated degrees, but it is becoming a much more popular field.

Most importantly go get some literature on the subject. Although reading can not take the place of actual experience, most books these days are designed to go along side of hands on experience or provide information if you wish to "further refine your skills".

If you are new to security I would suggest "The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy" By Patrick Engebretson. It is a great entry level book designed to introduce you to the concepts of penetration testing.

If you want to get down and dirty quickly "
Metasploit: The Penetration Tester's Guide
" By David Kennedy is another great book though a bit more technical then the last.

These are only a few of many great books. If you want to become a good penetration tester, taste the fundamentals and then pick a focus to get good at. There are few jacks of all trades in Penetration testing.

u/Kadover · 3 pointsr/netsec

Ok - Here's a list of books I've read in the last few years

  • Gray Hat Hacking - The Ethical Hacker's Handbook - Really good intro to Software Sec / Reverse Enginering / Disclosure
  • Counter Hack Reloaded - A 'bible' of phased attacks - classic book.
  • Guide to Network Defense and Countermeasures - Technically designed as a 'prep' book for the SCNP, it's still a great read about IPS, IDS, NetSec Policies, Proxies, firewalls, packet filtering, etc
  • Hacking Wireless Exposed - Great intro read on 802.11 sec.
  • CWNA/CWSP Exam Guide - Assumes 0 knowledge about RF. More intense than Hacking Wireless Exposed, but also easier to learn from. I went into this book knowing very little about RF, left it feeling confident. Well written.
  • Snort 2.1 - Self explanatory, but a book about the IDS system Snort. Not perfect, but again, great starter book.
  • The Web Application Hacker's Handbook - The best for last. The holy grail of web hacking. Second edition SHOULD be coming very soon, depending on the drop date may be worth it to wait.

    As you can tell, I'm big on the technical books, and even exam prep books. This is just a selection, but I think it's a good starter pack to some different fields.
u/KevinHock · 1 pointr/netsec

Senior Security Engineer

Hi, I'm Kevin Hock and I work on the DataDog security team.
We are looking for some talented security engineers to join our security team here in NYC.

How Do I Apply

Send me an email with your resume and GitHub at [email protected]

What you will do

  • Perform code and design reviews, contribute code that improves security throughout Datadog's products
  • Eliminate bug classes
  • Educate your fellow engineers about security in code and infrastructure
  • Monitor production applications for anomalous activity
  • Prioritize and track application security issues across the company
  • Help improve our security policies and processes

    Who you should be

  • You have significant experience with network and application security
  • You can navigate the whole stack in pursuit of potential security issues
  • You want to work in a fast, high growth startup environment

    Bonus points

  • You contribute to security projects
  • You're comfortable with python, go and javascript. (You won't find any PHP or Java here :D)
  • CTF experience (I recommend you play with OpenToAll if you don't have any)
  • Program analysis knowledge

    Sample interview questions

  • Flip to a page of WAHH, TAOSSA, CryptoPals, ask you about it.
  • How would you implement TCP using UDP sockets?
  • How do you safely store a password? (Hint: scrypt/bcrypt/pbkdf2)
  • How does Let'sEncrypt work?

    Hat tip to Levi at SquareSpace, also on this thread, he is an awesome person to work with. David Wong, a crypto king of NCC, on this very Q4 thread, is also a great person to work with in Chicago.
    If you're looking to break stuff more than build stuff hat tip to Chris Rohlf's Yahoo! team.
    Random other places you can apply in nyc: MongoDB, Jane Street, 2 sigma, greenhouse.

    I personally applied because I love Python but I like the company a lot so far.
u/OrderZero · 2 pointsr/netsec

I've read a lot of these but I'm glad to see not all of them :) Adding to my reading list for sure.


EDIT: forgive me if these are already listed but just in case...

Bug Hunter's Diary -
Gives real hands on real-life experience in a "diary" format and covers some great bugs

Gray Hat Hacking -
Despite a bad generic "ethical" title this book goes really in-depth on a lot of subjects (almost to the point of rambling actually) including fuzzing, client-side exploits (mostly browser-based), and much more.

Hacking Windows Exposed -
Another generic title but this book has small good parts scattered throughout, really written more for pentesters it has some very common red team methods but also has a few hidden gems hidden within the various subjects it tries to cover.

Also for anyone looking to get TAOSSA (The Art of Software Security Assessment) it's absolutely huge and WILL split down the middle while's sitting on my bookshelf right now in its ripped state but I've read it 4 times and still don't feel like all the material has sunken in, if you're going to buy any book at all it should be that one as it will provide countless hours/days/weeks/months of reading.

u/jhaddix · 5 pointsr/netsec

Hi Pandas_sniff! (love the name) I’m a firm advocate of the Web Application Hacker’s Handbook. I think if you look at the reviews for version 2 i’m probably one of the featured ones. It really is all encompassing for most of what application security testing should start out as. It does suffer from being a textual reference though (a snapshot in time), so I also commonly recommend learning from the OWASP Testing Guide v4 as it has frequent wiki-like updates. I could spend all day talking about resources for learners! There are some excellent (free) videos by Jeremy Druin on using Burp Suite and application testing, I absolutely love and all of their exercises, and Sam has written a very good guide on getting started in bounty work

As for how effective these resources are “out of the gate” i think they are tremendously helpful. For example, using the above resources i’m sure any apt student of them could identify IDOR’s or basic injections. Over time these skills become second nature and free up the tester to focus on newer, cutting-edge hacks/technology. Hope that answers the question =)

u/me_z · 15 pointsr/netsec

If you're a novice, as most people start out as, then I would recommend the following:

The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy

Hacking For Dummies

Grey Hat Hacking

Hacking Exposed - 5th Edition - May be outdated

Network Security Bible

So now people here may disagree on the books I've suggested, and that's fine, but it definitely depends on what you're trying to learn and/or accomplish. Google is a great place to start as well without spending a fortune on books.

Some great websites:

Dark Reading

I'm sure you can find plenty more.

And always ask questions, even if you think its a stupid question. Being on Reddit and having the luxury of anonymity, you can ask away without worrying about getting personally ridiculed.

As far as hackerspaces and defcon, they were just a suggestion. If you ever are able to get to a hackerspace though, I highly recommend it.

u/nicklauscombs · 3 pointsr/netsec

best advice i can give is to start reading anything and everything you can get your hands on related to programming, operating systems, networking, security, etc......

a few books i'm reading/have read/on my list to read and all are excellent starting points:

BackTrack 4: Assuring Security by Penetration Testing (this book was just released and still relevant when using BackTrack5)

Metasploit: The Penetration Tester's Guide

Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition

plenty of links to keep you busy for awhile:
Open Penetration Testing Bookmarks Collection

u/HockeyInJune · 20 pointsr/netsec

If you're talking about memory corruption, you're looking for Smashing The Stack in 2010. However, most experts in application security and modern exploitation techniques recommend a more practical research-driven approach to learning about memory corruption mitigation techniques, so keep that in mind while reading this paper. As always, The Bible is relevant.

If you're talking about embedded device reverse engineering, you'll probably get the best answer from the /r/ReverseEngineering subreddit.

If you're talking about kernel bugs and kernel module bugs, I wish you luck. Bugs and vulnerabilities in these types of systems, usually require very obscure knowledge in very specific systems. Not for beginners or the faint of heart.

If you're talking about web bugs, you're looking for the OWASP Top 10. The web is mostly a giant joke, and widely uninteresting (this is an unpopular opinion on this subreddit).

u/myddrn · 3 pointsr/netsec

Since searching wikipedia turned up the Timeline of Non-Sexual Social Nudity(TIL) I'm just going to guess you're you're looking for a more techie true to life rendition of the hacker archetype based on the amazon synopsis.

Based on that I'd recommend:


It may take a little effort to get into, damn thing is a tomb, but give it a chance. You will not be disappoint.


Stealing the Network Series

How to Own a Box

How to Own a Continent

How to Own an Identity

How to Own a Shadow


These are told in a chapter/viewpoint style, each chapter is usually written by a different knowledgeable, and sometimes security famous, security dude. Out of those I've only read How to Own an Identity so far, but it was pretty good and and my guess is that the rest hold up to that standard, so dive in. They are a series from what I understand so reading them in order is probably a good idea, but not completely necessary.


And then for flair (these are more scifi/cyberpunk-ish; so if that's not your thing avoid):



The main character's name is Hiro Protagonist. No seriously. He's a ninja, he's a hacker, he lives in a U-Store-it container, and he delivers pizza for the Mob in a post-collapse USA, can you really not read this book now?


The Diamond Age


All about the practical social implications of nanotechnolgy told through the eyes of a young girl, her father, and an assortment of disposable associates.


The Sprawl Trilogy


Count Zero

Mona Lisa Overdrive


I've only read Neuromancer and Mona Lisa Overdrive, which were both great, so I'm guessing Count Zero is probably good too.

Similar to Snowcrash in the lone gun hacker sense, except with more drugs a little bit more of a scattered tone.

And if all else fails there's always the DEF CON reading list.

ninja edits because I suck at markdown

u/tiktaalink · 9 pointsr/netsec

I'm just a netsec tourist, but I've found that SANS is a good resource. You can watch trending issues with good analysis at

I would also recommend The Cuckoo's Egg It's not very relevant technically to what you will be doing, but it's worth the read because it is a fascinating story, and you might garner some hints in terms of methodology.

u/postmodern · 1 pointr/netsec
u/overflowingInt · 36 pointsr/netsec

Not very specific to those technologies but:

>Web Application Hackers Handbook (2nd edition: is pretty thorough with the vectors of attack, examples, and includes a methodology for pentesters.

>The Tangled Web - a "light" but delightful read from Zalewski on the history and modern security of web apps. He also wrote the

Both are pretty recent and cover some good ground.

u/alemcg · 1 pointr/netsec

So Tangled Web is a good book but it's not about exploitation in the sense it seems you're meaning. The Kernel Exploitation book is good but daunting if you don't have any exploit development experience. You may also consider A Bug Hunter's Diary by Tobias Klein

Grab a copy of the Intel IA-32 Assembly Reference I wouldn't recommend reading through this as a how-to but having a local copy to reference various unfamiliar instructions would be helpful.

Phrack articles are pretty useful too. Exploit-DB and packetstorm will be useful for finding working exploits for legacy bugs you may be practicing on.

Whatever language you're writing your exploits in (Perl/Python/Ruby) you'll probably want a reference for that.

u/Zenofex · 2 pointsr/netsec

If we are going to talk about a good new netsec book, I recommend everyone check out "Tobias Klein's" - A Bug Hunter's Diary. You can get it at but I recommend saving the cash and getting it from I got my copy on Monday and its been a pretty good read so far.

u/Chesh · 2 pointsr/netsec

It's not really NetSec related per se but Daemon is pretty exciting even if it is a bit far fetched. The author used to be a security consultant so at least it won't insult you with too many inaccuracies.

u/krenoten · 16 pointsr/netsec

Network security books are almost all scams that monetize the escapist fantasies of the fan base. Security is mostly assumption management. Don't assume a third party rehash is going to make you understand the underlying code any better.

That said, The Art of Software Security Assessment is pretty good. It's one of the books openbsd recommends for developers. It's quite healthy to know how anything talked about in the past 15 or so articles of phrack works, too.

Don't read anything that makes you think there is less for you to know after reading it. It's poison. And until you put the concepts into action, you don't know shit.

u/horstenkoetter · 1 pointr/netsec

A little prophecy here - neither WebInspect nor Fortify will actually solve any of your problems, they'll just point you at them. Having bug reports doesn't mean the issues get solved (correctly), and to get the ones which actually matter you'll have to wade through lots of false positives, even with the better tools.

In order to determine what counts and what doesn't and how you fix it if it does, you actually need security competence. Which is something the developers who are often facing hundreds or thousands of bug reports from these tools often do not have, since they were never trained and/or had no time to further look into.

When it comes to pen testing and app sec assessments, it really depends on what you're looking at. If it's web apps mostly, well, I am sure you already know OWASP. I kinda liked the Web Application Hacker's Handbook.
When it comes to other stuff, this is a great book

I am, btw, a CSSLP, and I think the cert is kinda fluffy.

u/[deleted] · 18 pointsr/netsec

It really depends on what niche you're looking on covering. It's difficult, I feel, to brush up on "infosec" to any level of practical proficiency without focusing on a few subsets. Based on your interests, I would recommend the following books.

General Hacking:

Hacking Exposed

The Art of Exploitation

The Art of Deception

Intrusion Detection / Incident Response:

Network Flow Analysis

The Tao of Network Security Monitoring

Practical Intrusion Analysis

Real Digital Forensics

Reverse Engineering:

Reversing: Secrets of Reverse Engineering

The Ida Pro Book

Malware Analyst Cookbook

Malware Forensics

Digital Forensics:

File System Forensic Analysis

Windows Forensic Analysis

Real Digital Forensics

The Rootkit Arsenal

Hope this helps. If you're a University student, you might have access to Safari Books Online, which has access to almost all of these books, and more. You can also purchase a personal subscription for like $23 a month. It's a bit pricey, but they have an awesome library of technical books.

u/dan000892 · 4 pointsr/netsec

Well TCP/IP is an entire protocol suite. In addition to IP, TCP, and UDP, it includes higher level protocols like HTTP (uses TCP), DNS (UDP more commonly than TCP), and ICMP (uses IP, not TCP or UDP).

My understanding is that it's called TCP/IP because those were the first protocols and everything else coalesced around/on top of them. Microsoft offers a pretty decent chart showing examples of the layering/encapsulation of the protocols in the suite here.

If you want to dive deeper, Steven's three-volume TCP/IP Illustrated is the de facto reference manual for the Internet -- though dated, it's still very useful and available for cheap used. Alternatively, No Starch came out with a tome of their own called TCP/IP Guide which I've heard a couple colleagues recommend.

u/serious_face · 1 pointr/netsec

Netsec is a pretty wide topic, which makes your question somewhat hard to answer. In all honesty, I think the best place to start right now for a high-level introduction to networking is this Wikipedia article. There are, of course, many books you can read for a deeper understanding; as well as the RFCs for a definitive explanation of every Internet standard.

Another recommendation would be to install Linux (try Ubuntu or Fedora), and just run it. Add users and groups, configure SSH and Apache, etc. Linux will come with several different programming languages (Perl, Python, bash), and you'll be able to install many more with very little effort.

Don't worry about having a formal background in computers, because that's not very important. Besides, no one can teach you the curiosity you'll need to get really deep into this stuff. Just expect to spend countless hours in front of a computer, and expect to never stop reading and learning.

u/gaten · 1 pointr/netsec

I'd suggest "The Mobile Application Hacker's Handbook" (

Combine it with "The Web Application Hacker's Handbook" ( and you should have a pretty good handle on testing mobile security, including the backend stuff.

These are both from a "breakers" point of view, but they go into how to secure/prevent the various attacks they teach, so are a very good source for developers.

As some general tips and what to look for, especially concerning secure communications, look into certificate pinning, message signing, and don't store anything sensitive on the device without encryption (or on the server).

Source: I break mobile apps and websites for a living

u/steveeq1 · 2 pointsr/netsec

For people who want to get into network security and have have a moderately good grasp on programming, I nominate Gray Hat Hacking . Each chapter in the book is basically devoted to a certain aspect of hacking (windows exploits, xss attacks, metasploit, etc). It's a good all around introduction to pretty much all the important aspects you need to know.

next, I recommend getting familiar with metasploit as it can save you a lot of time with a lot of different types of attacks. The guys from offensive security have a website , but there is also an ebook available if you want it.

It's important to understand security from both an offensive and defensive side of things.

u/GodRa · 2 pointsr/netsec

Security Engineering by Ross J. Anderson. It is very useful and gives you a 360-degree view from different industries from a security standpoint, this approach encourages you to think out of the box since some ideas from other industries can be useful in another.

u/borski · 15 pointsr/netsec

Two good books I'd recommend for getting started in exploitation:

u/jradd · 5 pointsr/netsec

The first rule of "learning the basics of hacking" is that you don't ask or talk about "learning the basics of hacking". I learned this the hard way when I was about 12 years old on irc.

And there is really only one shade of hacking, and that is 'gray'. You may become a white hat, or a black hat depending on your motivation. But I personally do not look at anything in absolute contrast. The world is gray, hacking is gray, your mother is gray.

Speaking of 'gray', if I were you I would check out this book

I have not read it myself, only skimmed through it over coffee at barnes&noble. Looks like it covers a very broad spectrum of hacking and seems 'user friendly' enough. Also start reading 2600, and check out

u/tunnelsup · 2 pointsr/netsec

I haven't done this myself yet but I'm pretty sure this is where something like Ida Pro comes in where you disassemble the program so it is now in assembly language. Then you can use your assembly language skills to step through some of the code. Like you may see variables stored in a weird ways or memory handled in a bad way.

A book that may get you started is: The Bug Hunters Diary

u/aydiosmio · 1 pointr/netsec

This is why I recommend all my pen testing peers read a book on cryptography, to better understand how things like this can break in very not obvious ways.

u/SHAGGSTaRR · 2 pointsr/netsec

The mother of all auditing books, better than Jon Erickson's jack of all trades - master of none approach imo.

The shellcoders handbook makes for an excellent accompaniment, too.

u/strontium · 2 pointsr/netsec

I'm in the same boat as you. I'm currently trying to lay the foundation for an InfoSec career and I've been bookmarking some of the helpful posts I find. Here's what I have so far:

I just bought this book, I've seen it recommended several times as a great place to start learning TCP/IP.

Consider getting, or at least studying up on, the A+, Net+, Linux+, and Security+ CompTIA certs. They may help you get entry-level jobs and are a good way to learn the basics, but don't count on them to get you serious employment.

u/junglist313 · 3 pointsr/netsec

Read Hacking: The Art of Exploitation

Honestly I could recommend this book for the programming section alone.

u/epochwin · 3 pointsr/netsec

You can practice on open source projects. This is another book I liked:

A mix of black box testing, knowing what vulnerable code looks like and reverse engineering.

u/sequel7 · 3 pointsr/netsec

For fiction, you MUST read Daemon and Freedom(TM)

I also enjoyed Snowcrash and Cryptonomicon, though in my opinion the latter was a little bit of a difficult read. Worth it though.

u/fooxy · 3 pointsr/netsec

The Web Application Hacker's Handbook is a pretty good read. I didn't read the 3rd edition of Hacking Exposed but the second one was only mediocre.

u/Count_Herp_Von_Derp · 13 pointsr/netsec

Sanitize all the inputs! I wasn't a coder so I had no idea how sanitation works, or whether all XSS can be stopped.

I once did a xss exercise on an app where I just went through the XSS Cheat Sheet

At first I did regular javascript. It was fixed. Then I did some Hex Encoded javascript. Then finally... to prove a point I did some Unicode javascript. Simply sanitizing for each type of XSS encoding trick isn't enough.


The above line gets decoded as this:

<XSS STYLE=alert("XSS")>

Nice unicode conversation app.


Prepared Statements:

Check out Grey Hat Hacker, the bit about client side browser stuff is cool.


Then there's always this:

Edit: formatting and stuff.

u/standardoutput · 1 pointr/netsec

Yes, here's the book ( The key with web application security, the one main rule is, never trust anything the user sends you. That means, you can do a lot (almost everything) just manipulating HTTP requests, which usually requires only minimal HTML/CSS knowledge.

Without understanding some HTML/CSS/JS, you may have a hard time with getting XSS to pop, without knowing some XML, you might have trouble understanding things like XXE, and without understand SQL, you might have issues with SQLi. BUT, there are a lot of things you can start doing without that.

In general though, you can do a lot by just learning how to proxy requests with Burp and setting up a vulnerable web app. If you're trying to learn and gain fluency in HTML/CSS, you're going to be doing a lot of unnecessary work. It's good to understand how these work, but you'll pick up most of what you need as you research and learn about specific vulnerabilities.

u/cryptogram · 2 pointsr/netsec

Add a Malware Analysis section to books and punch in Malware Analyst's Cookbook. ;)

I would also add in OS hardening some where and link to NSA's guides:

u/jspeights · 1 pointr/netsec

You should just order this book imho.

Its more recent, covers more techniques and is extremely in depth and it has all the sourcecode in the back of the book.

u/jklmnb · -1 pointsr/netsec

start here, continue here, report back in two months.

u/tupidflorapope · 1 pointr/netsec

Along that same vein is Web App hackers' handbook

Someone already mentioned OWASP, so i'll second that one.

u/s3ddd · 6 pointsr/netsec

wartex8 mentioned it, but I can't speak about Hacking: The Art of Exploitation highly enough...

u/paros · 1 pointr/netsec

If you want to understand how everything works under the hood:

Not the most thrilling read but you'll come out of it with a deep understanding of how TCP/IP works.

u/sanitybit · 2 pointsr/netsec
u/wat_waterson · 3 pointsr/netsec

+1 for Gray Hat Hacking, the new edition just came out and I haven't had a chance to pick it up yet. Gray Hat Hacking will teach you the fundamentals of writing exploits from scratch.

The sequel to Gray Hat Hacking would have to be Hacking: The Art of Exploitation

I tried starting at H:AOE and it was just too difficult. Picked up Gray Hat and everything made sense!

u/uxp · 2 pointsr/netsec

> but getting it on to the specific machine would be difficult.

Not really. StuxNet showed us all that releasing a rather mundane piece of malware full of NOOPs is rather easy and rather simple to avoid detection for quite a while. That is, it's only full of NOOPs until it hits the one or two computers it was designed to hit.

Think of actual viruses. There are a ton of viruses and bacteria in the wild that are transmitted through hosts, but have no ill effect on those hosts. Humans have thousands of strains of bacteria living inside them that are actually beneficial, but if injected in other mammals many cause great harm to that host. Even AIDS, being such a destructive virus to humans, does absolutely nothing in the apes it previously was hosted in (as far as research tell us it was)

One of the biggest annoyances with traditional malware, like most of the fake AV shit floating around, is that they are fucking annoying and push popups and warnings and all sorts of shit onto the infected user's machine. The best malware in my opinion is completely daemonized, designed to not alert the user that it even exists, quietly destroying something in the background until its job is complete and then cleaning itself up and moving along. Though, I might have enjoyed Daemon and Neuromancer just a little too much.

Edit: I agree with most of the answers in this thread though. A malware along these lines would serve no purpose other than vigilante destruction. Unless it could somehow legally get people in trouble (planting child porn or something), I don't see how this would work to be beneficial long term to the creator, as a widespread infection in a single organization would most easily be flagged suspicious by a reasonably smart investigator or systems admin.