Hacking
From Hak5
This page will summarize the Hacking: Where to begin thread of the Hak.5 forum, as well as other tidbits that you might find interesting.
Contents |
Generic
Law
Books about, rather than on, Hacking
The Hacker Crackdown - Law and Disorder on the Electronic Frontier.
Underground - Tales of hacking, madness and obsession on the electronic frontier
Security
It's good to keep an eye on what problems are found in the security community. It tends to take people a while to fix these issues, which can give you a window of opportunity to get your hack in. It can also serve as a resource for new concepts and ideas regarding classes of vulnerabilities. The assumption being that if program X which does something and is vulnerable, program Y which does pretty much the same thing might be vulnerable aswell.
If you're not at all into hacking, it's still a good idea to keep an eye on this stuff just to make sure you keep your machine up to date and protected against the issues that are found or discussed in these places.
Mailing lists
The SecurityFocus mailing lists. Home of the well-known Bugtraq mailing list as well as other security-related mailing lists.
The Full Disclosure mailing list. This list is infamous for postings about security-related problems that haven't been called to the attention of the vendor.
Infosec News - Daily Information security news mailing list
Podcasts
SecurityNow podcast. A weekly audio security column & podcast by Steve Gibson and Leo Laporte.
Sploitcast. SploitCast will discuss a wide variety of topics; these include, but are not limited to, new vulnerabilities, exploit code, security and technology news.
Binary Revolution. Excellent, but sadly ceased, and a still active and mostly helpful forum.
BlueBox Podcast. A podcast about security in VOIP.
PaulDotCom Security Weekly. An entertaining look at the current information security news, vulnerabilities and research.
SANS Internet Storm Center Podcast. A Bi-weekly podcast discussing the ISC Handlers' Diaries, new vulnerabilities and more.
Videos
How To Break Web Software - A look at security vulnerabilities in web software.
The Virus Safe Computing Initiative at HP Labs.
Crime: The Real Internet Security Problem.
Warriors Of The Net. Explains how the Internet works.
An ARP poison attack in action.
New York City Hackers
Disinformation - Cult of the Dead Cow
Freedom Downtime - Broadcasting, Netcasting, and Copying Are Encouraged as Long as it's Free
Tools
NMAP. Pretty much the first step of any attack: Identify your target machine's OS and running services.
Nikto. A remote vulnerability scanner specifically aimed at webservers.
Nessus. A general purpose remote vulnerability scanner.
MetaSploit. As featured earlier in Hak.5, MetaSploits gives you a collection of exploits and a collection of payloads, and allows you to mix and match to get where you want to get.
Tutorials
Exploit tutorials
So you now know about the problems you can take advantage of. Now what?
Remote exploit. Pretty good resources, some very nice video tutorials on various exploits. Defiantly check out the tutorial section.
IronGeek. Excellent tutorials/information/articles.
AntiOnline. Tutorials, tools and forums full of helpful people.
L0t3k. An archive of articles and tools, mostly aimed at someone using *nix. Not updated as much as it used to be.
Dealing with Windows passwords. How to get at them, how to reset them, etc.
Programming resources and tutorials
It's nice that someone made a cool tool that sends some code to some other code and thus makes some shit happen. But would you rather make your own?
Teach Yourself C in 21 Days.
Teach Yourself C++ in 21 Days.
The Art of Assembly Language Programming.
Microsoft Developers Network.
Code.box.sk. Articles describing the writing of code. Not language-specific.
Web programming resources and tutorials
HTML.
PHP.
ASP.NET.
SQL.
Perl. Also, check out CGI101.
Python.
Networking
An excellent primer on TCP/IP.
A tutorial on IPTables, the default firewall implementation in Linux 2.4 kernels. Newer 2.6 kernels use NetFilter.
DNS (ARP) Cache Poisoning. Direct other users' traffic through your system for interception and inspection.
Packet forensics. Very low-level article about the inspection of network (TCP) traffic.
Wireless
Understanding 802.11 Frame Types.
Lorcon: transmit frames use lorcon.
Madwifi Linux kernel device driver.
Resource and exploit sites
Millw0rm. All sorts of new and exciting exploits, both local and remote, as well as papers and tutorials.
SecurityForest. A collection of hacks, tools and concepts.
DocDroppers' Hacking article. A website with TONS of links to information about hacking.
Hacker Threads.A forum on, by and for Hackers.
Hacker Library. A lot of general information that can be very useful to a hacker.
Neworder.box.sk. General purpose information about security as well as civil liberties.
Phrack Running since 1985! (well they started with BBSs) General purpose site.
Testing your skills
Hack This Site. Various security implementations are presented to you, and it's up to you to defeat them to go on to the next challenge.
Try 2 Hack.
IHack Very similar to the Hack This Site website.
NANOY.org
Hax.tor.hu Hacking challenges - Exploits - SQL injection - Spoof - decrypt - shell accounts - PHP exploits - Apache - Google
--Cooper 17:51, 29 Sep 2006 (GMT)