/hack/ - Network Security

Since "resources" can be interpreted many ways, I'll just do a raw dump of the best shit I can think of

Linux OS: http://it-ebooks.info/book/2014/

Free PDF, 1400 pages. Hands down the best linux book I've come across. Stuff that has taken me years to learn on my own, just running across through advice from professionals, I read in here as well.

very well known, but great if you haven't it: http://www.exploit-db.com/
(find exploits)

the hacking toolbox. just by installing this and reading up what each tool does will teach you a shit load: http://www.kali.org/

the book greyhat python. not free I don't think, but a great resource.

Practical Packet Analysis - no starch press I think. This is where I learned most of my wiresharking. Still, learn tcpdump. Nothing makes up for tcpdump.

best tools: netcat, tcpdump, python + scapy, metasploit, SET, Browser Exploitation Framework (BeEF), hexdump, objdump, radare2, gdb

best netsec online mag: http://www.phrack.org/

Find ANY and ALL CTF write-ups. They can teach you a lot. Some will be obscure tricky problems but some will actually teach you cool stuff. Check out defcon CTF writeups.

I hear yara is great for IDS rules: http://plusvic.github.io/yara/

don't hate on reddit. It can be a great resource. Check out /r/netsec , /r/crypto , /r/malware /r/xss /r/reverseengineering and even /r/blackhat has something now and then.

>>19

I have experience in web design, know html css, php (ish) learning perl, javascript and sql. Am running linux-

What should I focus on the most for webhacks (for fun and learning).

I can learn a code easy just having trouble understanding how to use them for attacks.

Any pointers would be appreciated.

>>22
You could start by learning simple(ish)browser-based attacks like SQLi, LFI and XSS. You can also start reading The Tangled Web, it has a bunch of stuff about how browsers work.
I suggest you find some site that has exercises that let you test the methods and get a feel on how they work.

>>23

Ty, will give it a go.
stumbled across practice site few days ago will leave it here for others:

http://halls-of-valhalla.org/beta/challenges

All I want for now is to use my neighbor's WiFi.

Where would I start?

>>37
You're going to want Aircrack-ng. It's a collection of programs that target Wi-Fi.
http://null-byte.wonderhowto.com/how-to/hack-wi-fi-getting-started-with-aircrack-ng-suite-wi-fi-hacking-tools-0147893/ Explains what the different parts do. There are plenty of tutorials floating around on how to actually do it. If you want to avoid being a skid, put effort into understanding what it does and why it works.

>>37
Reaver is also something to look at. There are a ton of aircrack-ng tuts, so i'm not going to bother to say all the details, but you'll need a wifi card that is capable of promiscuous mode.

>>38
>>37
you guys should move this to a different thread, this clearly states resource thread, not a "pls teach me how to hack the gibson" thread.

>>40
Solid plan.

Violent python is a decent book, should be able to find a pdf online.

https://www.4armed.com/blog/wep-cracking-cheatsheet/

I seem to remember this being useful, used it a long time ago: http://punkspider.hyperiongray.com/
They have a defcon talk about it: https://www.youtube.com/watch?v=sEv8nxlMYf4

Giant list of programming resouces. Learn python or perl and C, at the very least. https://github.com/vhf/free-programming-books/blob/master/free-programming-books.md

Useful skiddie tool, or useful learning tool for people that actually want to know how to hack with python: https://github.com/DanMcInerney/LANs.py

Decent recon tool: https://ipalyzer.com/

Staying anon: https://evilzone.org/anonymity/the-art-of-anonymity-9178/

Practice: http://overthewire.org/wargames/

Online basics course: http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html

I'll dump more later, hopefully this is of use to someone

>>41
Nice post. A lot of those look really interesting.

>>22
Read alot of PHP before you begin with pentesting.

>>43

Ty the for the pointers really appreciated.

IT E-book - http://it-ebooks-search.info/

>>44

http://pentestmonkey.net/ has cheatsheets and tools

This board is so promising, and I'm gonna take a stab at contributing too.

Reverse Engineering: http://www.rohitab.com/discuss/topic/35537-cc-reverse-engineering-tutorial-for-newbies/

"Violent Python": http://www.mediafire.com/view/ytbsy2jqbj1ulac/Violent_Python_-_A_Cookbook_for_Hackers,_Forensic_Analysts,_Penetration_Testers_and_Security_Engineers_copy.pdf

Pentesting in Kali Linux: http://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442/ref=sr_1_2?s=books&ie=UTF8&qid=1373487462&sr=1-2&keywords=Kali+linux

Also check out metasploitable; it's a distro of linux that comes with vulnerable services and websites already set up. A big challenge for beginners is to find a vulnerable thing to exploit, set up a vulnerable thing to exploit, or straight up stay legal before you get good; this is a safe legal way to get all that stuff set up locally so you can experiment very soon in a means that won't get you v&.

>>22
You might want to try hackforums.net
It's very script-kiddie, but it taught me the basic methods or attack vectors, which helped me go from programming to searching for vulnerabilities.

Google.com