Jan 22, 2016

5 Best Hacking Books of 2016

Learning hacking has always been tough for many people not because its very difficult, but because they do not have proper source of learning, and since appropriate guide is very necessary in this field, Experts always recommend to read books initially. So that, you can get all tutorials and guides directly from top hacking book, PDF or eBook whatever you prefer.


Learn to Hack from Best Hacking Books

Hacking is an Art of Exploitation which can be used ethically as well as unethically, for e.g. A hammer can be used to build or break something, and anybody can learn this art easily with just little efforts, YES! nowadays its easy to learn how to hack, In fact you can teach yourself or get an online training, However in any case you will definitely need books because that's the only best way to learn hacking for beginners.

The secret of learning hacking more quickly and easily is to concentrate more on Penetration Testing, its the key and also the most essential skill of a hacker which requires lot of practical knowledge and so, it is mastered only through practice. Well, If you don't know anything about Pentesting do not worry, because these books will teach you from basic without any need of prior knowledge.

The Hacker Playbook 2: Practical Guide to Penetration Testing

After the huge success of The Hacker Playbook the author has released second edition recently, and it tops our list because of its vast topics on pentesting and hacking tutorials. It's a greatly informative book which teaches you step-by-step pentesting and guides you with practical methods, hands on examples and helpful advice from experts. Apart from that, It also focuses on advance topics such as attacking networks, privilege escalation and evading antiviruses. Both editions are completely dedicated to penetration testing methods in ethical manner, which is really beneficial for newbies.


Black Hat Python: Python Programming for Hackers and Pentesters

You may know the importance of programming languages for hackers specially Python, one of the most useful and essential language for hackers because whenever it comes to creating powerful hacking tools or scripts, Python is foremost. This book teaches you Python programming and explores the darker side of its capabilities like creating stealthy trojans, extending Burp-Suite, and escalating Windows privileges. It focuses more on black hat techniques like writing exploits & network sniffers, manipulating packets and infecting virtual machines. It comes highly recommended.


The Basics of Hacking and Penetration Testing

This is probably the best hacking book for beginners because it covers range of chapters on penetration testing and instructs you How to perform an ethical hack from very basic. The initial part serves as an introduction to ethical hacking and common pentesting methods. Reader will learn to use Kali Linux with great ease and what's more fascinating is that it focuses heavily on tools usage like Nessus, Nmap, Metasploit, SET, w3af, Netcat, MetaGooFil etc. It explains everything in detail and simple manner, so if you are looking to get started then I'd say, “Go for it without any second thought.”


Hacking: The Art of Exploitation 2nd Edition

This is considered to be greatest hacking book of all time and a must read for every hacker. It's very unique in terms of teaching, Unlike others it spends great deal of time explaining technical foundation and How things work from inside. So instead of directly showing you direct tutorials it will first make you understand underlying mechanism and machine architectures. You will learn to outsmart security measures, corrupt system, Wireless encryption cracking and Network attacks etc.Programming language coverage includes C, Assembly Language and Shell Scripting.


Rtfm: Red Team Field Manual

RTFM an excellent command line book written by an experienced pentester, it is very handy and cheap but very effective and informative as well. It contains 90 pages of commands for Windows, Linux, Nmap, SQLMAP, VPN, Putty, Powershell, Google Hacking, Tunneling and lot more which I could not list here, It features around 2000 syntax and their respective tutorials from basic to advance. Another most exciting and important thing you'll learn is new Red Teaming techniques which is to be known as very effective skill of a penetration tester, hence you shouldn't miss it.


Will I become Hacker after reading book?

No, please don't be in such misconception because reading is just knowing and to become a hacker you must strive to improve your skills by taking up challenges and practically doing what you learn. You just can't read bunch of tutorial and call yourself hacker, instead you need to be little patient while learning and practice it with full of passion. In this field Experience is more valuable than Knowledge.

Jun 19, 2015

8 Best Kali Linux Books

Kali Linux is an extremely advanced pentesting platform designed for hackers and security experts to make their task easier. For a beginner it might be little difficult to grasp it because of lack of proper guide and training, but you can easily learn from books available online. I have mentioned few best Kali Linux Books, eBooks and PDFs for beginners as well as experts.


Best Kali linux book You Must Read to be a Hacker

Kali is very popular among hackers because of its environment, it has hundreds of hacking, pentesting and forensics tools which allows us to gather information, find vulnerabilities and create exploits. It can be used as destroyer as well as creator, that depends on you, but to perform such awesome actions one needs to have great hacking and pentesting skills.

To become an expert hacker you must strive to improve your pentesting skills with Kali by learning new things daily and believe me books has the potential to make you master despite being a newbie. All you need is basic programming knowledge.

Basic Security Testing with Kali Linux

This is the perfect book for beginners to get started because it teaches you from starting points like Introduction & Overview, and later on covering topics such as Metasploit, Exploiting Windows & Linux systems, Social Engineering, Password attacks etc. The author has explained in simple words with images which makes it easier to understand even for a layman. The primary concern of this book is pentesting for security.

It focuses more on How an attacker can find and exploit weakness in system, For e.g. How to discover vulnerability in system, which can be exploited by a malicious hacker, and that is the most essential skill.


Mastering Kali Linux for Advanced Penetration Testing

This is for those who wants to become master because it's the most advance Kali Linux book ever written. The initial part wraps us common security testing methods and the middle section focuses on exploitation and post-exploitation methods. It also represent bypassing physical security, social engineering, web services and attacking network direct end user. The reader will also learn about network exploit and security.

It follows a hacker methodology with all practical knowledge needed to test your security. If you're stepping into IT Security field or appearing for pentesting exam, you probably shouldn't miss it.


Web Penetration Testing with Kali Linux

Internet also known as Web is another major part of today's technology, and with this level of advancement security and privacy concern rises. This book is completely dedicated to Web pentesting covering wide range of lessons on SQL Injection, XSS, Exploiting server flaws, Authentication & Hijacking techniques etc. It teaches you How to find vulnerabilities in Web-Apps and Site using the most effective tools available for Web Penetration Testers.

Apart from testing it also educates its reader on securing Web and its components, like patching flaws and preventing malicious exploitation. On top of that it also shows How to write and create reports in professional manner.


Kali Linux: Wireless Penetration Testing Beginner's Guide

Do you want to hack your neighbour's Wi-Fi password but don't know How to? Well this book is dedicated to Wireless hacking & pentesting for freshers. It will teach you How to create WLAN Lab and experiment pentesting like bypassing WLAN Authentication, Encryption flaws and Attack clients, with in-depth tutorial.

It follows pentester's methodology and focuses on advance Wireless attacks from Sniffing to Capturing WPA-2 keys. It also explores ins and outs of wireless technologies which is a very exciting part indeed.


Which book is best for you?

It's normal to get confused while choosing the most appropriate book for yourself because you may not have the slightest of idea which could be most useful for you. In my advice first of all you must recognize your interest and buy according to your status (Newbie, Intermediate or Expert), for instance if you're interested in Wireless hacking but you're a fresher, then you should go for fourth one.

Intermediate Level

In case if you are already aware of basics you can go for medium level books.


Security Professionals

I'm myself very fond of InfoSec professionalism, sometimes people refer it as an expert level.


Reading isn't enough, Practice is necessary

It would be unwise to think that only reading is enough to become expert... NO! Training is vital. The more you practice the more you'll gain experience and knowledge. Do not just read and memorize the tutorials instead understand it completely and then do it on your own in a Pentesting Lab which is safe and beginner friendly.

Mar 11, 2015

An Interview with Rafay Baloch - (Ethical Hacker)

I have interviewed one of the world top ethical hacker Rafay Baloch, A very passionate security geek and a pentester. Let's see how he began his hacking career and became world famous security researcher. He also has lot of advice for your career as well.

Who is Rafay Baloch?

Rafay Baloch is a Pakistani security researcher, founder of popular blog RHA and author of Ethical Hacking and Penetration Testing Guide paper-book. Rafay has received countless bug bounties from tech giants like Facebook, Google, PayPal etc. His most famous finding is remote code execution in PayPal worth $10,000 USD that's not all, he is also listed in many security disclosure page.

1. How did you get fascinated towards hacking?

7 years back, I downloaded a tool which claimed to hack an Orkut account and as of that time orkut was at it's top famous list among social networks; the tool which I was curious about turned to be a virus which was designed to steal information. Weird things started to happen to my computer, eventually after lots of googling, I figured it out and managed to clean the infection successfully.

This however made me curious how could had been the little program actually work beyond the curtains. This alone was my starting point, and from that morning on-wards i dedicated my every step of career information security.

2. Where did you learn so many things?

I have dedicated almost seven years into this field and I am still learning more and more every single day. Learning never stops. The most essential thing you would need to have for learning is patience and dedication; these combined lead to heights of excellence. I haven't done any courses especially in terms of information security.

I have self-explored most of the things and I am still doing it with my learning passion. With regards to the learning part, I was lucky to get great mentors such as David Vieria, Giuseppe, Alex and File Descriptor to name a few. A list of Great friends such as Prakhar Prasad and Deepankar who helped me with my learning.

3. Why you're inactive in bug bounty programs?

The reason being is that I lost interest, money was never a problem alhamdullilah, but I felt like I was not learning anything new with it, So I moved towards security research especially with Android. I think security research is more challenging than bug bounty, we as security researchers invent techniques which pentesters use.

4. What is your advice to beginners in Hacking

My advice is first of all is to be ethical and not to compromise your integrity, A hammer could be used to build something and it could be used to destroy something. My personal integrity is to bring positive change in this world. Secondly, With regards to learning, I would recommend everyone to focus more on web application security instead of networks and other layers due to the fact that the attacks have moved towards web applications and there is a huge playground and potential for bug bounties.

If you are into Blackbox testing, before you even start your first test, you should interact with the application and see how it works and start identifying all the inputs and start manipulating them against well known bugs. To be a better penetration tester, you need to be good at finding logical bugs, which you can only find given that you understand how the application really works.

5. Tell us about your book Ethical Hacking and Penetration Testing Guide

The book was published in 2014, It is completely dedicated towards beginners, the idea behind the book is that offense is the best defense. I have received mixed reviews. While people have really liked the contents of the book, however there have been people who have complained about the Grammar specifically and have criticized the editor.

I appreciate your time for this interview Rafay would you like to say anything else?
My pleasure, thank you very much. The last message I would like to give is
Never get demotivated by your failures, turn your weaknesses into your strength and follow your passion.

Dec 8, 2014

Important Programming languages for Hackers

Every application or site you use is programmed in a particular computer language also known as Programming and people such as Hackers tries to hack it but to break anything first you need to understand and then exploit its weakness, same happens in Hacking, To actually hack anything first you'll have to understand target application but that understanding requires knowledge of Programming languages.

Which Programming are required to Hackers?

There are lots of computer languages but few are required for hacking purpose because in most cases it depends upon target. There are basically three sections ― Web Hacking, Exploit Writing & Reverse Engineering and each of it requires different coding.

1. Web Hacking

Let's say you are interested in hacking web apps and sites then you will need to learn web coding HTML, CSS and JavaScript because all sites are created using these languages and knowing it will allow you to understand things quite easily.

HTML: One of the easiest and widely used static markup web language present in each and every website you see in your browser. It's recommended to learn HTML very well because it helps understanding web actions, response, and logic.

JavaScript: JS is a client-side web programming mostly used in web sites for better user interface and quick response. You should learn JS carefully because it helps to understand client-side mechanism which is essential for finding client-side flaws.

PHP: A dynamic server-side language which is responsible for managing web-apps and database. PHP is considered one of the most essential language because it controls everything on site and server, like a captain of a ship. It is advised to learn PHP nicely.

SQL: SQL is responsible for storing and managing sensitive and confidential data such as User Credentials, Personal info or even Bank details used in almost all data storing sites and therefore it's the most attacked portion of a site.

2. Exploit Writing

Python: It is said that a Hacker must know Python because its the core for creating exploits and tools. Security experts and even pro hackers suggests us to master Python because it provides wider flexibility and can be used in many places. I recommend to read Black Hat Python

Ruby: A simple but complicated object-oriented language. Ruby is very useful when it comes to exploit writing. It is used for meterpreter scripting and you may know that Metasploit framework itself is programmed in Ruby.

3. Reverse Engineering

Assembly: It's a low level but advance coding. One can instruct a machine hardware or software using it. If you're keen about Reverse Engineering then Assembly is going to be very helpful.

Conclusion

I mentioned seven languages but that's not all and nobody ever learn all of them 100% but you should know little bit of each as its essential but what matters here is only your target, If the app which you want to hack is coded in ASP then you'll need to know ASP. Do you think any other programming is essential for Hackers? if yes then please comment below.

Nov 19, 2014

Meet Jasminder Singh - Security Researcher

This is an exclusive interview of an Indian security researcher Jasminder Pal Singh ― A very passionate InfoSec enthusiast, Web developer and a Bug bounty hunter. What's catchy about Jas is, he is a very humble and have lots of patience towards his work. Recently he discovered critical stored XSS flaw in YouTube, as a white hat he immediately reported it to Google Security team and received positive reply.

Jasminder Singh
Jas has discovered multiple bugs in Nokia, Facebook etc

1. How you got fascinated towards security field?

I was attracted by the term hacking but before it I was into Security Researches - Malwares, Trojans etc I studied how they work, did stuffs practically. I really loved these things but I had to drop it because there was no peace of mind working and so I engaged in web development but I was also aware that there are destructive minds and methods to break my apps and in the process of learning to secure them, I also learned how to break.

2. Who is your inspiration?

Actually there were many inspirations during the journey and its still ON, If you're ask about Web App Security, it is necessary for a web developer to secure their developed applications. I want to give credit to two persons. I was inspired by the research of Rafay Baloch A a very genuine person and helped me quite a few times. The other one is Siddhesh Gawde, he once sent my name for Microsoft Hall of fame even though I hadn't anything. This made me happy and I decided to start pentesting.

3. Which is your most favorite quote?

Getting Inspired instead of being jealous on someone's success will lead you towards the Success.

4. What is your advice to beginners in Hacking?

Learn the Basics: This is the key, without basics we are like shooting in dark. It may hit correct sometime by chance but majority will go in vain. I would like to quote few words of Amine Cherrai.

Never try to think outside the box before you know what's inside

Learn Programming: I was into web applications development before pentesting, so I had some command over web development languages like php,js,html/xhtml,css etc. It helped alot to understand the behavior of the application. I was able to code my own payloads instead of injecting static ready made vectors.

Watch POCs and Read Write-Up: Its a good practice to watch video Proof of Concepts and read the write-Ups of bugs discovered by other security researchers. It will increase your area of thinking about injecting into application. Some good resources are: Hackerone.com, vulnerability-lab.com or on Youtube set the search filter to "Last Week" and input search terms like "XSS" , "CSRF" etc

Avoid Pentesting sites which doesn't have a vulnerability disclosure program its kinda illegal. There are many websites where you can practice pentesting - Bug bounty programs list and last but not least follow InfoSec and researchers on twitter, I follow some good researchers on twitter. You can also navigate to HOF pages of different websites and read their researches.

5. Which is your favorite vulnerability found by you?

Last year I discovered a DOM based Cross Site Scripting bug which abused CORS in Nokia's Ovi Store which affected whole site. It was quite interesting bug, I had to work lot to make the payload. Second one which is also XSS in YouTube.