User Controls
Infosec/Compsci e-books.
-
2016-01-07 at 8:45 PM UTCAnyway, i've aquired some interesting resources and was wondering if ya'll would be interested in aquiring some as well. Take a pick and i'll upload the e-books of your choice for you.
-
2016-01-08 at 4:45 AM UTCI have quite a few of these but I've only read most of the way through the second to last. I haven't even really got into Python much.
I'd like NSA Securing Linux please.
Have you read through all of these? -
2016-01-08 at 5:46 AM UTC
I have quite a few of these but I've only read most of the way through the second to last. I haven't even really got into Python much.
I'd like NSA Securing Linux please.
Have you read through all of these?
No not at all, i've read black hat python and grey hat python skimmed through the pentesting one and am at about page 300 or so of the web pplications hackers handbook and i'm reading the bash cookbook as well to familiarize myself intimately with bash and linux in general. The rest of them came recommended by a sec minded buddy of mine so i figured i'd get them. Plus, i think malware is fascinating which is why i also got the kernel exploitation books. Any place you'd prefer me to upload the e-book in question? -
2016-01-08 at 8:20 AM UTCThe problem I've had with these books is that they're beasts in terms of size and each one takes 1-6 weeks of reading combined with practicing. Like the Web Application Hacker's Handbook - fucking amazing, thorough, and well written, but I'd get lost in it if I wasn't taking notes and trying some of the shit out on DVWB or OWASP's RailsGoat.
-
2016-01-08 at 9:17 AM UTC
Any place you'd prefer me to upload the e-book in question?
​Angelfire please.The problem I've had with these books is that they're beasts in terms of size and each one takes 1-6 weeks of reading combined with practicing. Like the Web Application Hacker's Handbook - fucking amazing, thorough, and well written, but I'd get lost in it if I wasn't taking notes and trying some of the shit out on DVWB or OWASP's RailsGoat.
Yeah, that one was a big one. I never did finish it completely. You practically have to download the tools and do a little bit of 'action' to stay interested. But it kept me interested.
Roughly what percentage of internet hacking would you say is web application based? -
2016-01-08 at 10:18 AM UTC
Yeah, that one was a big one. I never did finish it completely. You practically have to download the tools and do a little bit of 'action' to stay interested. But it kept me interested.
Roughly what percentage of internet hacking would you say is web application based?
Yeah, I did the whole messing around with tools thing. Helped retain the material. That's a really tough question, especially since I've moved away from infosec (temporarily). If by "web application" you mean "anything that serves or consumes HTTP" then a fucking ton
We got the popular stuff like XSS, with SQLi and CSRF stuff a little further behind. Then there's everything that's related to fucked up application logic ie. file upload forms that enable XSS or remote file access or bad authentication/authorization schemes. I guess we could classify all the "open wide to the internet" technologies ie. redis/elasticsearch/mongo that serve HTTP on 0.0.0.0 or other crazy insecure defaults (http://blog.binaryedge.io/2015/08/10/data-technologies-and-security-part-1/). IoT also expose a bunch of HTTP services (http://betanews.com/2015/10/10/hackers-exploit-serious-unpatched-netgear-router-dns-vulnerability/) and these services are all web applications of some sort - even if it's just static html + basic auth.
-
2016-01-08 at 12:26 PM UTC
​Angelfire please.
Nigga'i ain't getting angelfire FTP hosting bullshit, here's a vola https://volafile.io/r/q2kF5-
Expires in 2 days so hurry up. Lol.
