The browser hacker's handbook

Discussion about particular books go here.
Forum rules
Please make title book name & author.
Books about computers or hacking get stickied

The browser hacker's handbook

Post by defaultName on Wed Apr 06, 2016 8:42 am
([msg=92093]see The browser hacker's handbook[/msg])

Hi, I'm kind of new to the hacking world. I actually have a pretty solid background in the IT field, yet I wanted to learn more about hacking in the real world.

Well, what about The browser hacker's handbook? I don't know if it is a good start, but I want to learn concepts from a to z and it seems to cover every bit of the subjects (obviously regarding browser attacks).
I picked the browser hacking since I've found this book but I am open to every branch of hacking, just looking for point where to start.

Just please leave a feedback or a suggestion, thanks!
defaultName
New User
New User
 
Posts: 3
Joined: Wed Apr 06, 2016 8:30 am
Blog: View Blog (0)


Re: The browser hacker's handbook

Post by Jbraithwaite on Wed Apr 06, 2016 2:33 pm
([msg=92096]see Re: The browser hacker's handbook[/msg])

Hey there,

I'm an IT sys admin myself and kind of accelerated into the field this year. I'd say to give the missions on the homepage a try. They are actually really good practice in web application testing. I've found the web stuff interesting, however, as you say there is a vast amount of subject areas in hacking.

If books are you thing then this wee list could help you out.

Web Application Hackers handbook 2
Hackers Playbook 2
Gray Hat Hacking
Red Team Field Manual
Web Penetration Testing using Kali Linux.

Just a few of the ones I have and sometimes I just can't tear myself away from them. Consolidate your reading with practical as much as you can and as legally as you can too lol.

For testing systems you can download a VM image called Metasploitable that has a multitude of uses. Also check out Damn Vulnerable Web App, that's also really helpful too. Comes with the Dojo VM.

Hope that helps.
In training....
Jbraithwaite
Poster
Poster
 
Posts: 198
Joined: Tue Nov 10, 2015 4:35 am
Location: Whatever my VPN says.
Blog: View Blog (0)


Re: The browser hacker's handbook

Post by defaultName on Wed Apr 06, 2016 2:50 pm
([msg=92097]see Re: The browser hacker's handbook[/msg])

Jbraithwaite wrote:Hey there,

I'm an IT sys admin myself and kind of accelerated into the field this year. I'd say to give the missions on the homepage a try. They are actually really good practice in web application testing. I've found the web stuff interesting, however, as you say there is a vast amount of subject areas in hacking.

If books are you thing then this wee list could help you out.

Web Application Hackers handbook 2
Hackers Playbook 2
Gray Hat Hacking
Red Team Field Manual
Web Penetration Testing using Kali Linux.

Just a few of the ones I have and sometimes I just can't tear myself away from them. Consolidate your reading with practical as much as you can and as legally as you can too lol.

For testing systems you can download a VM image called Metasploitable that has a multitude of uses. Also check out Damn Vulnerable Web App, that's also really helpful too. Comes with the Dojo VM.

Hope that helps.


Hi, thanks for your answer.

I'm spending some time on the missions of HTS, actually I can solve a dozen of them (but the javascript ones since I am new to XSS and the language itself) and I am using DVWA to test concept (but it works just to prove concept, not actually challenging).

Anyway, my intent was to learn attacks in-depth (eg. I know how to make an SQL injection attack but: what does return the number of columns? what the names? what actually can let you inject instructions?).

Just looking for a couple of books with an actual a to z approach.

However, thanks for your suggestion, I'm sure I'll find something useful!
defaultName
New User
New User
 
Posts: 3
Joined: Wed Apr 06, 2016 8:30 am
Blog: View Blog (0)


Re: The browser hacker's handbook

Post by Jbraithwaite on Wed Apr 06, 2016 3:16 pm
([msg=92098]see Re: The browser hacker's handbook[/msg])

It's hard to gauge what stage some is at I guess. I see you're past that glazing point all books go over. The 'Hello World' part if you will. One of the realistic challenges uses SQLi in a good way and makes you think a lot about it.

If you really want to go nuts then give this a try. http://ctf.infosecinstitute.com/ctf2/

It's pretty cool.
In training....
Jbraithwaite
Poster
Poster
 
Posts: 198
Joined: Tue Nov 10, 2015 4:35 am
Location: Whatever my VPN says.
Blog: View Blog (0)


Re: The browser hacker's handbook

Post by defaultName on Wed Apr 06, 2016 3:34 pm
([msg=92099]see Re: The browser hacker's handbook[/msg])

I will give this site a try, seems to be not so easy.

I guess I can just get better with the practice, fortunately it is pretty funny!
defaultName
New User
New User
 
Posts: 3
Joined: Wed Apr 06, 2016 8:30 am
Blog: View Blog (0)


Re: The browser hacker's handbook

Post by Jbraithwaite on Wed Apr 06, 2016 3:52 pm
([msg=92100]see Re: The browser hacker's handbook[/msg])

The sites admins always keep everyones ear to the ground with regards to CTF's I had a lot of fun and experienced gained on the last one.
In training....
Jbraithwaite
Poster
Poster
 
Posts: 198
Joined: Tue Nov 10, 2015 4:35 am
Location: Whatever my VPN says.
Blog: View Blog (0)


Re: The browser hacker's handbook

Post by -Ninjex- on Fri Apr 08, 2016 12:34 am
([msg=92106]see Re: The browser hacker's handbook[/msg])

If you are looking into directly attacking the browser and things that is uses (flash, plugins, addons, etc) then the book is definitely solid for this. I've read through most of it, and found it quite interesting. You also gain a little understanding of command and control servers and hidden communication channels. Really though, this wouldn't be a good start if you aren't interested in attacking browsers... It depends on what you want to do. Anyone can exploit a website and still be a complete noob at hacking when someone throws them a compiled program with a buffer overflow.
image
For those that know
K: 0x2CD8D4F9
User avatar
-Ninjex-
Moderator
Moderator
 
Posts: 1691
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)



Return to Books

Who is online

Users browsing this forum: No registered users and 0 guests