The browser hacker's handbook

[defaultName]

Hi, I'm kind of new to the hacking world. I actually have a pretty solid background in the IT field, yet I wanted to learn more about hacking in the real world.

Well, what about The browser hacker's handbook? I don't know if it is a good start, but I want to learn concepts from a to z and it seems to cover every bit of the subjects (obviously regarding browser attacks).
I picked the browser hacking since I've found this book but I am open to every branch of hacking, just looking for point where to start.

Just please leave a feedback or a suggestion, thanks!

[Jbraithwaite]

Hey there,

I'm an IT sys admin myself and kind of accelerated into the field this year. I'd say to give the missions on the homepage a try. They are actually really good practice in web application testing. I've found the web stuff interesting, however, as you say there is a vast amount of subject areas in hacking.

If books are you thing then this wee list could help you out.

Web Application Hackers handbook 2
Hackers Playbook 2
Gray Hat Hacking
Red Team Field Manual
Web Penetration Testing using Kali Linux.

Just a few of the ones I have and sometimes I just can't tear myself away from them. Consolidate your reading with practical as much as you can and as legally as you can too lol.

For testing systems you can download a VM image called Metasploitable that has a multitude of uses. Also check out Damn Vulnerable Web App, that's also really helpful too. Comes with the Dojo VM.

Hope that helps.

[defaultName]

Hey there,

I'm an IT sys admin myself and kind of accelerated into the field this year. I'd say to give the missions on the homepage a try. They are actually really good practice in web application testing. I've found the web stuff interesting, however, as you say there is a vast amount of subject areas in hacking.

If books are you thing then this wee list could help you out.

Web Application Hackers handbook 2
Hackers Playbook 2
Gray Hat Hacking
Red Team Field Manual
Web Penetration Testing using Kali Linux.

Just a few of the ones I have and sometimes I just can't tear myself away from them. Consolidate your reading with practical as much as you can and as legally as you can too lol.

For testing systems you can download a VM image called Metasploitable that has a multitude of uses. Also check out Damn Vulnerable Web App, that's also really helpful too. Comes with the Dojo VM.

Hope that helps.

Hi, thanks for your answer.

I'm spending some time on the missions of HTS, actually I can solve a dozen of them (but the javascript ones since I am new to XSS and the language itself) and I am using DVWA to test concept (but it works just to prove concept, not actually challenging).

Anyway, my intent was to learn attacks in-depth (eg. I know how to make an SQL injection attack but: what does return the number of columns? what the names? what actually can let you inject instructions?).

Just looking for a couple of books with an actual a to z approach.

However, thanks for your suggestion, I'm sure I'll find something useful!

[Jbraithwaite]

It's hard to gauge what stage some is at I guess. I see you're past that glazing point all books go over. The 'Hello World' part if you will. One of the realistic challenges uses SQLi in a good way and makes you think a lot about it.

If you really want to go nuts then give this a try. http://ctf.infosecinstitute.com/ctf2/

It's pretty cool.

[defaultName]

I will give this site a try, seems to be not so easy.

I guess I can just get better with the practice, fortunately it is pretty funny!

[Jbraithwaite]

The sites admins always keep everyones ear to the ground with regards to CTF's I had a lot of fun and experienced gained on the last one.

[-Ninjex-]

If you are looking into directly attacking the browser and things that is uses (flash, plugins, addons, etc) then the book is definitely solid for this. I've read through most of it, and found it quite interesting. You also gain a little understanding of command and control servers and hidden communication channels. Really though, this wouldn't be a good start if you aren't interested in attacking browsers... It depends on what you want to do. Anyone can exploit a website and still be a complete noob at hacking when someone throws them a compiled program with a buffer overflow.