Quality Books on Hacking

[agentaika]

I've been doing a lot of digging through Google and Amazon for quality hacking books. So far Practical Hacking Techniques and Countermeasures by Mark D. Spivey tops my list. It looks very promising, and seems to provide very clear and direct information on how to attack and defend using Windows and Linux applications.

Have any of you read this books, or know of similar books that might be better?

[Blunderboy]

First of all reading about it practical techniques will only help you so much. You need to work with the skills to master them. I would tell you though attack your own stuff. Setting up a Server, breaking into it, then fixing it will show you 3 points to learn from. But 2 books right off the top of my head are "Hacking Exposed 5th Edition" and "Gray Hat Hacking the Ethical Hacker's Handbook" I would at least get a firm basis in at least one programming lang. plus a firm understanding of computers and networking.

[DingleBerries]

Any documentation on the tools you will be using is a must. Before I even started trying to crack WEP keys I read through the documentation, same with metasploit.

DVM is also a OK start if you have an extra machine laying around.. Go ahead and install windows SP1 on it and load it full of vulnerable programs. Get a reverse shell and add a user, then move on to bigger and better things.

[agentaika]

Thanks for the replies.

First of all reading about it practical techniques will only help you so much. You need to work with the skills to master them. I would tell you though attack your own stuff. Setting up a Server, breaking into it, then fixing it will show you 3 points to learn from. But 2 books right off the top of my head are "Hacking Exposed 5th Edition" and "Gray Hat Hacking the Ethical Hacker's Handbook" I would at least get a firm basis in at least one programming lang. plus a firm understanding of computers and networking.

I'm not looking to make a career out of hacking. I just want to help my cousin with the security on his server, and move on. lol. What ever knowledge I gain I'll likely use for something else. Or maybe I could do a little white hat hacking on the side? I don't know. But right now I would prefer a book that just, flat out, told me how to hack, step by step. I learn best by watching examples, and then filling in the details later. And regarding programming, I already know Python and some C++.

Any documentation on the tools you will be using is a must. Before I even started trying to crack WEP keys I read through the documentation, same with metasploit.

DVM is also a OK start if you have an extra machine laying around.. Go ahead and install windows SP1 on it and load it full of vulnerable programs. Get a reverse shell and add a user, then move on to bigger and better things.

I'll give this a try.

[thefatmoop]

shellscoders handbook

hacking: the art of exploitation

grayhat*

google hacking for pentesters

google ebookee

[Blunderboy]

Good luck white hat hacking for anyone unless you put in an ass ton of time in school. These days hacking has been standardized into a degree and that's what people are looking for amongst other things. If your cousin needs help managing his server I would start with a book that runs you through how to secure that type of server, such as a win2003 exchange server. People write trillions of lines online about how to do this or you could take the consolidated route and go to boarders and buy a book on 2003 exchange server and/or get a hardening a win2003 server. M$ puts books on the topics out or you can get a book written by O'reilly, which in my experience are some of the best computer books around. Trying to learn to hack will help a seasoned user with their server but if you have no idea on the workings of the type of server he is using it would be more beneficial to learn about how it works and learn about possible well known security risks and then branch off from there.

[SWFu]

Penetration Tester's Open Source Toolkit: 2 is another, it's based on Bactrack 2 though.

[Timmo]

i would also recomend studying the theroy first. 2 books i have been meening to read are the 2 kevin mitnik ones "the art of deception" and "the art of intrusion". after that go into the tools other ppl have created and how to best use them with examples. if you must create a virtual machine using VMware and build a PC that is vonerable inside and try the examples, try checking the switches for commands and just explore.

[ADM1NX]

Along with Kevin Mitnick's books, you should check out 'Steal This Computer Book 4.0' by wallace wang. If you want to lock down a linux server, you should check out how to use SELinux for starters, and I think securityfocus has a guide out there as well. Security won't come just with a couple clicks of a mouse, and learning to hack can't be throw into a "windows for dummies" kind of thing; hacking is a more of a mindset, not a step-by-step process (even though I could have sworn seeing "hacking for dummies" out in the wild).

If you understand the hacker's mindset, you'll have a better idea of what they are looking for when they try to get in your server, and what you need to do to protect yourself. Usually hackers will look for weaker systems to exploit, and give up on the more difficult ones, unless you have something that they really want sitting on your server.