
How to learn hacking - Faizann20
http://fsecurify.com/how-to-learn-hacking/
======
616c
If people actually care about this topic, and want to see someone doing a
genuinely good job, check out LiveOverflow. Some other posters here will make
fun of his dubstep intro music, green on black terminal text intro with the
Rabbit, but he admitted in his first QA it was tongue and cheek.

His subreddit:

[https://reddit.com/r/liveoverflow](https://reddit.com/r/liveoverflow)

His YouTube channel:

[https://www.youtube.com/channel/UClcE-
kVhqyiHCcjYwcpfj9w](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)

I have taken more traditional infosec coursework for $DAYJOB. I must say this
stuff, the more novice stuff beneath and the more advanced stuff above my
head, is well structured, even if informal, entertaining, and inspiring. I
definitely want to give back to the community like him with solid content and
a very unassuming attitude. This is exactly the kind of teacher we need in
this space!

(This is not to say F Security is assuming or crappy, I just wanted to talk up
someone who really is teaching how to hack the way I think it ought to be
done!)

~~~
LiveOverflow
Thank you so much!

I have also recently started building
[https://liveoverflow.com](https://liveoverflow.com), which might have a
better structure than a YouTube channel or subreddit.

Also some people may have actually seen a video of mine, because my most
popular video so far is the DirtyCow video which got referenced by news sites
and on the dirtycow github repository.

My personal recommendation is to checkout the AngularJS Sandbox bypass series:
[https://www.youtube.com/playlist?list=PLhixgUqwRTjwJTIkNopKu...](https://www.youtube.com/playlist?list=PLhixgUqwRTjwJTIkNopKuGLk3Pm9Ri1sF)

Criticism and feedback is always welcome.

~~~
risk
Thank you for the videos. They are such a valuable thing for infosec students.
Please keep up the excellent work.

~~~
LiveOverflow
If you have feedback from infosec students, or topics that would benefit
students, please contact me :)

~~~
616c
As you wish. I will be more vocal on your subreddit.

More stuff with radare, please! Hopper seems cool, as does Binary Ninja, but I
see us like scientists, and I don't like IDA and their ilk with their price
tag. Not because I cannot afford it, but how do we as IT professionals not
take reproducible research seriously!?

Also, keep up with your slick GDB fu. I watched you Boston Key Party vids last
night and they are an education, let me tell you.

------
planetix
So what's the business of this company and its CEO? Other than trying to
collect subscribers to his blog.

Also really confusing name considering there's the Finnish security company
called F-Secure who also have a technical blog:
[https://labsblog.f-secure.com/](https://labsblog.f-secure.com/)

And now also run a security course in Helsinki University:
[http://mooc.fi/courses/2016/cybersecurity/](http://mooc.fi/courses/2016/cybersecurity/)

~~~
Faizann20
If you think I am trying to collect subscribers, I have removed the "Subscribe
to us" text from the post. F stands for my name and I liked the domain.

There is no business of this company. All I do is learn stuff, try to come up
with good articles and post them. I plan to convert it into a proper company
once my studies are over. I am just a student at the moment.

Hope everything is good now.

Best Regards.

~~~
saycheese
"All I do is learn stuff" sounding phrase dot com would be more inline with
your stated objectives.

Currently, name & logo look like something a company would use and are
potientally easily confused with other companies using similar names; as
mentioned in other comments.

Just to be clear, it is obvious you put a lot of work into this, thanks for
sharing. Keep it up!

------
vog
I find it deeply disappointing that this totally skips some very important
parts, namely attitude, motivation and ethics. (Except for so-called "Ethical
Hacking". On the other hand, what should one expect from the blog of a
security company?)

I recommend the all-time classic "How To Become A Hacker" by Eric S. Raymond:

[http://www.catb.org/esr/faqs/hacker-
howto.html](http://www.catb.org/esr/faqs/hacker-howto.html)

~~~
sdevlin
ESR is a racist and a misogynist. And that document might as well be called
"how to be ESR".

~~~
ms7
Care to share a source for that?

~~~
tptacek
The cites would fill the whole thread. You can take his word for it.

------
johnchills
As a junior security employee, I am still trying to figure out where to take
my career. I have thought about various different paths: pentesting,
development (JS, C, python, exploit...), reverse-engineering, web-app hacking,
network-engineering and I cannot for the life of me decide where to focus my
studies. I have reservations about pentesting because For example, I think a
lot of it is unskilled work (e.g., pressing scan on nessus, clicking exploit
on Burp) or work which will be automated in the near future. So for those who
are more experienced than me, or for those who can share some insight on
security-careers, what tech-careers would you choose and what would you study
if you were starting right now?

~~~
LiveOverflow
> I have reservations about pentesting because For example, I think a lot of
> it is unskilled work (e.g., pressing scan on nessus, clicking exploit on
> Burp) or work which will be automated in the near future

My job title is "Penetration tester" but I don't fall into that category.
That's why I often refer to it as doing "application security
analysis/audits". My current job is to do black/white box testing of single
applications - and not a huge organisations where you just phish some
employees. I have not worked for other companies, but as far as I can tell,
many "penetration testing jobs" are actually what I do.

It's fun, challenging and very technical. And obviously no scanners are used -
I have never in my career used nessus or any other click2exploit tool.

------
saycheese
Link is dead and returns this error:

"This Account has been suspended. Contact your hosting provider for more
information."

_________

Google's Cache:
[http://webcache.googleusercontent.com/search?q=cache:http://...](http://webcache.googleusercontent.com/search?q=cache:http://fsecurify.com/how-
to-learn-hacking/)

~~~
eriknstr
Link works fine for me.

~~~
saycheese
Agree, it's back up (right now); it was down for 30-40 minutes though.

------
homakov
Unrelated: It's not cool to put all the logos of companies just because you
found some low sev bug there, not even saying the name is kinda similar to
known security corp F-Secure...

~~~
Faizann20
I thought it would be a good motivation for others. Also, I did receive a book
"Intro to Algorithms" by MIT Press Director on urgent delivery. So I think its
okay to show other people what exactly they can achieve by going through the
stuff I posted.

Best Regards.

------
Faizann20
In case the website does not work, you can try this link:

[http://webcache.googleusercontent.com/search?q=cache:http://...](http://webcache.googleusercontent.com/search?q=cache:http://fsecurify.com/how-
to-learn-hacking/)

------
ns8sl
It is worth studying common weaknesses in code:

[https://cwe.mitre.org/](https://cwe.mitre.org/)

------
snowwrestler
It doesn't actually say.

~~~
slmyers
I did get the impression he was quite accomplished -- given his
acknowledgement from NASA -- so I guess... success?

------
wyclif
Link to first book is dead.

------
fao_
> Account Suspended

It's a dead link

~~~
Faizann20
Try now.

------
EugeneOZ
step 0: google "wordpress exploit" or "windows exploit framework".

step 1: figure out how to run it

step 10: deface some useless site or get access to computer of your friend.

step 11: buy t-shirt with words "haxx00r" or "the matrix green failing
letters".

~~~
ndirish1842
step 12: ?

step 13: profit

~~~
localfugue
You forgot binary.

