![]() As finding exploits became automated, bugs were found and exploited rapidly. Basically, there’s closed-source fishing and open-source fishing. That is actually the analogy which Halvar uses to describe it. CSO: It’s like overfishing? The Grugq: It is exactly like overfishing. CSO: Why so long now? The Grugq: It is harder to find good bugs and develop good exploits for them. These days it might take six months to find and develop one. The Grugq: Well, in 2000 there were loads of good exploits which would take maybe a week to find and develop. I've been in the IT field for years, written production level Java and C++ code, and work with Linux and DBMS software on a daily basis, but I wouldn't consider myself to have even a fraction of the knowledge I would want to have to successfully penetrate systems, but from watching CTF hacks from DefCon and a number of other security conventions the list above is just a portion of what they use in those CTF events. Learn how databases work and DBMS handles data in the database ![]() Learn how the web works, how packets are sent what protocols are used, etc. Learn how to reverse engineer binary files Understand endianness, architecture differences, and language support differences (unicode vs ASCII) Understand how an operating system operates If you want to 'hack' you better make sure you can. Any crack kiddie can download a tool like BlackShades and push a couple buttons to penetrate systems, but real penetration testing is a combination of a lot of skills. It is a skill acquired after years of built up knowledge about computing, networking, programming, etc. Hacking has become super cool because of movies like The Social Network, but in reality no one can "teach" you how to hack. ![]() True penetration testers will use it as a tool on a system devoted to testing, but never as a main operating system for personal use which a lot of people come to these forums trying to do. We're not arguing the ethics of hacking, just that wanting to "learn how to hack" is in itself a bad approach to computer science, and using Kali for learning is an equally bad move because it doesn't perform like a regular operating system. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |