Gray Hat Hacking

[DeadlyGambit]

Anyone familiar with the book "Gray Hat Hacking"? I'm a computer science major and I want to learn more about general security and hacking. I thought this book might be a good place to start. I'd also appreciate any other book/resource recommendations. Thanks guys.

-DG

[psionic storm]

what year of cs are you in? if you havent learned c and assembler learn that before anything

'memory as a programming concept in c and c++' by franek is good to compliment a c class. its pretty short.

rootkit.com has a bunch of interesting techniques, download some projects, good way to learn. look at source code for 'vanquish', thats a basic userland rootkit good place to start.

phrack.org had some interesting articles,
'smashing the stack for fun and for profit'
http://www-cse.ucsd.edu/classes/sp05/cse127/Smash.htm

mixter wrote some intro articles while back, read those
http://mixter.void.ru/papers.html

a lot of groups publish mags, some are just retarded tho
http://packetstormsecurity.org/magazines/
actually check out that whole site, its great. download the source for some security tools etc

http://www.textfiles.com/

msdn

i havent read 'gray hat hacking' but the security books ive read are filled with really old exploits, they talk about specific vulns for obsolete software. i think you're better off learning operating system concepts etc all that stuff is in 3rd year and usually is prereq for cs anyways.

you might also wanna checkout irc, try efnet

[MrMoo]

No offense to psionic but most of the stuff he mentions is pretty old.

Recommendations are tough to make without knowing which areas of security you're interested in. As I recall, Gray Hat hacking is a good book for someone interested in learning about a lot of the security tools that are available. But it won't necessarily help you to understand security. Shon Harris writes a great CISSP study guide that will teach you a lot of the fundamentals of security even if you're not taking the CISSP exam. Bruce Schneier is one of the foremost experts on cryptography. His Applied Cryptography is priceless for those interested in the crypto side of things. He also has an excellent book called Secrets and Lies which does a fantastic job of getting you in the security mindset. If you're into hardware hacking, check out Security Engineering by Ross Anderson. If you're interested in some technical stuff mixed in with fiction, check out the "Stealing the Network" books.

[psionic storm]

we still use stacks, heaps, software is still written in c, and it has not changed much that is why you will still learn a lot from old texts.

fundamentals of computer security comes from a strong understanding of core concepts in cs like data structures which are all old, and not from books like 'hacking exposed'

as you read a text you may catch a bunch of obsolete stuff which may be useful for when you travel back in time, use your own judgement gl