[Req] Guide for exploit dev,reversing, malware etc

guide

(ITnet) #1

Yo guys. Hope this thread is not posted in wrong section and neither dupe.
Let’s get straightforward to the question.

I’m now 17 years old and I want to go for exploit dev, malware analysis, reversing, exploitation(Kernel, windows, system, applications etc)

But to be honest there are a lot of video tuts + ebooks and you are like what books to read which are outdated? what kind of topics this book covers is it according to my need or not? and a lot…

Please, can any experience exploit developer/reverser/malware analyzer guide in taking books?
I’m currently having experience of C (Will go for C++) and Assembly ( Reading these days a book named assembly language step by step 3rd ed by Jeff) and want to get better in assembly, there are books such as professional assembly language, x86 assembly & fundamental of c and others here = Books
In addition, do I need more to learn about programming such as Java, C#, PHP, Javascript, SQL, SWIFT, Objective- c etc.

I read another thread in this forum which was about C and C++ but people also discussed about Win32 API and the experts suggested the ( Microsoft Doc ) is the Best resource but what about the books of : 1) windows via c/c++ 2) Windows programming by Charlez Petzbold (If i haven’t written wrong) 3) windows programming 4th edition by Johnson M.Hart
Aren’t they good enough? or for some other reason are not recommended?

There are another books such as Windows internals (A lot on this title), Kernel, Reversing, Malware analysis, Exploit Dev, etc.

Please can anyone sort out these books for learning like me (Noob) :): .
One last thing about linux the book: The linux programming interface and Advanced unix programming which one to take ?

BTW, I have asked too many and may be I’m so much stupid that I writing this stuffs but anyway let this question be saved in this from Database :wink:
One last thing good books for learning C++ ( as i know c and asm little bit :blush: ) and the network side (socket).

Best Regards

P.S: Sorry if I have spammed too much.


#2

I hate to be the one telling you the truth but since not many will dare to do so, I will.

Your approach and mindset will only cause the reverse of what you are expecting. You can’t expect to learn something you are interested in based on experiences of others. Why is that? Simple. Every person is different and learns differently. There is no correct book or resource. What if I tell you “yo go grab this book, it’s awesome”, and you can’t make any sense out of it? Will you stop learning this subject because it seems tough? Probably. But what you should do is grab every-single-resource that is out there and read them all. The key to in-depth understanding from my point of view is reading the same subject by as many people as possible because every single one of them may mention something the other didn’t, which will help you get a clearer image of a concept. That’s why just one book or one tutorial will never be enough. Just grab 'em all and start reading.

From my little experience in the era you are interested in, you better love theory more than practice, otherwise you will quit sooner than you can possibly imagine.

My two cents:

  • Write small C programs and disassemble/reverse them. That’s the best way to learn assembly + practice on online challenges.
  • Read a lot of research papers/books to master the theory from which the exploits and malwares are based on.
  • Repeat.

Another two cents:

http://www.pentest.guru/index.php/2016/01/28/best-books-tutorials-and-courses-to-learn-about-exploit-development/


(The C# Dude) #3

That’s exactly my answer when I get asked how I learn! When I started to learn programming, I read each and every Python tutorial I could find out there :smile:. Everytime when I haven’t understood something, I just held it in mind and later I stumbled upon it in another guide again, which covered it more in-depth. Probably, I love that approach that much because I’m a big fan of theory :wink:.

I would be interested in your ways of learning! Maybe some others here want to share their ideas?


(pico) #4

I fully concur with @_py and @TheDoctor. Just read as much as you can and at some point you will start knowing things, and you will find, at the same time, the path that better suits you… In that trip you may learn about stuff even more interesting that infosec :stuck_out_tongue_winking_eye:


#5

While @_py is right for the most part, he forgot to say an important thing: if you don’t understand the source, leave it. Don’t waste time reading something that doesn’t make sense to you!

However, that is NOT the same as giving up! What I mean by “leave it” is to search for something that explains that part better so you can understand it, it is NOT to give up! Quiters don’t win!

-Phoenix750


(oaktree) #6

Documentation allows you to think on your own and learn how to design better software. It makes it easier to take note of all the tools you have. Tutorials usually show you one way to do something, and that works at first, but proficiency comes from immersing yourself in the capabilities of an environment…


#7

What @oaktree said is absolutely right aswell. Learning from tutorials doesn’t teach you a lot. The best way to learn things is to set challenges and use documentation to accomplish your goals.

For example when I learned Python: I had a challenge for myself to make a program that would take as many inputs as the user wants and calculates an average of that. So I asked myself the following questions:

  • How do I take inputs and store them?
  • How do I do math in Python?
  • How can I output the results?

And for those, I looked into the documentation. If the documentation doesn’t provide, use Google. Every programmer, even the l33ts, google their stuff. I’d say that any programmer who hasn’t googled something at least once in his project isn’t a human.

-Phoenix750


(oaktree) #8

Or they used Bing… Those savages!


#9


(Co-Founder and Part-time Fool ) #10

This is actually really helpful you raised this. There are probably a lot of people with the exact same question but have never asked.

You probably have helped a tonne of people already.


(ITnet) #11

Thanks folks for the tremendous responses and really appreciated :smile:
Can anyone please sort out what steps to go in order to have the best approach toward the reversing,malware analysis,exploit etc?

I mean the prerequisites…


#12

Not sure, But I think just googling research papers on exploit development is the best way.

Good luck out there!

-Phoenix750


(oaktree) #13

You must learn to forward before you can reverse.


(oaktree) #16