DEF CON Forum Site Header Art


No announcement yet.

hack course

  • Filter
  • Time
  • Show
Clear All
new posts

  • hack course

    I am at the beginner level. Can I ask you for your recommendations on practical hack examples

  • #2
    Originally posted by meczaa View Post
    I am at the beginner level. Can I ask you for your recommendations on practical hack examples
    It really depends on what you want to hack and what you mean by hacking.

    Before that, most any kind of hacking in any area required some knowledge about the tools or how to build and use the tools associated with the area of interest.

    If your interest is in Red Team "hacking" then search google for tools related to Red Team hacking and explore their use. A fairly well established tool in this space has been "Metasploit" which can be loaded with sample exploits and references to CVE for services they are used to target, but they are often without payload, as Red Team people are often performing security audits and are paid to find problems, not create them. Seeing how the exploits work requires some understanding of the service being audited, and understanding some programming languages to understand how the exploit works, what it does, and work to create your own PoC payload to test on your own hardware or lab.

    There are other areas for hacking, which include other disciplines. "Reversing" , "Fuzzing" , reverse engineering, are also sometimes useful, but both require some understanding of programming languages. One tool many are using for some of the analysis with these is "ghidra" , giving you an example search term to look for.

    Maybe lock-picking is an area of interest? Then learning about the tools associated with that would be a good path. Start with concept of disk or wafer locks and jiggler keys, then pin tumbler locks with conventional picks, rakes, and tension/torsion wrench or "pick gun" or "bump keys", maybe move on to tubular locks/ace locks and tools for them and more.

    The world of rooting your mobile device was once something people with a hobby and interest could do trivially, but as mobile device manufacturers seek to lock consumers out of their devices, an escalating war of complexity has raised the requirements for these to force specialization in this field. I suspect most of the advanced in rooting mobile devices are kept secret, and occasionally discovered by a security researcher that chooses a bug bounty or disclosure or both over sale to private entities that are paid to compromise mobile devices. This would be harder to get into than other areas of hacking.

    There are many more.

    Find which area you are interested in hacking, then search for tools related to hacking in that area of interest. Then learn about those tools, and test them in your own lab on your own machines. Once you understand how they work, then you can consider work on your own "0-day" : this usually requires finding an unknown security issue in a thing, then finding a way to exploit it, and completing a process with a PoC. (Proof of Concept.)

    If you have zero coding experience, and no knowledge in any of the areas associated with hacking, then another route to take is to find people near you with a similar interest to the areas you are interested in hacking, and learn with them. Teaming up with people near you that know about the areas of interest you have can help you spend your time efficiently, helping you focus on some of the more important tools / knowledge.

    At DEF CON, there are miniature opportunities for things like this in games which allow for teams with experience at different levels. Review contests available and then learn about elements in that contest then consider joining a team for that contest. Few teams in contests are willing to accept a new member on their team with zero knowledge and nothing to contribute, so spending time to learn about tools related to the contest of interest before asking to join a team is a good idea. The more you are able to learn about, the greater your value to a team.

    There are multiple contests for multiple areas of focus at DEF CON, and many hacker conferences. There are sometimes regional hacker groups like 2600 groups or DEF CON Groups which meet to educate each other on various topics.

    Choose: Decide on your area of focus.
    Find: Search food tools related to your choice. Examples: use search engines, libraries, social circle, classes, etc. to find out about popular tools associated with that area of focus.
    Learn: Learn about using those tools: on your own, in classes, watching videos, online presentations, etc.
    Practice: Test your knowledge by using those tools on your own hardware in your own lab.
    Evaluate+Branch: Use the results of your testing to ask more questions about the results, and jump back to an earlier step in this list which would help you answer new questions.

    Learn about your area of focus so well, you can bend things to do things which they were not designed with novel and useful results -- a common definition of hacking, and the assumed definition I used when creating this reply.

    Good luck!
    Last edited by number6; September 19, 2021, 23:47.


    • meczaa
      meczaa commented
      Editing a comment
      Can you recommend me some good youtube channels

    • number6
      number6 commented
      Editing a comment
      Usually, youtube channels are limited topic covering content the owner of the channel wishes to cover.
      This brings you back to the first steps in identifying which area of interest you have in hacking, then searching for content related to that.
      I don't spend much time on YouTube, so I have no list of channels I've reviewed for good content.
      As suggested before, identify a tool you want to learn about, then search for content covering use of that tool.
      The advice applies to YouTube as well.