Abesti wrote
Reply to comment by Raxalor in Friday Free Talk 20/11/2020: With extra Friday by mofongo
Instead of red-teaming (which pentesting is basically working for The Man), why not getting into hacking the pure way like learning RE and developing tools since you have dev skills?
Raxalor wrote
I have to choose a 'safe' career, because I have people whose quality of life is directly tied to my ability to pay rent and buy groceries. I would absolutely love to get into Reverse Engineering, but I don't personally see a practical way of getting a stable income down that route.
And my dev skills are atrocious, I've probably written less than 5000 lines of code to date :/
Abesti wrote
RE is useful for vulnerability discovery and exploit development and these two are basically the back-bone of Infosec. All the big-name discoveries on exploits like Shellshock, Stagefright, Meltdown, etc? All done through RE. Doing Infosec without knowledge and skill in exploitation won't get you far in the industry.
I don't even have a college degree and all I have is a GED but that didn't prevent me from become a full-time exploit developer and malware coder. Most exploit coders aren't great at coding, my codes are nasty to debug, but finding new ways to code and make things work differently are more important than keeping the code clean.
Hacking, RE and exploit dev are about thinking outside-the-box
Raxalor wrote
I'm absolutely open to the idea of getting into old school hacking, RE, and exploits (like, it's my dream). Do you know of any good resources for getting started in it?
The only thing I already have is Hacking: The Art of Exploitation 2nd Edition
Abesti wrote
I maintain a git repo for misc book stuff (just download them, Gitlab can't read pdf larger than 1MB), feel free to take a look.
CTF like https://www.hackthebox.eu/ is a good place to get practice for beginners. I believe Raddle also have a community that discuss these.
Raxalor wrote
Thanks, I'll give that a look through!
I went on a quick search online for exploit development and reverse engineering to try to answer my own question and I'll just add some of the resources I found for anyone else that's interested:
https://github.com/guyinatuxedo/nightmare
DAY[0] Discussion - Learn Exploit Development While Not Dying
Bezotcovschina wrote
Wow! The whole your repository is stuffed with cool and useful stuff. Big tanks!
Viewing a single comment thread. View all comments