[HN Gopher] Want to start hacking?
___________________________________________________________________
Want to start hacking?
Author : unripe_syntax
Score : 159 points
Date : 2022-07-27 13:41 UTC (9 hours ago)
(HTM) web link (about.gitlab.com)
(TXT) w3m dump (about.gitlab.com)
| braingenious wrote:
| I like how "having a computer science degree" counts as "zero
| knowledge" simply because this person didn't know what XSS meant.
| Their definition of a newbie is... unsatisfying.
| stn_za wrote:
| Lmao indeed
| dj_mc_merlin wrote:
| "Having a CS degree" (or equiv. experience) is basically
| baseline knowledge floor for hacking. It's not possible to get
| someone with 0 computer skills in May 2021, and have them
| cracking bounties by 2022.
| WelcomeShorty wrote:
| One of our most prolific bug bounty hunters did exactly that.
| And what is even more impressive / exotic is how he finds the
| bugs. With "just" a browser and very little Burping.
|
| Anecdotical, but it happens.
| samstave wrote:
| Where may I read more about said person
| groffee wrote:
| Honestly that sounds more like a problem with your code
| base rather than any exceptional skill.
| InfoSecErik wrote:
| Flat out untrue, I know a friend who started in the field out
| of high school and was getting DA in places before he could
| even drink.
|
| EDIT: My bad, misread your comment.
| sbmthakur wrote:
| What's DA?
| mcrooster wrote:
| Domain Admin. Total control of a Windows network,
| equivalent to having root on a Linux box.
| samstave wrote:
| Direct Access?
| foobarian wrote:
| Let's not even go into how the meaning of "hacking" or "hacker"
| was hijacked. :oldmanyellsatmoon:
| skrebbel wrote:
| This happened 30 years ago, maybe it's time to get over it.
| Tao3300 wrote:
| The former meaning is still prevalent and rising in use.
| Enough so that the story was confusing until I figured out
| which "hacking" they meant.
| vaylian wrote:
| That's a bit strange given that we're on hacker news.
| skrebbel wrote:
| Ask a stranger in a motel what they think "Hacker News"
| is about though. I too prefer the original meaning of the
| term but it's clear which meaning has "won".
| mxuribe wrote:
| I made my way into the coffee kitchen at work, and unplugged
| the power cords for all the coffee maker machines...instant
| productivity killer...making me haxor supr3m3!!! Kidding of
| course!
|
| While i agree with you on the hijacking of the term, i do
| support more people getting involved with security and
| especially security awareness. The more, the merrier! So,
| overall its a good thing, even if it creates a little pain
| for folks who are more kung fu gurus of the hacking way. I
| think a more general term like "security practitioner" might
| be more apt...but headlines gonna be headlines, hence writers
| gonna jazz things up with "hacker". Then again, what do i
| know.
| markus_zhang wrote:
| Yeah I think the original definition retains somehow in the
| hobbyists communities.
| implements wrote:
| "Can you hack-up a noddy to sort out that file corruption?"
| - Early 90's software house.
|
| (Very rarely seen "noddy" used to describe an extremely
| rough throwaway utility program since then, though)
| yjftsjthsd-h wrote:
| I would say so, considering the website we're on;)
| downrightmike wrote:
| Does the dark moon howl?
| jasonladuke0311 wrote:
| I recently moved into an offensive job after a few years doing
| secops and cloud security. I think his point about having a
| genuine interest in security and its offensive applications is
| really important. Self-learning never really felt like work or a
| chore because I really found it interesting.
|
| I'm also going to plug my favorite resource: Pentesterlab. I get
| nothing from this, I just think it's a great product. It's been
| my most used resource since I decided I wanted to be a pentester.
| I think I've seen Louis post here before, so if you read this,
| thanks for making a great site.
| ge96 wrote:
| I am aware of how some hacking is done but I've never had the
| interest to do it. Kind of interesting. Whether for good or bad.
|
| Side note I was watching briefly some John Hammond videos and the
| way they obfuscate/package say powershell command in a word doc
| image is pretty insane. I've heard of some other wilder ones like
| the Apple gif overflow attack.
| vorticalbox wrote:
| My favourite IOS exploit was from 2010 that targeted version
| 3.1.2 to 4.0.1
|
| It allowed to jailbreak with nothing more than a pdf with a
| corrupted font.
|
| https://www.intego.com/mac-security-blog/ios-vulnerability-a...
| claudiulodro wrote:
| I've always wondered: how lucrative is pentesting as a career?
| The work seems super interesting, and I've been fascinated by it,
| but do businesses see the value enough to justify paying >= a
| software engineer's salary?
| vsareto wrote:
| Pentesting related to national security or gov work can pay
| really well with a clearance (and the workload can be really
| light). I don't know if the private sector does pentesting pay
| better than engineering pay.
|
| I found most of the pentesting salaries came in lower than
| engineering ones, and I felt that pentesting was the more
| difficult job.
| futureproofd wrote:
| More code results in more bugs. You need to throw money at
| software developers to build something, anything really. Only
| then do you hire a 3rd party pen-testing company for a few
| days. That's the way it works in our shop anyway. It's
| unfortunate, but sometimes the expected velocity to achieve
| MVP glosses over best security practices.
| kdbg wrote:
| So "pentesting" often kinda defaults to "network pentesting"
| which is closer to an IT job than a software engineering job
| and its salary range (in general, as you specialize pay goes up
| regardless).
|
| But there is "application penetration testing" and just
| application security in general which tends to pay
| competitively with software engineering. And of course plenty
| of people do both at the same job.
|
| So pentesting can be competitive but it depends on definitions
| a bit. That said on the upper end, software dev tends to have
| more chances to get a big exit by being part of building
| something. In security you might be with a consulting firm
| where you have a slight chance at that, but its not common for
| a security guy to have that sort of big exit.
| buscoquadnary wrote:
| One thing that made me really reevaluate being a penteater was
| when I talked with someone who'd been a pentester for years and
| when I asked him about it he said it was basically just a mean
| type of QA.
|
| That being said right now security is becoming a very lucrative
| field and you know what to do to make money in a gold rush
| especially if you're a software engineer.
| [deleted]
| the_only_law wrote:
| I love hacking stuff. Hardware, software, whatever. Its one of
| the few things that get me engaged the way I was when I first got
| into programming. Unfortunately, I also lack the patience.
| whoisjuan wrote:
| Unrelated, but for some reason, the first image (of a keyboard)
| seems to be a DALL-E image. Many images generated by DALL-E have
| some common sub-perceptual characteristics in the edges or
| something.
| captn3m0 wrote:
| It's a cropped image of a special GitLab keyboard with a GitLab
| keycap for a giveaway:
| https://about.gitlab.com/images/blogimages/2021-gitlab-keybo...
| gzer0 wrote:
| Hmm, you might not be wrong about the DALL-E based image there,
| albeit, definitely some post-processing. This is what it
| generated for me https://i.imgur.com/T2DsBCq.png
|
| DALL-E will be an incredible tool against DMCA-scraper bots
| that just run rampant scanning for images that have a copyright
| and submitting to the registrar.
|
| DALL-E finally shuts this loophole down, for now at least it
| seems.
|
| EDIT: and it seems like the real keyboard was found! The mere
| fact that we are having trouble distinguishing a real or fake
| keyboard leads me to think of greater problems that will lie
| ahead; authorities or figures claiming they did or did not
| do/say certain things. The world of artificial intelligence is
| going to be an exciting time, that's for sure. :)
| incanus77 wrote:
| It seems real to me. Looks like someone swapped the six key
| caps. The more distracting thing is the `hack()` key font
| doesn't match.
| Ajedi32 wrote:
| I doubt it. DALL-E struggles with text, and the Windows logo is
| missing from the Windows key, which suggests a level of concern
| for trademark law that I doubt DALL-E possesses.
| whoisjuan wrote:
| Yeah maybe not. But the Dall-E images have similar
| characteristics. But I think you're right. This seems to have
| more post-processing than an AI-generated image.
| chelmzy wrote:
| Yah let me spend all my free time fixing problems for
| corporations that will pay pennies. Bug bounty culture is just
| sad.
| Test0129 wrote:
| Bug bounties are rather pathetic. As you stated it's doing
| grunt work for corporations that pay 10-100x less than the
| exploit would fetch on the market.
|
| I can only assume these capitalize on fame because it can lead
| to jobs in the industry. If it WAS about the money, and (not
| that I encourage it) your moral compass is sufficiently
| adjusted, there is far more money to be made selling the
| exploits for bitcoin elsewhere.
|
| Companies are saving an absolute metric boatload of money by
| having people work as red team for free, and only paying a
| pittance to solve most bugs (with some exceptions).
| Tao3300 wrote:
| > When not at the computer, he spends time with his family, or,
| more accurately, when he is not spending time with his family,
| he tries to do some bug hunting.
|
| I'm hoping that's hyperbole, but even if it is, the notion
| sickens me. I really hate the normalization of this idea that
| anyone who works in this field spends their 100% of their
| leisure time there as well. Get in shape. Make art and music.
| Build things. Be more than your job. Especially if you have a
| family. What kind of 1-dimensional example do you want to set
| for your children?
| imwillofficial wrote:
| Your reading comprehension needs Tweaking.
|
| The author is clearly showing His family as the priority.
|
| I have no idea what you're getting on about.
| 627467 wrote:
| > when he is not spending time with his family, he tries to
| do some bug hunting.
|
| OP must be interpreting the above statement which implies
| that this hacker is either with family or basically doing
| work related stuff, nothing else
| imwillofficial wrote:
| It's a tongue in cheek twist on the typical "I work too
| hard" meme.
|
| Basically OP is deriding the author when the author is
| subverting the exact same trope that disgusts OP.
| cinntaile wrote:
| It's you who misunderstands. He means that the time he
| doesn't spend with his family is dedicated to work (his
| fulltime job and the bug hunting) and that this
| 1-dimensionality doesn't set a good example.
| motohagiography wrote:
| I signed up for the popular bounty program because I was looking
| at implementing it in a public institution, and I wanted to see
| what the experience for them would be like. The plan was to
| approach the platform about us opening it to regional colleges so
| that we could a) scale our threat hunting capability with locally
| grown talent b) create an incentive across the sector for
| patching, and c) create a talent funnel in the local region to
| get young people with tech skills interested in working in public
| service.
|
| On the application I said my skills were a bit rusty because I
| hadn't done pro pentesting in about a decade, and the platform
| ignored it and wouldn't respond to followups. The institution has
| moved on to other priorities and the window to drive that change
| passed, but if there are any upstart platforms interested, a
| specialized version for regional public sector services that
| yields the outcomes above is still an opportunity. If the
| incumbent platform is starting to act like the incumbent, this
| may even be the bigger opportunity.
| bgilroy26 wrote:
| I periodically get nefarious Google Drive invitations to
| collaborate from stolen .edu addresses, so I hope you all are
| successful!
| cantnkrusswine wrote:
| erganemic wrote:
| I've had a background interest in getting involved in CTFs for a
| while now, but haven't yet made it a point to overcome the
| activation energy to do anything beyond Overthewire's Bandit. I'd
| be interested in hearing how other people coming from a pure
| software engineering background (+ associated Linux knowledge)
| got started. I run into a dependency graph where I'd like to join
| a team and learn from others, but I need some baseline skill to
| do that, which requires either a top-down approach of what feels
| like memorizing tricks that may-or-may-not apply to a given box,
| or a bottom-up approach of spending a ton of time learning about
| the fundamentals of networking and file systems (which is often
| nontrivial to convert into techniques that can be used in CTFs).
| I know for stuff like this the key is to just get started, and
| the understanding will follow, but I'm curious if anyone has any
| recommendations for how to do that.
| asciii wrote:
| I think you might like to watch this YouTube Video on "How The
| Best Hackers Learn Their
| Craft"(https://www.youtube.com/watch?v=6vj96QetfTg). David
| Brumley speaks about his experience with getting students
| integrated but the skill grid he shows might be what you're
| looking for.
|
| At some points, it is just getting to the answer no matter the
| method (algorithm, memory, quick trick etc.) At the end of the
| day, it's still just problem solving and learning existing
| tools better.
| kdbg wrote:
| This is a bit of a common trap, the idea that to do anything
| you must know everything. When you read writeups you see people
| just going from some bug to exploit and incorporating obscure
| bits of knowledge to make it happen. It feels like they must
| know everything. The reality is they probably spend hours or
| days banging their head against a wall having an intuition that
| _something_ is wrong but no idea how to abuse it or that there
| must be something. Spending hours researching until they can
| connect the dots. Those hours of frustration are not captured
| very well in most writeups.
|
| > I know for stuff like this the key is to just get started,
| and the understanding will follow, but I'm curious if anyone
| has any recommendations for how to do that.
|
| The single tip I give anyone getting started is:
|
| Follow all the rabbit holes.
|
| Seriously, all of them. Any time you have some random question
| come up, "Would doing X be vulnerable", "Could I exploit Y
| feature", "Why didn't this writeup author do Z", "How does A
| work", "Why send B this way instead of this way" ... all of
| them. When you have the question, just go spend the time to
| figure it out. Every rabbit hole you go down, even if it ends
| up being a dead end, is adding bits and pieces to your
| knowledge. Over time you build up an immense library of random
| bits of knowledge that you can draw from in the future.
|
| I have a blog post about getting started with manual
| vulnerability auditing:
| https://dayzerosec.com/blog/2021/05/21/from-ctfs-to-real-vul...
|
| While I wrote that with an eye towards doing binary-level
| exploit development against modern targets, the advice for
| doing manual auditing is pretty universal. It's like how to
| learn to program you actually have to write code, reading about
| writing code isn't enough. Practice against anything can be
| useful.
|
| I'll also leave you my favorite vuln research quote:
|
| "Frustration is a key part of exploit research and you must
| embrace it accordingly"
| badrabbit wrote:
| I am fighting this battle myself, absorbing and retaining raw
| knowledge is easy for me but I am not that good at CTFs because
| I don't practice RE and pentesting enough.
|
| One of my big regrets is spending too much time in chatrooms
| and forums in my 20s instead of practicing. Now I have less
| capacity to do that because I do this stuff (and love it) as
| part of my job, I need a break afterwards.
|
| In CTFs either I get distracted or I follow red herrings
| because of curiosity and waste time.
|
| One thing that helped me before and I am recently considering
| is getting rid of TV/netflix/prime and social media (maybe
| exempt HN? Lol) to help with time.
| kriro wrote:
| For pentesting (not bounties) I can recommend HackTheBox +
| IppSec on youtube. Watch a couple of his videos of retired
| machines to get an idea of the typical workflow (scanning, what
| to look for etc.). Focus on one type of easy machine (Linux)
| and then start working on the machines. Set a target to get all
| easy machines at first and go from there.
|
| I set up a Kali VM to do all my HTB stuff from and keep a
| notebook of my typical flow so the process is pretty simular
| for each box I attack. The easy boxes usually require you to
| somehow identify a waekness and use a ready made exploit for it
| (or some easily reproducable steps). Privesc is usually also
| pretty straightforward. However they are not supereasy by any
| means if you've never done this.
| fiveg wrote:
| I'm in a very similar position. Right now I'm working on
| tryhackme.com's junior pentester learning path. It's OK, but I
| think I'd be more excited to find a project or goal to focus on
| instead of a shallow overview of lots of topics (even though
| the context feels valuable). I'll finish the course, but I
| think I'll be done with tryhackme after that and go back to
| looking for something more specific the dive in to.
| EddySchauHai wrote:
| It's a little expensive but have you checked out the OSCP
| cert? It's the only certificate in tech that I think is
| almost unanimously accepted as a decent one as it's so
| practical. That might help give you a goal to keep learning?
| I'm going through it myself at the moment.
| fiveg wrote:
| I have thought about this actually. It sounds really
| interesting but at $1500 for 90 days of access I'll need to
| make sure to find a time when I don't have much on my plate
| for 90 days. How much time per week do you feel you need to
| dedicate to it? Are you enjoying the process?
| EddySchauHai wrote:
| They've changed this recently actually, its $799 for 12
| months of lab access and some entry level certs. I signed
| up for this and will pay the extra for the OSCP once I'm
| ready!
___________________________________________________________________
(page generated 2022-07-27 23:01 UTC)