It's just a crutch for idiots. The parts of it that are the most useful can be recreated in about an hour and reused across whatever projects you want. The actual design code ultimately will be replaced by the designer anyway so why even use Bootstrap in the first place?
Decent tier : >software development (Java/C#) >mobile app development >advanced DBA >UNIX family system administration >basic network administration, basic forensics
Good tier : >low level programming (C / C++) >orchestration and administration of large amount of servers >embedded programming >fullstack dev (non hipster web shit) >web pentesting >basic reverse engineering (basic cracking) >advanced network administration
Wizard tier : >kernel module/graphic driver development >game graphic/physics engine >raytracers or other low level advanced graphic application >non pleb pentesting >parallel programming and advanced optimization theory >actual reverse engineering (keygen creation, hardened software cracking, unpacking)
Elder wizard tier : >government grade 0-day exploit discovery (Flash/JVM...) >cryptographic attack discovery >compiler theory and development >whole OS development (terry davis style) >top tier reverse engineering (complex device rooting/jailbreak)
Vulnerability analyst/exploit dev here. Kernel mode and user mode. Elder wizard tier according to >>47146267.
I've done most of the shit on these lists from hardware support, helpdesk, IT, frontend dev, backend dev, enterprise application development, and device driver programming. We all have to start somewhere.
Don't let some nerd tell you that you aren't wonderful. You are wonderful anon, all of you. Keep working hard.
>>47146571 >>47146666 I'm really interested in this kind of stuff. Been reading Hacking: Art of Exploitation and watching OpenSecurityTraining vids, but so far it's pretty passive learning. What do you guys suggest for hands-on learning? I imagine I'm not going to get very far as a newbie just popping open a random program in a debugger and looking around.
Also, what are some good places to go for technical info on recently discovered exploits? I want to see how the big boys do it.
>>47146768 Go on shodan and poke random things. Once you find something interesting see if you can find any obvious exploits. If not then try to find the device firmware and binwalk it. Spend a bunch of time reverse engineering it and try to get a root shell.
>>47146768 I posted this in a thread last night with very few responses, I'm just going to pasta it in this thread.
Assuming you want to be able to find vulnerabilities in modern computer systems and exercise them to gain native code execution:
You need to become very well versed in how computers and operating systems actually work. You need to know how code gets executed, how programs/libraries are loaded, how the operating system manages threads and memory, and many many other things. You will also need to become very proficient at reverse engineering compiled binaries.
I didn't start out with the goal of becoming a "hacker". I just started out programming in C. Then I started to see the kinds of things that happened when my programs were not written properly. As I did more and more research, I found out that people were leveraging the sensitivities of native code execution to exploit undefined behavior. From there on out I changed my way of thinking. I always look at how things work and what assumptions systems make, and how I might be able to subvert those systems based on their assumptions. I have been doing this for about 18 years now, and while I didn't go to college, I spent most of this time studying. Knowing the ins and outs of memory managers, calling conventions, kernel security mechanism, memory protection, thread scheduling, heap layout and tons of other things allows one to manipulate those systems.
There isn't a lot of information out there that is any good. There used to be back in the 90s, but a lot of that is gone now. You have to learn for yourself. One good tutorial that is still around however is Lena's reversing tutorial. Thats a good start for reversing. Also, despite its corny ass name, "hacking the art of exploitation" is a decent book. What you really need though is motivation. Chances are, if you are not motivated to figure it out for yourself, you'll never succeed.
>>47146885 Oh also, for examples search for PoC (proof of concept) code for CVEs, and then try and understand how/why it works. exploitdb has a lot of PoC code, but the shit on there isn't as complex/interesting.
The way the "big boys" do it is via fuzzing and reverse engineering.
So I like trouble shoot but I don't want to be doing thing too difficult, essentially I want to fix problems in a company environment that average retards cause. I was looking into a system administrators but in my research I have found two conflicting points. Here and some other places goggling it is essentially describe as a somewhat tech literate neet who sits around on his ass all day waiting for problems to arise, some anon here said his days were just doing his own coding and then he would answer tickets. Goggling around I found guys saying it was a living hell, 12 hours of stupid people constantly dragging you off to fix their problems and in the end you gets nothing done except become a caffeine addict. Other than I was considering becoming a desktop analysis.
>>47146828 >>47146885 >>47146934 Also interested in this. Will be graduating CS soon and I really like the security side (all kinds of). Did some course on security, played some wargames and been joining in some CTFs which seems a great way of getting some hands-on experience. What are entry level jobs (with Master degree in CS engineering) in security should I be looking for. Or any I should certainly avoid?
>>47146768 My advice would also be: Play some wargames. overthewire.org smashthestack.org and many others offer security challenges in all kinds of ways. And if you played some and like it have a look at upcoming CTFs. See https://ctftime.org/ctfs You might have some team in your neighbourhood that regularly joins these which could be a great place to advance your knowledge.
In my CS course the kid who always mentions info sec (wants to be a hacker) is a complete idiot. Asking my professor retarded questions that can hardly be deciphered when it's a 101 course we're learning friggin python .
Basically, the hackers will either be self proclaimed and retarded or just truly understand what thier doing. It's over my head and I'm not living In some fantasy like most of my classmates are. Sad really
Im joining the airforce in a couple months with the guarenteed job of cyber systems transport. It's basically a low level network engineer. Anyone have any backround info? Is this pleb tier or does it have potential to become wizard tier? I know experience isnt shit without an education so I'm gonna get all my college done paid by the military. What major is best? I've shifted away from comp science because its a sub major of math....and I fucking hate math.
>>47147481 >Im joining the airforce in a couple months with the guarenteed job of cyber systems transport. It's basically a low level network engineer. Anyone have any backround info? Is this pleb tier or does it have potential to become wizard tier? I know experience isnt shit without an education so I'm gonna get all my college done paid by the military. What major is best? I've shifted away from comp science because its a sub major of math....and I fucking hate math. >I fucking hate math Yep, you will fail to become anything wizard tier in computers. You will be lucky if you ever get to Decent Tier if you hat math that much.
>>47147268 If you are interested in real security and want to learn crazy shit, work for the gubment or a cleared defense contractor. If that's not your thing, try mandiant, microsoft, fireeye or some other company along those lines.
If I were you, I'd stay out of pentesting, security compliance, or being responsible for implementing secure systems. Implementing secure systems sound fun/interesting, but remember, very few, if any, companies give you carte blanche to do your job. Instead you'll put forth a great plan, just to have it slashed by the CTO or some other piece of shit with a helpdesk level of understanding.
The NSA developmental programs are kick ass. You get a lot of exposure to many different types of security work. Or you could just apply for a regular job. Read the job descriptions though, some of the job titles are vague/unclear, but if you read the actual content, you should be able to get a decent idea.
>>47147481 The AF will make you wizard tier if you want, but you'll need to get that CS degree. They are pushing the cybercom shit really hard right now, so if you get a CS degree and play your cards right, you'll likely end up being embedded at the NSA or some other USCC posting. The AF has a really good relationship with the IC.
>>47147471 This is something every tech literate student will have to deal with when doing some sort of computer related course. 70% of the year are tech illiterate retards who just about know how to copy and paste and log into facebook, a guy in my year didn't know how to turn a computer on and I quote >I don't even like computers but I heard it pays good money. One guy payed my friend 20 euro for Microsoft office because he didn't know how to torrent. 25% of the year will be tech literate and maybe even like computers. And the last 5% will be those guys who live and breath computers but just need a degree to back them. There is two middle eastern guys in my year who make the rest of us look like dumbshits, one guys spent 8 hours making really really good notes for an up coming exam and gave them to everyone who asked, the guy acted like it was just a normal things, he scores high in all his exams. The other guys is a bit of an autist but he is really good at programming, he has been doing it for years but again needs the paper to say he can do it, he is always doing his own projects and when ever we get an assignment that takes the rest of weeks he will have it down within two hours.
>>47147471 Thats pretty much how it goes. Infosec (I fucking hate that word) is a magnet for charlatans. Most of the people I know who are legit didn't learn that shit in school. Some have CS degrees, but they figured out the exploitation themselves.
>>47147625 >If you are interested in real security and want to learn crazy shit, work for the gubment or a cleared defense contractor. If that's not your thing, try mandiant, microsoft, fireeye or some other company along those lines. Alright thanks for the input.
>If I were you, I'd stay out of pentesting, security compliance, or being responsible for implementing secure systems. Implementing secure systems sound fun/interesting, but remember, very few, if any, companies give you carte blanche to do your job. Instead you'll put forth a great plan, just to have it slashed by the CTO or some other piece of shit with a helpdesk level of understanding. I know this is a major issue that needs to be addressed. It's much cheaper to weave security in from the beginning than trying to mend broken shit in the end. Currently there is a big gap between security experts and general developers. The latter often have zero security awareness. Read Enterprise Software Security: A confluence of disciplines if you want to know more about it.
>The NSA developmental programs are kick ass. You get a lot of exposure to many different types of security work. Or you could just apply for a regular job. Read the job descriptions though, some of the job titles are vague/unclear, but if you read the actual content, you should be able to get a decent idea. I'm not an american though so that's not really an option.
>>47147788 > I'm not an american though so that's not really an option. Well, there goes that. Chances are though, whichever country you're from has similar positions in their intelligence services/military. If you're from one of the five eye countries (UK, Aus, NZ, Canada) their systems are very similar the US. In fact, some of them even come to work at the NSA for a tour.
I might check out that book sometime. Currently, it (decidedly) isn't too relevant to my job. I've dealt with that issue in person in the past and it wasn't fun. You're right, there is a huge technical disparity between the people writing the applications and those who are tasked with securing them.
>>47147820 >There's worse things than fucking with exploits Yea, there are tons of things worse than writing exploits. I love writing exploits, its a ton of fun, I don't think I'll ever be able to go back to any normal dev job. I've definitely seen some shit tier compiler code.
I actually don't mind sepples either. Kind of annoying to reverse sometimes though, but that's beside the point.
Ok thanks for your input, would you reccomend I only do one term (4 years) or stay and do 10~. I feel like 4 years doesnt give me enough time to get my bachelors...and I was planning on using the GI bill to completely pay for my masters once I get out. Also I heard that certifications are the shit if you wanna build a solid resume. What certs are actually worth it...I know there must be some out there that are pleb tier and dont mean shit. Also I'm pretty sure I get top security clearence by default, is that worth anything or no
Static analysis of binaries is fun tough, maybe going to look into a combination of static and dynamic analysis for shitty php crap next. You know, because that's the main cause of breaches. Idiots + php.
>>47147972 If you're responding to >>47147658 I'd recommend you stay in until the AF gives you a TS//SCI (unless you already have one), get you a bachelors, and you do at least one tour through an operational cyber posting. Even if you just do a 6 month tour through the agency, you'll be worth a ton of money. You won't need to fuck around with a masters degree.
The military and NSA don't pay the greatest, but the companies that try to poach you are.
Either stay in until you get hooked up, or bail now, use your GI bill to get a CS degree, and then apply for an NSA development program.
>>47147993 That sounds interesting. There is probably a TON of VA that can be carried out in an automated fashion, which would be awesome. It would be really nice to have security programs that could tell you if there was a vulnerable program on a machine. Those are the kind of vulnerabilities that skids with metasploit are able to take advantage of and steal your credit cards and shit. While unsophisticated they pose the largest economical threat, and it would be awesome to eliminate them. Idiots armed with PHP definitely need someone to look over their shoulder. Would be great to see something that could effectively and reliably find those vulnerabilities before they end up in a password or cc dump.
I've heard of a lot of people doing sysadmin work remotely and being able to bail for a few weeks. Sounds pretty cool, thank god for ssh.
>>47148643 Most often it is because managing systems is a fulltime job. Developers have to be available to write/maintain code. If they were managing large systems all the time, nothing would get done.
Developers need to know how to write programs effectively to take advantage of the system/database. Managing large systems in another story, and another job.
>>47148333 >earning 100k us dollars >like 8k a month >this isn't enough to live comfortably in the land of freedom Just how high is the standard of living in the US? I'd be happy to earn more than 50k euros a year once I graduate. That'd be more than my working-class parents make combined
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from them. If you need IP information for a Poster - you need to contact them. This website shows only archived content.
If a post contains personal/copyrighted/illegal content you can contact me at email@example.com with that post and thread number and it will be removed as soon as possible.