Author Topic: What Should I Learn Next?  (Read 2437 times)

0 Members and 1 Guest are viewing this topic.

Offline Matriplex

  • Knight
  • **
  • Posts: 323
  • Cookies: 66
  • Java
    • View Profile
What Should I Learn Next?
« on: December 06, 2013, 02:59:04 am »
So far I think I have done pretty well with teaching myself web security and how it is broken into. I have learned about LFI, RFI, XSS, SQL injection (yes I know..), and learned PHP, XHTML, HTML5, CSS, and am now learning JavaScript.

However now I am really not quite sure where I should go next? Should I just move on to a completely new topic, like processor exploits as explained in Hacking: The Art of Exploitation V.2, or continue with another subject of web security?

If web security what would you guys suggest I learn about next? Thanks.
« Last Edit: December 06, 2013, 02:59:24 am by Matriplex »
\x64\x6F\x75\x65\x76\x65\x6E\x00

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: What Should I Learn Next?
« Reply #1 on: December 06, 2013, 02:59:39 am »
What do you want to do next?
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline Matriplex

  • Knight
  • **
  • Posts: 323
  • Cookies: 66
  • Java
    • View Profile
Re: What Should I Learn Next?
« Reply #2 on: December 06, 2013, 03:03:13 am »
What do you want to do next?

I would like to learn more about web security actually.
\x64\x6F\x75\x65\x76\x65\x6E\x00

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: What Should I Learn Next?
« Reply #3 on: December 06, 2013, 03:15:29 am »
Well do that then. You could learn about injections on other kinds of databases(I'm assuming you've only tried with MySQL or something). Learn Postgre SQL. Learn about Oracle vulnerabilities.

Really though, I doubt you've learned everything there is to know about XSS, LFS, RFI, and SQLi. There's always more. Can you perform blind SQL injections? Learn about attacking with HTML5 or HTML vulns in general. There's so much.
« Last Edit: December 06, 2013, 03:15:54 am by lucid »
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline Alin

  • Peasant
  • *
  • Posts: 56
  • Cookies: -4
    • View Profile
Re: What Should I Learn Next?
« Reply #4 on: December 07, 2013, 12:06:23 am »
So far I think I have done pretty well with teaching myself web security and how it is broken into. I have learned about LFI, RFI, XSS, SQL injection (yes I know..), and learned PHP, XHTML, HTML5, CSS, and am now learning JavaScript.

However now I am really not quite sure where I should go next? Should I just move on to a completely new topic, like processor exploits as explained in Hacking: The Art of Exploitation V.2, or continue with another subject of web security?

If web security what would you guys suggest I learn about next? Thanks.
So.. You won the bullshit bingo and know the terms LFI, RFI, XSS, and SQLi as well as the "languages" PHP, XHTML, HTML5, and CSS.. In other words if I gave you a test you would probably fail every single one?


You should learn your shit, you don't know web hacking by knowing the terms... Get back to the drawing board and get to hacking some shit...

Offline Matriplex

  • Knight
  • **
  • Posts: 323
  • Cookies: 66
  • Java
    • View Profile
Re: What Should I Learn Next?
« Reply #5 on: December 07, 2013, 04:28:50 am »
Well. That was a little rude to be honest.
I don't mind being negatively criticized if I deserve it, however right now I don't believe I do.
These forums were made for people to learn and discuss hacking and security. If you don't want to contribute to that I think you'll find that you have a hard time fitting into this society.

"languages" PHP, XHTML, HTML5, and CSS..

Yes. They are languages. And yes, I have learned them.

You should learn your shit, you don't know web hacking by knowing the terms... Get back to the drawing board and get to hacking some shit...

I did learn my "shit", if I hadn't why would I be here now, would I? I would be "back at the drawing board hacking some shit."

Maybe you had a bad day or something, and if so I don't blame you for coming on here and flaming a person you don't know jack about. But please, next time refrain from doing so because all it does is add negativity to the environment and put other people down.

I'd be grateful if I got a serious answer from a mature person (like lucid, thank you very much).

@lucid

I'll check out Postgre and Oracle, I'd heard of them but never really looked into it.
You're right, there is so much out there, and I don't think I'll ever learn it all. Hopefully I can learn enough to have the knowledge be of use one day though.
Thanks for the suggestions!
« Last Edit: December 07, 2013, 04:31:26 am by Matriplex »
\x64\x6F\x75\x65\x76\x65\x6E\x00

Offline Uriah

  • Sir
  • ***
  • Posts: 454
  • Cookies: 42
  • άξονας
    • View Profile
Re: What Should I Learn Next?
« Reply #6 on: December 07, 2013, 07:21:50 am »
I would say continue learning much more javascript and server side programming.

As far as vulnerabilities go, CSRF is another pretty big one you should know.

JS is the big language on the web right now, and, as server side JS is growing in popularity, that knowledge will be increasingly useful.

Perhaps learn Ruby and then ruby on rails, python and then django. Try to improve your knowledge of all these different server side languages/frameworks to widen your horizons.

Try learning some frameworks as well. They are used by many people at once, so a vulnerability found in one could be very interesting.

If web security is what you'd like to do, there are plenty of options. Good luck!

Offline Alin

  • Peasant
  • *
  • Posts: 56
  • Cookies: -4
    • View Profile
Re: What Should I Learn Next?
« Reply #7 on: December 07, 2013, 11:47:04 am »
Well. That was a little rude to be honest.
I don't mind being negatively criticized if I deserve it, however right now I don't believe I do.
These forums were made for people to learn and discuss hacking and security. If you don't want to contribute to that I think you'll find that you have a hard time fitting into this society.

Yes. They are languages. And yes, I have learned them.

I did learn my "shit", if I hadn't why would I be here now, would I? I would be "back at the drawing board hacking some shit."

Maybe you had a bad day or something, and if so I don't blame you for coming on here and flaming a person you don't know jack about. But please, next time refrain from doing so because all it does is add negativity to the environment and put other people down.

I'd be grateful if I got a serious answer from a mature person (like lucid, thank you very much).

@lucid

I'll check out Postgre and Oracle, I'd heard of them but never really looked into it.
You're right, there is so much out there, and I don't think I'll ever learn it all. Hopefully I can learn enough to have the knowledge be of use one day though.
Thanks for the suggestions!


Sorry for my outburst, I must admit to have had a little too much of alcohol, but the opinion I wanted to express is still the same. Why go looking for new topics to learn, when you most likely still have a lot to learn about the topics you known of?


You most definitely should not go and read the art of exploitation. You could, but it wouldn't be useful at all as you would end up knowing of a lot of thing, without actually being able to do anything useful with them at all.

Offline techb

  • Soy Sauce Feeler
  • Global Moderator
  • King
  • *
  • Posts: 2350
  • Cookies: 345
  • Aliens do in fact wear hats.
    • View Profile
    • github
Re: What Should I Learn Next?
« Reply #8 on: December 07, 2013, 01:55:27 pm »
The Art of Exploitation is for more of local attack vectors. If your wanting web stuff, then like suggested learn more server side stuff like advanced javascript and ruby and stuff.

Although that book will explain and go over concepts universal to what your wanting to do. So meh, both I guess. Read the book on leisure to get concepts and theory, and pursue web things on a more forward approach.

I would also say, don't focus too awful much on hacking and the exploit side of things. Build these systems yourself. Make a webserver and a site and learn how that is done as well. Then try and break it.
>>>import this
-----------------------------

Offline Matriplex

  • Knight
  • **
  • Posts: 323
  • Cookies: 66
  • Java
    • View Profile
Re: What Should I Learn Next?
« Reply #9 on: December 07, 2013, 06:02:39 pm »
Sorry for my outburst, I must admit to have had a little too much of alcohol, but the opinion I wanted to express is still the same.

No problem, we all make mistakes :). And point taken, I do need to learn everything I can about these exploits. I'm just going to learn other things at the same time.

@techb and @Uriah

Thanks for the advice, I'll go check out making my own webserver. I created a small local one for writing some PHP, but I'll look into creating a whole server using all of these languages.
Never knew that Ruby was used in servers, but then again I don't know much about Ruby anyways.
By framework I assume you mean something like one the .NET's? Time for some research :)

Thanks again for the advice, it's very helpful
\x64\x6F\x75\x65\x76\x65\x6E\x00

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: What Should I Learn Next?
« Reply #10 on: December 07, 2013, 10:50:34 pm »
Well. That was a little rude to be honest.
Indeed it was. Unnecessary as well. But, apologies have been made so no harm done. Good luck on your endeavors. Honestly, my best advice is to just do it because it's fun. Don't worry so much about "getting all the required knowledge in" or "doing the next steps your supposed to take."

If you do it for fun you'll find the knowledge will just flow right in.
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline Uriah

  • Sir
  • ***
  • Posts: 454
  • Cookies: 42
  • άξονας
    • View Profile
Re: What Should I Learn Next?
« Reply #11 on: December 08, 2013, 07:16:39 am »
By framework I assume you mean something like one the .NET's?
I was talking about server-side frameworks like ruby on rails, cakephp, expressJS, django, etc. :)

Offline Matriplex

  • Knight
  • **
  • Posts: 323
  • Cookies: 66
  • Java
    • View Profile
Re: What Should I Learn Next?
« Reply #12 on: December 09, 2013, 03:24:00 pm »
I was talking about server-side frameworks like ruby on rails, cakephp, expressJS, django, etc. :)

Ah, okay I'll look into those. Never heard of them actually, so good thing I asked :)
\x64\x6F\x75\x65\x76\x65\x6E\x00