Programming for Hackers - Preview

Download
File
Programming for Hackers - Preview.pdf

Dear readers,

Today's issue of Hakin9 is dedicated to programming. There is an ongoing question whether programming skills are essential to being a good hacker. Most agree that knowing how to code is necessary, although not obligatory to become a hacker, as it will definitely help you understand some techniques and processes. If you know how to code, you will be able to dissect code and analyze it, and to write your own scripts or your own hacking tools.

We decided to  focus mostly on Python. Why? Because Python is an extremely powerful language and it easy to learn at the same time. With Python you can achieve your results with minimal coding, and it does not need to be compiled.  I strongly recommend reading Python for hackers: Extract gold from systems by Adrian Rodriguez Garcia and The dangers of metadata by Verónica Berengue. In the first one you will learn about data extraction from Microsoft Windows systems and the second one will focus on extraction images and PDF documents. More about Python and its capabilities can be found in Programming In Python, Forensic Analysis For Network and Programming for hackers.

Samrta Das and Prasoon Nigam prepared two tutorials about Burp Suite, one of the most popular tools for performing security testing of web applications. Their step-by-step articles will help you use Burp’s features easily and efficiently.

There are a lot more articles inside, and I hope that you will find something interesting for yourself there.

We want to thank you for all your support, we appreciate it a lot. If you like this publication you can share it and tell your friends about it! Every one of your comments is important to us. Special thanks to Beta Testers and Proofreaders who helped with this issue.

See you next month!

Enjoy your reading,

Hakin9 Magazine’s

Editorial Team


>>If you want to buy this magazine click here <<

>>If you are a subscriber, download your magazine here!<<

>>Table of Contents<<

Programming exercises 

Useful links and sources 


Python for hackers: Extract gold from systems

by Adrian Rodriguez Garcia

First, we’re going to talk about what kind of information it’s useful to extract from a system and why it’s important. Then, with Python language and the enormous power of its libraries, we will demonstrate how to extract basic information from a system and how to monitor and extract data from the file system, processes, network connections and keyboard. Finally, we will talk about a possible way to manage the data extracted using Big Data technologies, like Apache Kafka.


What is Burp Suite?

by Pprasoon Nigam

The Burp Suite or a (Manual) Proxy tool is an intercepting proxy tool that intercepts all the traffic (Request and Response) which is sent from Client to Server and vice versa. The primary job of the Burp Suite Proxy tool is to intercept regular web traffic, which goes over Hypertext Transfer Protocol (HTTP), and with additional configuration, encrypted HTTP (HTTPS) traffic as well. Burp Suite can be used to intercept any client-server communication that goes over HTTP.


“I always tell people: learn a programming language that will help you achieve your goals” 

Interview with Laurence Bradford, the creator of Learn to Code With Me


Understanding CyberCrime and CyberCriminals

by Colin Renouf

In this article we will look at what we mean by cyber crime and set its boundaries, i.e. what distinguishes cyber crime from other types of crime; and look at the criminals that commit such crimes and their motivations. This understanding is needed to deter the criminals from attacking in the first place; and after they have attacked, determine what forensic information is required and what approach is needed to be able to successfully prosecute the perpetrator.


Programming for Hackers

by Amit Ranjan

When an input transfigures a use case to an abuse case, it's become a successful hack. A successful hack signifies that the software program isn’t coded with resilience against that input; it may be an inherent vulnerability in the programming language (crashes that can become exploits) or an insecure implementation (bugs and flaws) by an ignorant programmer. The thought process in hacking has long been dominated by payloads that can subvert barriers put in an implementation. Of course, there are practices of developing exploits that need a hacker to be aware about programming languages, probably more than a developer.


The dangers of metadata

by Verónica Berenguer

The extraction of metadata is one of the biggest dangers that exist related to the files and that people ignore. Metadata extraction will be addressed and advice will be given to avoid risks. In this article, we will introduce the world of programming for hackers, specifically, the extraction of metadata using Python from images or PDF documents.


Harnessing the lesser known “Burp macros” for Penetration Testing Web Apps

by Samrat Das

In my penetration testing career so far, while performing fuzzing of parameters and page field in web applications, I did encounter some challenges relating to session handling. In multiple cases, the application used to terminate the session being used for testing, this either happened due to some security countermeasures (for example: getting unsafe input, the session used to get logged out) or in other cases, say the Burp spider/ crawler used to fuzz the logout page parameters and terminate the session.


“Python developers are such a large and diverse group, how could they not have a podcast?”

Interview with Michael Kennedy, the creator of Talk Python To Me Podcast


Source Code review

by Atul Singh

Source Code review is a process which discovers hidden vulnerabilities, design flaws, and verifies if key security controls are implemented. Code review helps developers learn the code base, as well as help them learn new technologies and techniques that grow their skill sets. In source code review, we are using a combination of scanning tools and manual review to detect insecure coding practices, backdoor, injection flaws, cross site scripting errors, insecure handling of resources, weak cryptography, etc.


Wireless Hacking Tools

by Souvik Mal

We know that everyone is curious about Wireless/Wi-Fi hacking. Even I was curious about Wi-Fi hacking when I was a teenager. But before hacking something, we need to be familiar with the working mechanism of Wi-Fi technology. So before starting, Here’s a little a bit of information about Wi-Fi technology, mainly its security. And one more thing, this is totally for educational purposes only. Let’s start…


Programming In Python Forensic Analysis For Network

by Julio César Pérez Barbosa

Much has been said about Python being a programming language that is too easy and very efficient for programming, in our case, for hackers.We will not go into detail in the syntax, nor in the programming structure with Python, but it is necessary to see a little of the great range of the forensic analysis.Within the forensic analysis, there are several application points: mobile, networking, cloud, or local equipment.In our case, we will use forensic analysis at the networking level programming with Python, so let's start. We will be making a small sniffer and we will do it little by little, strengthening it as we go.


>>If you want to buy this magazine click here <<


Download
File
Programming for Hackers - Preview.pdf

August 20, 2021
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.