+- Sinisterly (https://sinister.ly)
+-- Forum: General (https://sinister.ly/Forum-General)
+--- Forum: The Lounge (https://sinister.ly/Forum-The-Lounge)
+--- Thread: I've hit a wall with websec (/Thread-I-ve-hit-a-wall-with-websec)
I've hit a wall with websec - meow - 06-07-2016
I'd say I've spent a good 4 or 5 years absorbing all of the knowledge I can about web security, and I feel like there's nothing else for me to do. I've felt this way for a few months and I've gone around trying to see if there's anything new to learn but I just can't seem to find anything, web security is getting repetitive and boring. I've tried challenging myself with wargames but all of them are either too easy or they regex your input when there really should be more than 1 solution. I have a very strong base in PHP, I'd say the only thing left for me to do is learn JS, but idk how much that would accomplish since it's not really useful except for XSS and editing pages of dumb admins who use client-side filters, and even then, you really don't need to be a master of JS to be able to do either of those things. I also thought about learning languages such as Ruby on Rails, Django, etc but realized that would be pointless since the attacks are more or less the same regardless of the language. The only thing I feel like I'm lacking in is black-box testing experience since I don't go around targeting random websites and no one took me up on my service.
What to do? Is it time for me to dive into OS-level stuff?
RE: I've hit a wall with websec - insidious - 06-07-2016
Join the darkside and come with me into the world of C and Assembly
But i'd say go to whatever interests you. If OS-level exploitation interests you, start learning that kinda stuff.
Right now, I've decided that I wanted to learn a bit about networking (because that's one of my weakpoints and I was interested in it) and so far it's been really interesting.
I think part of becoming a 'good hacker' is exploring what interests you, and becoming an expert in that area. That's just my opinion, though.
RE: I've hit a wall with websec - meow - 06-07-2016
insidious15 Wrote:Join the darkside and come with me into the world of C and Assembly
But i'd say go to whatever interests you. If OS-level exploitation interests you, start learning that kinda stuff.
Right now, I've decided that I wanted to learn a bit about networking (because that's one of my weakpoints and I was interested in it) and so far it's been really interesting.
I think part of becoming a 'good hacker' is exploring what interests you, and becoming an expert in that area. That's just my opinion, though.
I agree, I've actually been wanting to jump into low-level things for a while but I thought I'd feel guilty for giving up on websec. Now I can say I'm ready to leave websec.
RE: I've hit a wall with websec - Dyme - 06-07-2016
Audit code and find a valuable vulnerability for some well used software. Make an exploit and use it/sell it/disclose it. Good way to see if everything you've learned is actually useful or not.
RE: I've hit a wall with websec - meow - 06-07-2016
Dyme Wrote:Audit code and find a valuable vulnerability for some well used software. Make an exploit and use it/sell it/disclose it. Good way to see if everything you've learned is actually useful or not.
I've already done those things, I'd rather not do it again just for the sake of seeing if what I learned was useful. It's a lengthy process unless you happen to strike gold with grep or something, I'm sure you'd know.
RE: I've hit a wall with websec - pvnk - 06-07-2016
time for you to join hackforums.
RE: I've hit a wall with websec - Inori - 06-07-2016
If you have the time, connections, and resources, whitehat work is pretty fun.
On the topic of learning stuff, like you mentioned, learn js. Once you get comfortable with pure browser stuff, move to Node. It's a desktop implementation, so it's only granted there's a large os and system library so you can easily transition into that, plus you'll already know your way around the syntax and everything.
Also, like @"Dyme" said, auditing code is good practice when you get bored. Not explicitly for finding vulnerabilities, but possible optimizations and redundancies.
Edit: learn uncommon languages that can still be used for servers (like brainfuck, apparently) to mess with people
RE: I've hit a wall with websec - mothered - 06-07-2016
(06-07-2016, 04:28 AM)Primitive Wrote: time for you to join hackforums.
And thereby waste his life dealing with the Incompetence of nearly every member on that board.
I take It your comment Is based on sarcasm.
RE: I've hit a wall with websec - Zeus - 06-08-2016
You could try to exploit major websites and report the vulns to their "bug bounty" programs. You might even earn some spare cash that way.