Agile Hacking

Mon, 17 Mar 2008 18:57:40 GMT
by pdp

Help us create the best hacking reference/manual/book ever made. We provide the scene, the resources and the money, and you keep the credits and the control over the eventual profits. Read on.

During the next couple of months we are open for your submissions. The idea is to harvest the knowledge of the crowds in order to create the best hacker manual ever made. The process is very simple. We, as well as you, will commit new hacks, tips, tricks and techniques in the field of information security to our system. Each hack will be published under its author's Name and URL (blog, site, etc) on the blog under the title and category of "Agile Hacking". Once we have a good enough number of hacks, we will tip some money in, in order to make our mutual work into a book, which will preserve all the credits of its authors. The book will be available for a free download but also as a hard/soft cover printed version. If the book makes some money, you will decide how to spend them. It just cannot get better then that.

"Agile Hacking" like in quick and well-coordinated in movement or marked by an ability to think quickly, mentally acute or aware. Overall, a breathtaking experience. Keep it small, keep it simple, keep it agile!

For now, the entire thing will take the form of a mailing list which was build for the sole purpose. We would like to keep the process as simple and transparent as possible. However, if the crowd decides that this mechanism is inefficient, we will move to a more robust system. Keep in mind that the point is to harvest the knowledge of the crowd. If you want to be involved with managing the process, let us know. After all, it is a free/open project and everybody is equal.

Archived Comments

SophySophy
Does old exploits count like bufferflow exploits for BIND or are we just wanting to get new an innovative stuff?
vivekvivek
Does this means that even the basic things will do. Thats gr8! Can u tell me where do we have to submit these hacks? Thanks
pdppdp
although you are welcome to submit basic things as they will find place into the project, I, as well as others, will be more interested to see the methodology, the technique, the tip. Not a copy and paste from the nmap documentation :)
dexdex
also webapp related stuff?
pdppdp
more then welcome
dexdex
as you stated, if the reader don't understand whats going on, he should research til he's understanding... I agree not to write about stuff everyone should know, BUT there really should be links to good resources and good books covering the basics and for further reading, so you don't have to crawl the whole web...
pdppdp
my point is to provide information on a tip not a full-blown description on what the technology does. For example, if you are showing a trick with webdav then you should concentrate on that but not on what webdav is and what is used for.
dandan
This is a c00l idea, count me in!
defcondefcon
this idea pwnz, all the fuqn manuals on the web blow, most of the documentation online is outdated, plus a ton of elite black hat hackers sold out and turned whitehat, so this is an opportunity for everyone to prove their eliteness. Why dont we open a wiki? Like wikihacks.net/org eh? Both are available @ this minute, so lets get to work, im in, I got some trix, anyone else?
defcondefcon
There is not a manual/book/wiki in sight that has up to date hacking materials. Shit dude, lets bring back something like that anarchist cookbook and cook some shit up! lol... We can put together how to hack life, hack locks, social engineer, hack web apps, create b0f overfl0wz, new ways of exploitation. Lets all create something everyone can phear. defcon
pdppdp
defcon, I like your passion and I like your idea to start a Wiki. I agree with you, wiki seems to be the right type of platform for this type of project. Although, there are many wikies that were created for similar purposes and none of them are as active as we would like them to be. The reason for this is because content grows old with time. This is why, after careful consideration, we decided that by keeping the content chunked into small pieces, loosely joined, each one of which self-contained in a blog post, we will provide an agile platform which everybody will benefit from and no one will be pressured by the burden to main unmaintainable content and assure quality. Moreover, as you said. Most of the things on the Web are old so we should not start something that may eventually fade away with time. You, as well as me, would rather ensure the dynamics of this project. Let's keep it simple for now and see how it goes. If at some point the crowd decides that a Wiki is a better platform, we will start using that. What do u think?
MgpFMgpF
Something like the OWASP WebApp Sec Guide? ;)
pdppdp
MgpF, it wont be a testing guide or a procedure, but the best hacking reference everyone should have or have gone through - more practical, easier and less intrusive. From the community, for the community.
testtest
well. good luck with that. personally I don't think this will be significant.
pdppdp
I think that it can be as significant as we make it. and it is really up to the community. we just provide the boost and the facilities.
/pd/pd
this is kewl project .. heres an old page of mine http://hackingrfid.pbwiki.com/
SynJukieSynJukie
I'm in. I think it's a great idea.
SynJunkieSynJunkie
What are the timescales for having something up?
Awesome AnDrEwAwesome AnDrEw
I find this idea to be interesting, and will see if there's anything I could possibly contribute that might be remotely exciting.
Shoaib YousufShoaib Yousuf
Bravo pdp, Excellent and superb idea. Now that's what i called influential people in Information Security.... Keep up the good work. Cheers Shoaib
Shoaib YousufShoaib Yousuf
it will be more like a desk reference book. It will help security analyst, researches, pen-testers and to some extend auditors... it can be used as reference, manual, one stop resource, etc Great idea, count me in with all my support and help. Cheers Shoaib
vivekvivek
Dude, U can count me in too! Although I may not be as good as any of u.... But I will try to provide good material Cheers...
vivekvivek
Hey Mr. PDP Tell me if the demo is shown using a site. It is illegal right?
AodhhanAodhhan
I don't believe they are looking for zero-day, never before seen exploits. Take a few of your recent/favorite exploits/tests/projects, and walk through it. Annotate why it is of interest to you, your thought process, little things you learned along the way, bumps/obsticles, revalations etc. Bottom line is to keep it simple. There are many ways to get things done, and everyone has their own style. This is a chance to show yours. It is amazing how much one learns from teaching.
WarGameWarGame
It's a cool idea
nexnex
you can count me in, definately.
vivekvivek
Hey there, I have posted a document on RFI. It explains RFI in a little detail. I hope u all like it including Mr. rzn. Cheers!
ghostghost
Will this book cover all the attacks? Not just via the wire?
dripdrip
i hope i can contribute too..^_^ where do we send it?
spidergeusespidergeuse
Best Idea although definitely not out of the box. Stop trying to create 2 sides to test how robust the idea is, whoever is doing that - it does not help. Wonna criticize, let it be constructive. THE IDEA IS Definitely GRAND. Never mind how long it it takes get things going. Planning is essential - When the tank of contributions for the planning gets full, it will automatically "Flash" itself into a serious work stream. You know what i'm talking about all you have have d**ks and use the gents often. :-) Let this idea Live 4 long. Count me in(est)
spidergeusespidergeuse
If we could see (maybe only me), the date and time which contributions are made, we could figure out some trends of interest and how to get serious people involved. Let this idea Live 4 long
101001010101001010
Is it acceptable to write say a tutorial and have progress questions for the reader to work through or is this strictly a how to guide?
pdppdp
you can write it in whichever way you want. the final product will be a book, which will feature your work.
hugohugo
ambitious but with no direction. It will be useful when real hackers decide to give knowledge to your community book.
pdppdp
between the guys involved in GNUCITIZEN, we can write the book but that will defeat the purpose of the whole idea, right?
joephantomjoephantom
Cool project. PD: Don't feed the troll.
n2un2u
Reversing is a interest content?
albatrosh cwalbatrosh cw
this is kewl project
Amos TraskAmos Trask
how to join the mailing list?
pdppdp
what's up guys? we just moved the whole thing into V2 and I am very serious about the project, so let's get it rolling.
paulospaulos
Very nice idea! Of course if the words above are true. It's very hard to find interesting references/manuals to do something, and a book for free would by very good! I hope if you release this book you will upgrade it very often :) Nice nice, but aren't you afraid that because of this project many "script kids and newbies" will have a knowledge like f.e hackers with 10 years experience ......It would be sadly Although i support it
pdppdp
if many script kiddies have the knowledge of the guys with 10 years of experience behind their back, they aren't going to be script kiddies anymore. :)
Amos-TraskAmos-Trask
Did the wiki get removed? I can't access it.
pdppdp
it is still there but unaccessible at the moment. things are changing and I hope that we will be able to role out the new version soon.
deblindeblin
Well, the idea sounds nice, but you don't have to open a exploit or flaw database, this kind of stuff already exists. The best examples are milw0rm and openSec... If you talk about a forum where people can exchange and discuss ideas (sec related), those stuff exists too (e.g. governmentsec). For new exploits or 0days follow the mailinglists like bugtrack. And there are even good mailinglists for pentesters around. So what I basically want to say is that you have just to use already existent sources. If you really stick to the idea of that wiki, think about the maintenance problem. Even the real wiki got some of that issues. Just my 2 cents Deblin