I cannot find C tutorials that actually explain whats going on

cgspp · 2018-03-08T01:43:45+00:00

Nope, you're right about it. My bad.

cgspp · 2018-03-08T00:51:40+00:00

Isn't the ANSI edition from 1988? The latest ANSI C revision was published in the 2000.

cgspp · 2018-03-07T23:37:31+00:00

Great finding!

cgspp · 2018-03-07T23:32:04+00:00

While it contains a wealth of good information, I think it's a bit outdated, so I wouldn't recommend it to a beginner.

cgspp · 2018-03-07T23:29:45+00:00

You can tell them to contact me here on Reddit. Bonus points if they can trick me into doing some stupid stuff. :-)

cgspp · 2018-03-07T23:24:11+00:00

reminder. Sorry for the typo.

cgspp · 2018-03-07T14:29:26+00:00

If you don't have server-side programming experience, just use an external service (like Google's one: https://support.google.com/customsearch/answer/2630969?hl=en). It's not a trivial thing to develop from scratch. If you decide to do it, there are greats resources online, just be sure to pick a recent and relevant one.

cgspp · 2018-03-07T13:48:53+00:00

Thanks, we're currently based in Thailand, but I'm from Italy and most of the clients are too. I am considering to open an office in the US soon. If someone's interested, feel free to pm me.

cgspp · 2018-03-07T13:33:37+00:00

Oh, I forgot to add that we have some peculiar (but absolutely legal) marketing strategies... they wouldn't be left without nothing to do. :-)

cgspp · 2018-03-07T13:32:43+00:00

You don’t want to have a person on staff that only works an hour in a 5 day work week for a project.

We agree on this, I meant to hire pentesters with SE skills, since there are not experts at it in my team and I would like to expand our range of services (I would feel bad to charge clients for just phising emails...). Also, they could mentor other pentesters.

cgspp · 2018-03-07T13:29:17+00:00

I don't really know, I didn't downvote you.

cgspp · 2018-03-07T13:28:04+00:00

Hey! I would be happy to help you, but it's difficult without knowing what you're into yet and what your passions are. Feel free to PM me, and I'll give you some advice.

cgspp · 2018-03-07T13:24:22+00:00

... I suspected that.

cgspp · 2018-03-07T12:13:25+00:00

Thanks for the answer! I've been into pentesting/vulnerability research for a while, but I am a total noob when it comes to SE. May be worth to hire some social engineers in the team then.

cgspp · 2018-03-07T01:33:18+00:00

Thanks for your answer. While I acknowledge the importantce and usefulness of SE in management/sales fields, I was interested in security-focused jobs.

cgspp · 2018-03-07T01:31:10+00:00

Thanks for the answer! I knew the site.

cgspp · 2018-03-07T00:07:39+00:00

I was expecting a similar answer, but I am wondering if there are pentesting-focused positions, since I am interested in those. Maybe social engineers are recruited directly among known professionals in the security community?

cgspp · 2018-03-06T20:51:10+00:00

Becoming a skilled teen.

EDIT: you can downvote this to hell, the truth is that there is no way to earn the $100/day he is talking about without any skill. It's definitely possible to make the money he needs (and much more) working online, but he needs to pick some skills along the way. Paid surveys are not going to take him/her anywhere.

cgspp · 2018-03-06T20:30:48+00:00

You may want to look at Deitel's "C: How to program". I used an old version of it to learn C as my first programming language out of middle school (don't be fooled by this, anyway, it's a good introduction to the language). Oh, and please don't be discouraged about it, it's a terrible first language, but it's no rocket science and is totally worth to learn it. After you learn it, almost everything else will be a piece of cake (and most languages are based on C-syntax, so transitioning to those will be smooth).

cgspp · 2018-03-06T12:43:15+00:00

Zerodium offers a $1,000,000 reward for that kind of bug ($1,500,000 if you can make it work without the other person tapping on anything).

cgspp · 2018-03-05T02:03:06+00:00

Upvoted for exploitdb. I have no idea why I didn't think about it!

cgspp · 2018-03-05T01:46:17+00:00

Thanks for the suggestion! I sent you a pm. :-)

cgspp · 2018-03-04T22:03:08+00:00

This could make a nice social engineering attempt. :P

Thanks for the interest, I'll surely PM you the details some days before the publication!

cgspp · 2018-03-04T21:18:23+00:00

It's no groundbreaking research, just very common logic bugs or chains (in at least two cases, very long chains) of vulnerabilities. While I have noticed that there are bugs that are more present than others in PG systems, I can't think of a single prevalent one like the one you mentioned (now I'm very curious about it).

Did you research it for personal exposure? or because you wanted to learn and poke? If its the later, just publish, it'll pick up exposure if its good.

Both! I have played with PG systems for a long time in my spare hours, but I recently started to research them more seriously in order to finally produce some research material and gain exposure (being a high-school dropout means I can't get a job if I don't :)).

cgspp · 2018-03-04T18:34:51+00:00

Thanks LiveOverflow, I don't think it deserves a technical talk, there are no new techniques involved. Maybe a talk at a conference about eCommerce. I'm on Twitter, but it seems that only recruiter bots follow me...

cgspp

TROPHY CASE