Remix.run Logo
gosub100 2 hours ago

You were rude but I understand what you mean. People can obviously Google "reverse engineering tutorial" or something similar. And certainly "what are good resources for X" can be a way to signal interest in something, get people to respond, and not necessarily do anything about it. But I think the most charitable interpretation of that question is they want a group consensus for the best place to start, since Google might return a heavily promoted site that had deprecated info. I remember years ago people hated "cplusplus.com" because out of a volume that is the size of a textbook, it had a few bad examples. So instead they promoted cppreference. (For learning C++).

I think we should conclude people want to maximize learning while minimizing wasted time, hence they ask for the "best resources". Even though the question seems tiring at times (when I was on reddit I heard this constantly, and cynically projected that very few people actually used the resources they requested. But I solved this problem by quitting/getting banned from Reddit and never looked back).

palata 31 minutes ago | parent [-]

> can be a way to signal interest in something, get people to respond, and not necessarily do anything about it.

I can explain my intent, since I asked the question :-).

"Signal interest in something in the hope of starting a discussion with people who share that interest and may have interesting stories to share".

I loved IRC for that. I could join a channel, ask a question and sometimes someone knowledgeable would engage in a discussion with me. Often nobody answered, but because IRC was "ephemeral", I could ask again another time, and another one, hoping to eventually find someone interested.

> I think we should conclude people want to maximize learning while minimizing wasted time

In my case (and I want to believe that in many other cases), it's really just that people (me, here) would like to have some human interaction about a topic.

I know how to learn, I was not asking about that. I was trying to start a conversation with humans, that's all.

gosub100 6 minutes ago | parent [-]

> I was trying to start a conversation with humans, that's all.

Totally fair, and I'm sorry you got a hostile response.

My (very low-value) opinion is don't waste your time learning how exploits work. Yeah it's kinda neat seeing clever misuse of components. But there is very little upside to investing in that knowledge.

0. You look at old exploits and marvel at them for a while, but they are long ago patched and technically useless.

1. You waste a bunch of time looking for a sploit but don't find one.

2. You find one but nobody cares, you don't get street cred. The sploit is patched in the next release, and you don't get back your time spent finding it.

3. You find a sploit but all you get is a thanks from the billion dollar company, followed by a patch.

4. You create an exploit and use it maliciously or sell it to a criminal syndicate. you are a criminal. Or you get sued because it's a civil/copyright issue.

5. You find a sploit and other people treat you as a criminal even though you didn't do anything with it. You even intended to help.

6. You find sploits but still can't get a job as a white hat because other people who found more sploits got the job.

The only good outcomes are:

7. You found a very clever sploit and got a bounty for it.

8. You got hired in cyber security and get paid for sploits or countering them.

9. You seriously just love decoding machine instructions and find joy from making it do unintended things.

Overall, I think the risk/reward ratio is suboptimal for this field unless you go black-hat which is obviously fraught with moral and legal hazards.