reuf/gist:b40b7572c5c8052586287fe34bc63ff4

## gistfile1.txt
I am answering this question in a hope Phishing attackers on Quora, who are upvoting my answers in an attempt to get me to click on their profile and visit their phishing website, will read it (and upvote it of course). The answer will be fun, keep on reading.

I will answer as if I am acutally speakig to the phisher who is trying to take me on.

Yo phisher, my friend, your tactic is shitty.

Your phishing attack on Quora(also on FB, Instagram, etc.) goes like this:

You are a “girl”, with a generic name, e.g. “Kimberly Armstrong”, looking 20–25, and having scanty photo of some random girl, and you upvote my answer.
On your profile there are zeros on all your stats. There is only a link to your webpage.
You generated your shitty phishing link, on some Kali Linux, that is using Metasploit with Meterpreter(or similar) as a payload. I know you would like me to click on your website and would like to see if my machine is exploit-proof (and I know you are hoping it isn’t).
But instead of me clicking the link I report your profile as a phishing attack to Quora. Kudos to Quora for immediately blocking your profile after I reported you. In the end you just wasted your time creating those 3-4 profiles.

Let me give you a short step-by-step course from the trenches on how to do it properly. Use-case: Balkans. Adapt to different region as necessary.

Disclaimer for religious Muslims: https://sunnah.com/bukhari/56/236 | https://islamqa.info/en/10138

Disclaimer: This is a hypothetical scenario on how to to perform phishing attack in the Balkans. Any character in the following scenario is strictly hypothetical, and you can rotate Serb/Croat/Bosniak/Albanian/Macedonian/Montenegrin.

https://en.wikipedia.org/wiki/Deception

https://en.wikipedia.org/wiki/Disclaimer

Phishing attacks in the Balkan region goes something like this. For this use-case, I'll make the Bosniak the antagonist, so as not to hurt the feelings of other nations.

Sudo lives in BiH and he is a phishing attacker. Phshing attacker is called Sudo (not Linux "sudo", Sudo is a nickname in BiH for people called Suad or Suvad - famous song: https://www.youtube.com/watch?v=6ko7ZIj358E).

Serbs and Croats don't really like Sudo and Sudo wants to do phishing attacks on them.
Sudo buys a phone with two sim-card slots specifacally for purpose of phishing.
Sudo buys one Serb telecom card and one Croat telecom card.
Having these phones is also necessary if you would like to have Viber contacts further on.

Sudo creates one Serb girl fb profile and one Croat girl fb profile using phone numbers which Sudo turns on and activtes in some random area, far away from where Sudo will operate, so that when GSM tower box registers and records location of the first use of Sudo's phone, Sudo doesn't get compromised later on dependning on what kind of damage Sudo wants to do.

After Sudo is done registering profiles, he then turns off the phone, takes out the batteries, he donsn't need it anymore. It is just a liability from than on. This phone is to be used for this purpose, and this purpose only. After all, all Telecom operators today need to implement a system which makes it possible for govermant security agency to track phone location for the past 6 months and are able to pin-point where you were with a preicison of 50 meters or so at any time you dialled or sent/received SMS. All they need is a court rulling which allows them to pull the data which all Telecom providers are ordered to keep by law.

Sudo finds some nice, white-looking, decent, relativley moral, fair-skin-toned, catholic, Hispanic girl from Latin America or the Carribian. Instagram is full of open profiles of all sorts of girls. Kind of girls looking to get attention, job opportunity, glory, etc. Satan got the better side out of them, and they ditched their moral Catholic advice of their grandmas in return for showing their bodies to male sons of Satan. Sudo is not looking for top-models, it would be too obvious. What Sudo is looking for are girls with family photos, photos with small fluffy dogs, etc. Sudo chooses Latin America, because these are good candidates, since nobody in the Balkan region has contact with them or has them as friends, there is extremly low chance FB or anyone else will identify a mirrored account. So how do you find a quality, fair-skinned, Hispanic girl? Google: "Top 100 girl names in Columbia". Google: "Top-Name-1 Instagram", "Top-Name-7 Instagram", and sure enough hundreds of these pop up. If you were however in Latin America, you of course would all of the above, you would just reverse the process and pick top 100 names in Serbia or Croatia and you know the rest.

Sudo now invests in developing his girls profiles. Sudo starts posting smart quotes of Ivo Andric, Mesa Selimovic. Sudo posts Balasevic songs. Sudos like all the Croatian natioanlistic groups. Sudo like all the Serbian nationatlistic groups. Friend requests start pouring in (Thank God Sudo is not a women on FB, it is like a zoo out there).

The year is full of holidays, events, (jack-pot is if there are elections, since now Sudo can take sides and Sudo can attract people who are lieaning towards HDZ, SNS, or as such), news that celebrate nationalistic heros. Sudo make a calendar of these holidays and Sudo makes sure to post on Serbian profile everyhting and anyhting that glorifies Serbs and relevant heros/saints/events, on appopriate dates of course. Same for Croats. All sorts of Chetniks and Ustasha get hooked on. On Croatian profile Sudo glorifies NDH, Ustasa, HDZ, etc. On Serbian profile, Seselj is glorified. Sudo picks out random quotes from famous Seselj book: http://www.samomudr.ru/d2/Sheshel%20V.-Ideologija%20Serbskogo%20nacionalizma-2002.pdf - Chetniks are hooked and all of them want to marry you. Facebook is cool with it. Just don't be overly Nazi/Fasist. Zuckemnberg won't mind, after all scanty girls are just a source of ad revenue for him.

Every now and again Sudo get some Bosniak Muslim Salafi inviting Sudo openly to accept Islam. Sudo realize that Sudo's nation is just as screwed as theirs due to all the psyhopaths roaming through FB profiles.

Albanians, Kosovars, Macedonians are as guilty as much as the other nations and they are trying to contact Sudo's girls.

On the Croatian girl profile, Serbs like Croatian girls, so Sudo have equal amount of of friend-requests/followers from Serbian male corpus as well as Sudor Croatian male.0.5:0.5

Sudo has that one Macedonian guy who likes every thing that Sudo post and he is glued to Sudo. After all Sudo are a potential miss universe since Sudo are from latin america.

In case of Serbian girl, not so much, the odds are 0.2:0.8. Croats detest poorness of girls, plus they are stingy.

Every now and then Sudo hit the wall with some sexy photo of Sudors, that is Sudor hypotehtical-self.

Sudo get about 1000 requests per day. But Sudo play it smart. Sudo don't accapt everyone. Most of these are profiles of shitty, no-good people. Sudo is not up for that. Sudo is looking for those rich guys, guys with university degrees, guys with police/military backgrounds, guys with cars, money, influence. Guys who work in some political party headquorters. Sudo is patient.

Every morning Sudo dedicates 1-2 hours and reply back to messages Sudo recieve.

Sudo are well-read, educated, smart, latin-looking girl who happens to be Serb/Croat.  Plus Sudo look like miss Universe. Plus Sudo are moral catholic/orthodox girl who knows her religion inside-out. Sudo impress them in all sorts of ways. They are all fascinated with Sudo.

Year passes by.

Sudo has now hundreds of guys who want to sleep with Sudo and dozen who would marry Sudo with their eyes closed.

By the end of the year Sudo has established human-like contact with around 20 quality targets, 10 Serbs, 10 Croats. All are high value targets. The rest of the guys are infected with bots and can be utilized to do DNS attacks. Sudo hasn't created any damage yet, nor does Sudo really want to. Sudo want to be stealthy, Sudo wants to track them and use them only when necessary, one at a time.

At some point in time Sudo realize you can boot websites and drive traffic by asking these armies of friends/bots to go to his ad-sense embedded websites. Hell, you are making money, so the investment of time wasn't all for nothing.

Sudo gets a chance to talk with bodybuilders from Balkan, or former Balkan war veterans, living alone with their dogs in all sorts of places throughout Balkans. Types of guys that have lost meaning in life and are just few alcohol drinks away from blowing their brains out and are in extreme need of a female company, or at least a friend willing to listen to their problems and help them soothe their depression.

You will receive proven, tested tips from the trenches, on how to get 5000 male Balkan friends on a FB in a week. You will finally realize that meterpreter is a shitty approach and that psychological techniques are much better. That is why 70% of successful attacks are primarily human-psychology and human-error based. And instead of trying to damage people, you can use these armies of friends to advertise stuff and drive traffic to your Adsense websites and make money.

To make the whole process fun, Sudo plays this Russian jazz in the background: https://www.youtube.com/watch?v=qsL3a4-pEr4

That completes it.

---

Another fun project for you. Instead of following me, ask/email


Joining a security agency at the nation-state level would the best option, because governmant is behind you and you are basically paid to do your security research, if this is what forifills you. When you join security-research groups at that level, you will have a lot of financial resources at your disposal and only imagination and your invetivness is the limit. To see what kind of programs are financed by what country, here are links:
https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects#United_States
In USA, especially these two:
https://en.wikipedia.org/wiki/Boundless_Informant
https://en.wikipedia.org/wiki/PRISM_(surveillance_program)
If you are able to join these programs, that is where all the action is happening.

Second best option, if you are going to become security expert, is to form a security club either at some local organization or at some university (you should continue PhD and focus your will-power in this area than). While at your organization or university you should probably join/form a security-research group and have dedicated meet-ups where you will discuss ideas, do projects, look for ideas on how to monetize whatever it is that you are going to do. The more people you can get into a group, the better. The more brains in one place, the better. The fact that you can discuss ideas, plan attacks, give advice to each other is more valuable than just you browsing alone and trying to do learn how to do damage here and there.

Tools of trade:
There are number of standard tools that you should try out and learn and get comofrtable using. These tools, methods, and ways on how to work with companies/institusion that need and want security services are outlined in the penetration testing standard available at this page:
http://www.pentest-standard.org/index.php/Main_Page
Be sure to througahly read that and start getting familiar with all the tools mentioned there. The sandard is created by dzoens of top secrutiy expewrts in the field and it outlines what it means to have this as your main profession. The standard was devised based on millions of hours of top-level security researchers.

Main things that you are going to attack in your research
Computer within a Network
Mobile Phones
IoT deivces (e.g. IP Cameras)
Vehicles

For software security tools these are the most important links:
https://github.com/sbilly/awesome-security
https://github.com/ashishb/android-security-awesome
https://github.com/jaredthecoder/awesome-vehicle-security
https://github.com/x0rz/EQGRP
https://linuxsecurity.expert/sec

For hardware tools you should get as much of these as possible and play with them, they can become very handy:
https://hakshop.com/pages/kits
https://hakshop.com/collections/all
https://www.youtube.com/user/Hak5Darren/videos?disable_polymer=1
If in Balkans:
https://www.spijunskaoprema.org/
https://www.youtube.com/user/MrNELENELE1/videos?disable_polymer=1

There are number of security researchers that you should follow, who are citniually opening new security issues, holes, etc. You should follow those located in Israel, China, Russia, USA. These are countries who are competing to be the best in the industry and are throwing cash by loads at people who are willing to do this 24/7.
Netanyahu made his personal mission several years ago to make Israel one of top 5 cyber-security technical-know-how companies, and as of last year they are: http://nocamels.com/2017/01/netanyahu-israeli-cyber-trump-tweet/


Example researchers to follow (Google: "Top security researches NAME-OF-COUNTRY")
Yuval Elovici - Ben Gurion University, Negev, Israel, head of Desutshe Telecom Laboratires there, his life mission is dedicated to Security
https://scholar.google.com/citations?hl=en&user=ruZDm9QAAAAJ&view_op=list_works&sortby=pubdate
Example of excelent article of his: USB-based attacks - https://www.sciencedirect.com/science/article/pii/S0167404817301578
Asaf Shabtai:
https://scholar.google.com/citations?hl=en&user=k-J7GfgAAAAJ&view_op=list_works&sortby=pubdate
Guang Gong:
https://scholar.google.com/citations?hl=en&user=i2vwkRMAAAAJ&view_op=list_works&sortby=pubdate

All the articles that you find on Goole Scholar can be downloaded thanks to Russians and Chinese and their main websites:
http://sci-hub.cc
http://libgen.io
These sites get knocked down from time to time, but there are always mirroring wbesites, just google and look on the first/second page.

To understand the seriousness of the situation, watch this lecture NSA TAO chief gave recently, and the only one of that kind. It is a rare instance where NSA openly tells you what they are able to do to you, and I congratulate them.
https://www.youtube.com/watch?v=bDJb8WOJYdA
Some things you will find out:
- They have an army of about 5000 personal whose sole job is to look on how to destroy all USA enemies in the cyber-world and anything IT-related.
- If they are unable to get to you through digital means, they call their sister CIA and she physically makes way for them to access whatever they want.
- Wiping your hard-drive to become anti-virus free means nothing, since they have the source codes of all the hard-drive producers, source code at the level of hardware and have the ability to bypass anything you might think you can use to protect yourself - they sometimes know the code better than, e.g. Kingston disk makers.
- If you are a target and you buy a laptop from amazon/ebay - they will intercept the shipping, take the laptop, install tracking tools on it, and send your shipping right to you without you realizing anyhting bad has happend.
- etc.

For those aspiring to become security professionals, to get really inspired, watch this BBC Spy reality show that was publically aired only once after it was produced (thank God for internet):
https://www.youtube.com/watch?v=NPs_Ln8ArVs&list=PLfeduzA1hQ3IVdh_moOrNHjxXjYSuevxa

Lots of hacking books are crap, these ones are decent and fun to read:
https://www.amazon.com/Advanced-Penetration-Testing-Hacking-Networks/dp/1119367689
https://www.amazon.com/Social-Engineers-Playbook-Practical-Pretexting/dp/0692306617
https://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/0470639539
https://www.amazon.com/Unmasking-Social-Engineer-Element-Security/dp/1118608577/

Around 70% of successful hacks happen due to social engineering and ability to manipulate people. If this answer gets more than 100 upvotes I will write an answer to another question detailing how Phishing attack is done in the Balkans -> https://www.quora.com/What-are-different-types-of-Phishing-attacks

Who/What are valubale targets:
- Enemies of your people
- Medical instituttions/institues and their medical research (can be monetized)
- Any university/instituon that produces machines/vehciles/tools/weapons - CAD/CAM design files that can be stolen and sold off
- Entertainment industriy / Gambling-Betting industry
- Political enemies
- Journalists

Example IoT attack.

Example attack from the trenches:
Chines company is selling cheap IP Cameras (less than $100):
The camera is acompanied with Android app that you can use from anywhere and watch your camera at home or wherever you placed it.
The way they code their mobile app through which you can watch camera on the internet is such that they left their REST API open and unprotected. The password is sent using plaintext and anyone who knows basics of Burp Suite can get access to about 1,000,000 sold cameras (around 300,000 are active). The Cameras have night-vision and you are able to rotate them. You can even speak through them. And they have memory cards where they keep records up to 3 months.
When they are eamiled and warned of security issue, they do nothing - they simply don't care - all they care is profits.
Types of places people put cameras:
- Russian caffe - guy watches over employees
- Argentina - family watches over thier old dad who cannot move and is sitting in a chair all day long.
- Hair sallon in Serbia
- Guy watches over two woman who are obivusly sex-slaves somewhere in China
- Guy watches over his office workers in Germany
Countless other examples.
Lesson: Don't buy cheap IP cameras from China.

Example attack from the trenches:
You are in the Balkans and you know how to manipulate people due to politics.
You create girl profiles and you get about 1000 male-friend-requests per day per profile.
You use these profiles then to route traffic to your ad-sense sites and make profit this way.
It is horrific how easy it is and how the world is like a zoo.
	I am answering this question in a hope Phishing attackers on Quora, who are upvoting my answers in an attempt to get me to click on their profile and visit their phishing website, will read it (and upvote it of course). The answer will be fun, keep on reading.

	I will answer as if I am acutally speakig to the phisher who is trying to take me on.

	Yo phisher, my friend, your tactic is shitty.

	Your phishing attack on Quora(also on FB, Instagram, etc.) goes like this:

	You are a “girl”, with a generic name, e.g. “Kimberly Armstrong”, looking 20–25, and having scanty photo of some random girl, and you upvote my answer.
	On your profile there are zeros on all your stats. There is only a link to your webpage.
	You generated your shitty phishing link, on some Kali Linux, that is using Metasploit with Meterpreter(or similar) as a payload. I know you would like me to click on your website and would like to see if my machine is exploit-proof (and I know you are hoping it isn’t).
	But instead of me clicking the link I report your profile as a phishing attack to Quora. Kudos to Quora for immediately blocking your profile after I reported you. In the end you just wasted your time creating those 3-4 profiles.

	Let me give you a short step-by-step course from the trenches on how to do it properly. Use-case: Balkans. Adapt to different region as necessary.

	Disclaimer for religious Muslims: https://sunnah.com/bukhari/56/236 \| https://islamqa.info/en/10138

	Disclaimer: This is a hypothetical scenario on how to to perform phishing attack in the Balkans. Any character in the following scenario is strictly hypothetical, and you can rotate Serb/Croat/Bosniak/Albanian/Macedonian/Montenegrin.

	https://en.wikipedia.org/wiki/Deception

	https://en.wikipedia.org/wiki/Disclaimer

	Phishing attacks in the Balkan region goes something like this. For this use-case, I'll make the Bosniak the antagonist, so as not to hurt the feelings of other nations.

	Sudo lives in BiH and he is a phishing attacker. Phshing attacker is called Sudo (not Linux "sudo", Sudo is a nickname in BiH for people called Suad or Suvad - famous song: https://www.youtube.com/watch?v=6ko7ZIj358E).

	Serbs and Croats don't really like Sudo and Sudo wants to do phishing attacks on them.
	Sudo buys a phone with two sim-card slots specifacally for purpose of phishing.
	Sudo buys one Serb telecom card and one Croat telecom card.
	Having these phones is also necessary if you would like to have Viber contacts further on.

	Sudo creates one Serb girl fb profile and one Croat girl fb profile using phone numbers which Sudo turns on and activtes in some random area, far away from where Sudo will operate, so that when GSM tower box registers and records location of the first use of Sudo's phone, Sudo doesn't get compromised later on dependning on what kind of damage Sudo wants to do.

	After Sudo is done registering profiles, he then turns off the phone, takes out the batteries, he donsn't need it anymore. It is just a liability from than on. This phone is to be used for this purpose, and this purpose only. After all, all Telecom operators today need to implement a system which makes it possible for govermant security agency to track phone location for the past 6 months and are able to pin-point where you were with a preicison of 50 meters or so at any time you dialled or sent/received SMS. All they need is a court rulling which allows them to pull the data which all Telecom providers are ordered to keep by law.

	Sudo finds some nice, white-looking, decent, relativley moral, fair-skin-toned, catholic, Hispanic girl from Latin America or the Carribian. Instagram is full of open profiles of all sorts of girls. Kind of girls looking to get attention, job opportunity, glory, etc. Satan got the better side out of them, and they ditched their moral Catholic advice of their grandmas in return for showing their bodies to male sons of Satan. Sudo is not looking for top-models, it would be too obvious. What Sudo is looking for are girls with family photos, photos with small fluffy dogs, etc. Sudo chooses Latin America, because these are good candidates, since nobody in the Balkan region has contact with them or has them as friends, there is extremly low chance FB or anyone else will identify a mirrored account. So how do you find a quality, fair-skinned, Hispanic girl? Google: "Top 100 girl names in Columbia". Google: "Top-Name-1 Instagram", "Top-Name-7 Instagram", and sure enough hundreds of these pop up. If you were however in Latin America, you of course would all of the above, you would just reverse the process and pick top 100 names in Serbia or Croatia and you know the rest.

	Sudo now invests in developing his girls profiles. Sudo starts posting smart quotes of Ivo Andric, Mesa Selimovic. Sudo posts Balasevic songs. Sudos like all the Croatian natioanlistic groups. Sudo like all the Serbian nationatlistic groups. Friend requests start pouring in (Thank God Sudo is not a women on FB, it is like a zoo out there).

	The year is full of holidays, events, (jack-pot is if there are elections, since now Sudo can take sides and Sudo can attract people who are lieaning towards HDZ, SNS, or as such), news that celebrate nationalistic heros. Sudo make a calendar of these holidays and Sudo makes sure to post on Serbian profile everyhting and anyhting that glorifies Serbs and relevant heros/saints/events, on appopriate dates of course. Same for Croats. All sorts of Chetniks and Ustasha get hooked on. On Croatian profile Sudo glorifies NDH, Ustasa, HDZ, etc. On Serbian profile, Seselj is glorified. Sudo picks out random quotes from famous Seselj book: http://www.samomudr.ru/d2/Sheshel%20V.-Ideologija%20Serbskogo%20nacionalizma-2002.pdf - Chetniks are hooked and all of them want to marry you. Facebook is cool with it. Just don't be overly Nazi/Fasist. Zuckemnberg won't mind, after all scanty girls are just a source of ad revenue for him.

	Every now and again Sudo get some Bosniak Muslim Salafi inviting Sudo openly to accept Islam. Sudo realize that Sudo's nation is just as screwed as theirs due to all the psyhopaths roaming through FB profiles.

	Albanians, Kosovars, Macedonians are as guilty as much as the other nations and they are trying to contact Sudo's girls.

	On the Croatian girl profile, Serbs like Croatian girls, so Sudo have equal amount of of friend-requests/followers from Serbian male corpus as well as Sudor Croatian male.0.5:0.5

	Sudo has that one Macedonian guy who likes every thing that Sudo post and he is glued to Sudo. After all Sudo are a potential miss universe since Sudo are from latin america.

	In case of Serbian girl, not so much, the odds are 0.2:0.8. Croats detest poorness of girls, plus they are stingy.

	Every now and then Sudo hit the wall with some sexy photo of Sudors, that is Sudor hypotehtical-self.

	Sudo get about 1000 requests per day. But Sudo play it smart. Sudo don't accapt everyone. Most of these are profiles of shitty, no-good people. Sudo is not up for that. Sudo is looking for those rich guys, guys with university degrees, guys with police/military backgrounds, guys with cars, money, influence. Guys who work in some political party headquorters. Sudo is patient.

	Every morning Sudo dedicates 1-2 hours and reply back to messages Sudo recieve.

	Sudo are well-read, educated, smart, latin-looking girl who happens to be Serb/Croat. Plus Sudo look like miss Universe. Plus Sudo are moral catholic/orthodox girl who knows her religion inside-out. Sudo impress them in all sorts of ways. They are all fascinated with Sudo.

	Year passes by.

	Sudo has now hundreds of guys who want to sleep with Sudo and dozen who would marry Sudo with their eyes closed.

	By the end of the year Sudo has established human-like contact with around 20 quality targets, 10 Serbs, 10 Croats. All are high value targets. The rest of the guys are infected with bots and can be utilized to do DNS attacks. Sudo hasn't created any damage yet, nor does Sudo really want to. Sudo want to be stealthy, Sudo wants to track them and use them only when necessary, one at a time.

	At some point in time Sudo realize you can boot websites and drive traffic by asking these armies of friends/bots to go to his ad-sense embedded websites. Hell, you are making money, so the investment of time wasn't all for nothing.

	Sudo gets a chance to talk with bodybuilders from Balkan, or former Balkan war veterans, living alone with their dogs in all sorts of places throughout Balkans. Types of guys that have lost meaning in life and are just few alcohol drinks away from blowing their brains out and are in extreme need of a female company, or at least a friend willing to listen to their problems and help them soothe their depression.

	You will receive proven, tested tips from the trenches, on how to get 5000 male Balkan friends on a FB in a week. You will finally realize that meterpreter is a shitty approach and that psychological techniques are much better. That is why 70% of successful attacks are primarily human-psychology and human-error based. And instead of trying to damage people, you can use these armies of friends to advertise stuff and drive traffic to your Adsense websites and make money.

	To make the whole process fun, Sudo plays this Russian jazz in the background: https://www.youtube.com/watch?v=qsL3a4-pEr4

	That completes it.

	---

	Another fun project for you. Instead of following me, ask/email


	Joining a security agency at the nation-state level would the best option, because governmant is behind you and you are basically paid to do your security research, if this is what forifills you. When you join security-research groups at that level, you will have a lot of financial resources at your disposal and only imagination and your invetivness is the limit. To see what kind of programs are financed by what country, here are links:
	https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects#United_States
	In USA, especially these two:
	https://en.wikipedia.org/wiki/Boundless_Informant
	https://en.wikipedia.org/wiki/PRISM_(surveillance_program)
	If you are able to join these programs, that is where all the action is happening.

	Second best option, if you are going to become security expert, is to form a security club either at some local organization or at some university (you should continue PhD and focus your will-power in this area than). While at your organization or university you should probably join/form a security-research group and have dedicated meet-ups where you will discuss ideas, do projects, look for ideas on how to monetize whatever it is that you are going to do. The more people you can get into a group, the better. The more brains in one place, the better. The fact that you can discuss ideas, plan attacks, give advice to each other is more valuable than just you browsing alone and trying to do learn how to do damage here and there.

	Tools of trade:
	There are number of standard tools that you should try out and learn and get comofrtable using. These tools, methods, and ways on how to work with companies/institusion that need and want security services are outlined in the penetration testing standard available at this page:
	http://www.pentest-standard.org/index.php/Main_Page
	Be sure to througahly read that and start getting familiar with all the tools mentioned there. The sandard is created by dzoens of top secrutiy expewrts in the field and it outlines what it means to have this as your main profession. The standard was devised based on millions of hours of top-level security researchers.

	Main things that you are going to attack in your research
	Computer within a Network
	Mobile Phones
	IoT deivces (e.g. IP Cameras)
	Vehicles

	For software security tools these are the most important links:
	https://github.com/sbilly/awesome-security
	https://github.com/ashishb/android-security-awesome
	https://github.com/jaredthecoder/awesome-vehicle-security
	https://github.com/x0rz/EQGRP
	https://linuxsecurity.expert/sec

	For hardware tools you should get as much of these as possible and play with them, they can become very handy:
	https://hakshop.com/pages/kits
	https://hakshop.com/collections/all
	https://www.youtube.com/user/Hak5Darren/videos?disable_polymer=1
	If in Balkans:
	https://www.spijunskaoprema.org/
	https://www.youtube.com/user/MrNELENELE1/videos?disable_polymer=1

	There are number of security researchers that you should follow, who are citniually opening new security issues, holes, etc. You should follow those located in Israel, China, Russia, USA. These are countries who are competing to be the best in the industry and are throwing cash by loads at people who are willing to do this 24/7.
	Netanyahu made his personal mission several years ago to make Israel one of top 5 cyber-security technical-know-how companies, and as of last year they are: http://nocamels.com/2017/01/netanyahu-israeli-cyber-trump-tweet/


	Example researchers to follow (Google: "Top security researches NAME-OF-COUNTRY")
	Yuval Elovici - Ben Gurion University, Negev, Israel, head of Desutshe Telecom Laboratires there, his life mission is dedicated to Security
	https://scholar.google.com/citations?hl=en&user=ruZDm9QAAAAJ&view_op=list_works&sortby=pubdate
	Example of excelent article of his: USB-based attacks - https://www.sciencedirect.com/science/article/pii/S0167404817301578
	Asaf Shabtai:
	https://scholar.google.com/citations?hl=en&user=k-J7GfgAAAAJ&view_op=list_works&sortby=pubdate
	Guang Gong:
	https://scholar.google.com/citations?hl=en&user=i2vwkRMAAAAJ&view_op=list_works&sortby=pubdate

	All the articles that you find on Goole Scholar can be downloaded thanks to Russians and Chinese and their main websites:
	http://sci-hub.cc
	http://libgen.io
	These sites get knocked down from time to time, but there are always mirroring wbesites, just google and look on the first/second page.

	To understand the seriousness of the situation, watch this lecture NSA TAO chief gave recently, and the only one of that kind. It is a rare instance where NSA openly tells you what they are able to do to you, and I congratulate them.
	https://www.youtube.com/watch?v=bDJb8WOJYdA
	Some things you will find out:
	- They have an army of about 5000 personal whose sole job is to look on how to destroy all USA enemies in the cyber-world and anything IT-related.
	- If they are unable to get to you through digital means, they call their sister CIA and she physically makes way for them to access whatever they want.
	- Wiping your hard-drive to become anti-virus free means nothing, since they have the source codes of all the hard-drive producers, source code at the level of hardware and have the ability to bypass anything you might think you can use to protect yourself - they sometimes know the code better than, e.g. Kingston disk makers.
	- If you are a target and you buy a laptop from amazon/ebay - they will intercept the shipping, take the laptop, install tracking tools on it, and send your shipping right to you without you realizing anyhting bad has happend.
	- etc.

	For those aspiring to become security professionals, to get really inspired, watch this BBC Spy reality show that was publically aired only once after it was produced (thank God for internet):
	https://www.youtube.com/watch?v=NPs_Ln8ArVs&list=PLfeduzA1hQ3IVdh_moOrNHjxXjYSuevxa

	Lots of hacking books are crap, these ones are decent and fun to read:
	https://www.amazon.com/Advanced-Penetration-Testing-Hacking-Networks/dp/1119367689
	https://www.amazon.com/Social-Engineers-Playbook-Practical-Pretexting/dp/0692306617
	https://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/0470639539
	https://www.amazon.com/Unmasking-Social-Engineer-Element-Security/dp/1118608577/

	Around 70% of successful hacks happen due to social engineering and ability to manipulate people. If this answer gets more than 100 upvotes I will write an answer to another question detailing how Phishing attack is done in the Balkans -> https://www.quora.com/What-are-different-types-of-Phishing-attacks

	Who/What are valubale targets:
	- Enemies of your people
	- Medical instituttions/institues and their medical research (can be monetized)
	- Any university/instituon that produces machines/vehciles/tools/weapons - CAD/CAM design files that can be stolen and sold off
	- Entertainment industriy / Gambling-Betting industry
	- Political enemies
	- Journalists

	Example IoT attack.

	Example attack from the trenches:
	Chines company is selling cheap IP Cameras (less than $100):
	The camera is acompanied with Android app that you can use from anywhere and watch your camera at home or wherever you placed it.
	The way they code their mobile app through which you can watch camera on the internet is such that they left their REST API open and unprotected. The password is sent using plaintext and anyone who knows basics of Burp Suite can get access to about 1,000,000 sold cameras (around 300,000 are active). The Cameras have night-vision and you are able to rotate them. You can even speak through them. And they have memory cards where they keep records up to 3 months.
	When they are eamiled and warned of security issue, they do nothing - they simply don't care - all they care is profits.
	Types of places people put cameras:
	- Russian caffe - guy watches over employees
	- Argentina - family watches over thier old dad who cannot move and is sitting in a chair all day long.
	- Hair sallon in Serbia
	- Guy watches over two woman who are obivusly sex-slaves somewhere in China
	- Guy watches over his office workers in Germany
	Countless other examples.
	Lesson: Don't buy cheap IP cameras from China.

	Example attack from the trenches:
	You are in the Balkans and you know how to manipulate people due to politics.
	You create girl profiles and you get about 1000 male-friend-requests per day per profile.
	You use these profiles then to route traffic to your ad-sense sites and make profit this way.
	It is horrific how easy it is and how the world is like a zoo.