System Security Analysis

The language you use is irrelevant as long as it has sufficiently low level access to hook into the necessary information. Traditionally, C, C++, and assembly language have been used for exploits, but I've seen (and written) successful exploits using higher level languages. It's all about having enough power to do the job.

Also note that discussion of hacking is against the rules, so you're kind of pushing it with that question, and my answer probably isn't very helpful for the same reason. ;)

I'd ask if you're new here, but it says you've been here since '07.

Anyway, probably best to avoid calling it hacking. Perhaps something more PC, like "System Security Analysis".

Rather than focusing on the language, things to know:
http://en.wikipedia.org/wiki/Portable_Executable
http://en.wikipedia.org/wiki/NTFS
http://en.wikipedia.org/wiki/Internet_socket
http://msdn.microsoft.com/en-us/library/ee663300%28v=VS.85%29.aspx
http://ref.x86asm.net/
http://en.wikipedia.org/wiki/Boot_sector

Initially, I'd go with the C language. Because of its lacking of type-safety, there are many ways to hack a C program, or shall I say more opportunities. Also note that, C is meant to be a subset of C++, so you do you Security Analysis using C++ as well.

1) I havent say i am new here.
2) Why a negative Vote , hacking is term which can use for positive terms too , like you want to analyze your own system security.
3) Thank you all of you....I didnt know that word "hacking" is very dangerous :)

you're asking for ways to break into computers and either corrupt or steal data. That means you're asking for us to implicate ourselves into crimes you're planning to commit.

What is wrong with u man? I m not going to hack any one.... I just want to know the programming language.... Love you :)

> Which is better for hacking?

An axe. Take it to an iPad. That'll stop the poncey little shite from working.

What is wrong with u man? I m not going to hack any one.... I just want to know the programming language.... Love you :)

you're asking us to give you information that can be used to break the law in a public forum.
Even if you yourself aren't going to do so (and we only have your word as to that), someone else will and you will have implicated us in crimes.

At least over here, helping someone plan or commit a crime is a crime in itself.

Sorry I put my question wrong way.... My Question is "how to analyze a system security"
Please Mods or admins correct the title of the question... Or this man gonna kill me with his words.

My Question is "how to analyze a system security"

No it isn't, because you aren't asking for a way to "find bugs", you're asking for a way to "exploit bugs".

Please Mods or admins correct the title of the question.

No I won't. If you ask this kind of question here, you can expect this kind of answer. Real-life doesn't come with a undo-button and neither does Daniweb :)

I m extremly sorry... As a security professional you have to think negative a bit too to destroy ur own system... Dont take me wrong , i dont believe on stealing information either... I just want to check my system.

you're asking us to give you information that can be used to break the law in a public forum.
Even if you yourself aren't going to do so (and we only have your word as to that), someone else will and you will have implicated us in crimes.

At least over here, helping someone plan or commit a crime is a crime in itself.

Come on you can not be always negative when the question like this pop-ups. Little differentiating would be nice. Am I criminal jut because I'm reading HACKING EXPOSED WEB APPLICATIONS, 3rd Edition: Web Application Security Secrets and Solutions? I do not think so. OP is not first time poster here and did not asked "how do I break in someone system". He made silly mistake of giving wrong name, but that is all. Many of us been interested in security, wanted to do simple pranks at some early stage of our programming ;)

I thought hackers were orignaly enthusiasts who found ways into peoples systems, didnt corrupt or missuse the systems and more often than not reported the security risks to the owners of the systems ?

That isnt the case now like but the name was given in gest and to attract attention to the thread . . .

> No I won't. If you ask this kind of question here, you can expect this kind of answer. Real-life doesn't come with a undo-button and neither does Daniweb

Well done Evan - I laughed out loud at that one. Still chuckling 5 minutes later. :) +1