Self-study security (Part 2)

illunimated keyboardOk, so you’ve decided your interested in security or some aspect of it but are unsure how to get started, where to look, if it’s really the right thing for you. Like me you probably want to jump straight in and start doing what sounds interesting, analyzing malware, pentesting websites, soldering together magical devices to do your bidding.

Hold your horses there, slow down, lets start from with what you know… do you even know what source code is? HTML? if you do, then this article probably isn’t for you, if not then it’s time to start from the very beginning, the basics:

Wargames and Programming – Wargames are a great introduction into security, generally they start with easy challenges gradually getting harder. Two of the most popular ones are hackthissite and hellboundhackers there are also MANY more like these. Both of which have articles on all of the challenges (and various other topics) and forums to go with them, which are useful both for help with the challenges and to get to know the communities, finding out if you like the type of people that are interested in this topic.

Programming will come naturally with these types of wargame, I found there was a easy progression whilst learning, starting with HTML to just post data to them, getting into PHP for cookie stealing, brute forcing and other tasks. They both have areas specifically focused on JavaScript. If you decide to do some of the application challenges you will quickly learn visual basic, how to decompile and reverse applications, some basic ASM and maybe a little C or Java.

By now you should have an understanding, know the community, maybe found a mentor, seen if it is for you or not… if it is great, it’s time to delve in and learn more, maybe time to invest.

Books on my desk

Reading – There are LOADS of books on this subject, all as diverse as one another, some specialist, others more general. Some better than others. It’s very much what you want to learn/read. I suggest browse around. Read the comments on amazon. This is a photo of what I can fit on my desk (excuse the mess)

Electronics – Maybe you have discovered you would like to get into the electronics side of security, There are plenty of choices for this also I would definitely recommend adafruit they have some excellent starter kits (sim card reader & TV-B-Gone) I can recommend the teensy (a programmable microcontroller that acts as HID (that’s a keyboard and mouse)) and an arduino for so many other uses. One thing to note, My experience has shown me that the barrier to entry with hardware/electronics is more expensive than other security/hacking/tinkerer options.

Web apps – Sticking with web apps is a great option, the internet is more prominent than ever and there are more and more of these being made every day. I would suggest setting up a web server & database for local testing (most common are apache and MySQL) download some CMS’s and apps and start playing. My previous article, “Basic web app exploit methodology”, went over this in more depth so I will leave it up to you to read that.

Applications – For this one you will need to know how to program, or at least be able to read code. There are two options to start with “open source” and “closed source”. Open source I find is easier (you have the source code after all) This is the same as web app exploitation, find a project you think is interesting and look for holes/flaws. There are plenty of places to find open source software, to get you started the three biggest seem to be sourceforge, github & google code

As for closed source – you could just start blindly poking around running scanners and fuzzers, however unless you really know what your doing that’s generally to be a dead end (you could get lucky) more than likely you are back to the wargames, there dont seem to be as many for application security, the two sites mentioned above have a few challenges, but the only one I know of specifically for application sec is crackmes which is a superb website for this area of security.

There is a third application option – “Rooting”. This requires a higher level of knowledge allthough it’s entirely possible to learn as you go along. There seems to be a few rooting wargames, they come and go and you hear about them every now and then, I’m particularly fond of smashthestack it has a few different games with forums for help/questions and has been online for a while. These types of games are about launching remote exploits or exploiting applications inside a closed environment to gain higher permissions on the target computer. It would be best to go into these with knowledge of Linux, debugging and decompiling, C, ASM and knowledge of shell code, you can learn the actual attacks along the way and how to discover and use them (buffer overflows, format strings etc.)

cutaway lockLocksport – This is certainly one of the easier aspects of security to get into, simply buy a small pick set and learn to pick, I would HIGHLY recommend getting a cutaway lock (like the picture) once you understand how locks work it’s fairly easy to pick up the skills to pick. After the cutaway lock maybe get a re-pinnable lock with some spool or mushroom pins. If you decide you want to try some tubular locks then get a practice lock and the right pick tool. It really is a simple skill to pick up and a lot of fun.

I hope you have enjoyed this article. That is has made you think about options for entry into security and given you and overview of how diverse it is (and this is just a tiny part of it).
The next and most likely part of this series on self-studying security will be about how to stay current and up to date.
Any questions, comments or suggestions I’d love a comment, or if you just liked it and want to share that would be much appreciated.

 

Sharing is caring!

Leave a Reply