There are lots of aspects to Information Security and it covers all other fields in IT. No matter what your interest is, there is probably a security niche to fill. This guide will focus on learning to exploit, which in turn shows how to detect and prevent security incidents.
To following skill-sets will help you form a solid base:
- Comfortable with Windows and Linux command line and navigation
- Basic networking knowledge (TCP/IP, Handshakes, SSL…)
- Comfortable with Python, PowerShell, or general scripting concepts
- Comfortable with modifying code from any language and compiling
- Basic understanding of Assembly Language (Buffer Overflows)
- Familiarity with the OWASP Top 10 Web Application Vulnerabilities
- Basic usage of:
- Basic usage of:
Some of the easiest ways to get more involved in information security, and have fun at the same time, are doing bug bounties or capture the flag events.
Bug Bounties are sanctioned ‘hacking’ programs that certain vendors publish. The two biggest organizers of bug bounties are BugCrowd.com and HackerOne.com.
The vendor will generally stipulate what URLs/IPs are in scope and what actions are in and out of bounds.
Getting your feet wet by tinkering around on websites looking for OWASP Top 10 Vulnerabilities is a good way to learn, and possibly get paid at the same time. A lot of bounties offer a reward program for finding a vulnerability (as long as you followed the rules!). The more you find, the more you can make.
Information Security Capture the Flag events can range in format, but generally set up “Jeopardy” style where you choose a category and a point score. The categories will range from vulnerable websites, applications, cryptography questions, or anything the organizers see fit. Each ‘question’ will have a hidden flag for you to find, and turning in this flag will net you the relevant level of points.
While some events are qualifiers for participating in larger events (such as the DEFCON CTF), the best prize is the smug satisfaction of besting others. The wide variety of puzzles and ease of entry make CTFs a great way to start learning security. Most will have ‘write ups’ done after the fact, showing how others solved the puzzles. They are a great way to see what methods you can try the next time.
The best site to track upcoming CTF events is ctftime.org.
Not too many legal ways to get actual hacking experience against a server exist. However, thanks to the Information Security community there are a considerable amount of web applications, servers and services built to learn on – generally packaged in a “Vulnerable VM”.
Some of the most popular are vulnhub.com, or pentesterlab.com. OpenDNS has created their own application to teach the OWASP Top 10, and it is a great resource.
The process to start working on a Vulnerable VM is as easy as loading up the VM image inside your preferred software (VMWare, VirtualBox….) and begin hacking away. The advantage to it being inside a local VM is the ability to try exploits or tasks that may break the server or service. You can then reset the virtual machine and start over.
Being able to work in both Windows and Linux environments is key. If you are unfamiliar with Linux, dual booting the OS is a great way to start learning. Setup the dual boot and force yourself to use and get familiar with the new operating system.
For the Linux or Windows system, try doing different tasks from the command line you would use the GUI for. Google can be a great resource for figuring out how to do anything on the command line. If you are in Windows, you can try using PowerShell as well as the basic commands.
PowerShell is a powerful scripting language that makes accessing native windows code much easier than using Visual Basic or other windows languages. Exploits are written in PowerShell more every day, and it will continue to grow in popularity as the information security scene continues to mature.
Not only can scripting in BATCH, Bash, or Python (etc….) be helpful in automating tasks, many exploits are written in Python, C, Ruby, Perl, or other scripting languages. Many exploits you find online will not work for you off the shelf and will need to be slightly modified before using. Being able to read these exploits, and modify them for your use is an important step in comprising a server or network.
Another important aspect along with scripting languages is known SQL Query and REGEX Syntax. There are many resources on the internet for examples of both and doing the tasks outlined above will help you get familiar.
Reversing malware can be a great way to get frustrated, but also learn a lot about the current exploits being used, obfuscation techniques,
Evasion techniques vary, but most revolve around deconstructing functions, having functions build other functions, building variables out of arrays, using random words and letters for all function and variable names, and making function and variable names unruly in length.
Some common tools to help with reversing malware are OfficeScanner, and OLEDump.
- Open DNS OWASP Top 10 App
- Code Academy
- Learn Python The Hard Way
- Bug Crowd
- Hacker One
- Getting Started with Bug Bounties
- CTF Time
- Virus Total
- Smashing the Stack
- Metasploit Unleashed
- OWASP Top 10
- What Certificates should I Get?
- Violent Python
- Hacking: The Art of Exploitation