"Give me six hours to chop down a tree and I will spend the first four sharpening the axe"
This famous quote from Abraham Lincoln applies perfectly for the field of cyber security. Before plunging in the vast and limitless ocean of security, it is very essential that you have your arsenals ready. In this blog post, I will be discussing some key points which will be very essential for smoother and successful start in this field. Below are some of my serious advises.
Remove the lust for windows
Windows was designed for naive users to interact with the computers. As the years passed, windows added more and more level of abstraction, only to make the handling of computers easy. Due to GUI, it become more user friendly and captured a vast market share of personal desktops running windows OS. No doubt, it is an excellent operating system, but only from the end user point of view, not for an info sec guy. Due to high layer of abstraction, the user hardly knows what's under the hood. Start using UNIX systems and make it your new friend. Get familiar with the UNIX commands and start working on terminals because most of the utilities in penetration testing, forensics and other security tools are CLI based which provides more flexibility that GUI. If you are using windows, try to install some Linux (preferably Kali) either as Virtual Machine (my favorite) like VMWare or Virtual Box or Dual Boot. Having the grip on the command line with certainly help in future run.
Learn a scripting Language
This is one of the most essential pre-requisite before you get into cyber security. Having the knowledge and command of any one scripting language is very important. Try to learn one of the languages, for e.g. Ruby, Perl, Python. Having the knowledge of more than one is an added advantage. If you ask me, python is my favorite, and the same for most of the professionals in info sec community.
Understand Networking and Web Technologies Fundamentals
Having the strong foundation in computer networking and web technologies are very important to become a successful pentester or security professional. In networking, one must have good understanding of various terminologies like TCP, UDP, SSL, HTTP, routers, switches, subnetting, ethernet and so on. It's just few of the topics I have mentioned here. There are tons of other stuffs.
In web technology, get familiar with at-least on server side technologies like PHP, JSP, ASP, client side technology like HTML, javascript, CSS and a back-end database like MS-SQL, MYSQL etc. Having a strong understanding of web application terminologies and architecture will be very essential for performing web application vulnerability analysis and penetration testing.
Start thinking at the hardware level
Start thinking at the hardware level
Hardware be it high end servers, routers, personal PC, mobile, Raspberry pi, or even arduino, all have things in common. They contain codes, have processor, registers and memory. Vulnerabilities arises due to codes, codes reside in memory and code is executed by the processor. Advance hacks often exploits the memory and plays with the processor execution. Try to get familiar with low level codes and understand the instruction flow. Form the mental map of machine architecture and instruction execution. If you are new to programming, first learn C before jumping to scripting languages like python. Write simple programs in C, compile it run it and reverse engineer the executable to get the taste of assembly language. Having the understanding of underlying hardware will make you feel more confident when you approach to find the vulnerabilities in the systems.
Apart from above points, start thinking and analyzing the world around you with security perspective. Always try to use the stuffs in the unconventional way, different from how it was designed to be used for. Understand the computers, its architecture, its working, its underlying technologies. This will help to hone your skills and make you different from a script kiddie.
This field is the vast ocean and there are tons of concepts needs to be explored. Only way to get confidence in this field is continuous leaning. No certifications with make you expert, it will take you just a step up the ladder. Be open to learning and start exploring stuffs on your own.
I have scratched just the tip of the iceberg. Things which I have mentioned are at the very high level which are just to give the broad picture. To cover the areas I mentioned, in my blog, I will be publishing the articles related to topics like
- Linux Commands
- Python essentials
- Web application penetration testing
- Network penetration testing
- Reverse Engineering
- Capture the Flag (CTFs)
- Arduino
- Raspberry Pi
- Internet of Things Security
.. and many more security related articles.
I have compiled these from my learning and experience. They are gold to me and I hope will be same for you folks too.
Do comment your suggestions about the post. I will be happy to receive the feedback. Also share if you find it useful.
Happy Learning 😊
Comments
Post a Comment