Yesterday I covered some tools to get started with hacking and programming. Today I’m going to cover some personal skills. This list is my opinion and will probably expand as I develop my own skill set.
First thing is programming: Learn how to program. I have seen numerous industry security professionals advising those getting started to learn how to program. Don’t just copy down a program that does something you want, learn to make your own. I find that this makes me understand what is going on much better.
Languages: C is necessary for OS hacking. The big three OS kernels are coded in C: Linux, Windows, and OS X. Understanding the structures in C will also help you understand how a computer program runs and moves through the system. I personally like K & R The C Programming Language and the programming section of Hacking: The Art of Exploitation. I had experience programming before I encountered both of those books. If you’re new to programming there are several courses online that provide a less concise introduction..
Python. Python is a nice language that is easy to use. There are some great resources for learning how to use python in hacking. Cybrary has a course on python for pen testing. Black Hat Python and Violent Python are also available. Again, learn what is going on with the programs and how to make them yourself, modify them, etc to really see how they fit together.
Bash. Bash is actually a programming language and a shell. Its a good thing to get to know and get comfortable using. General comfort with Linux is a great thing to get used to. You can create scripts in Bash to dump files into a place you want easily. The Linux Command Line and Shell Scripting Bible is a good resource.
Assembly. Assembly language is one step above the machine code that actually steps through your CPU. It is completely architecture dependent and complicated. But if you want to do some OS hacking it’s necessary. It will also make you understand how a program runs better. I’m still working on finding a book I prefer for assembly language.
Second is problem solving: A quick Google search will come up with countless threads about math applying to programming or not. The short answer is yes. Portions of math apply to computer science directly. Discrete math and probability are the first two that come to mind. The long answer is a little more nuanced.
Advanced mathematics teaches you problem solving skills and challenges your understanding of the world around you. I’ve seen computer science jobs that require familiarity with the scientific method and things like that. Math teaches you a very logical way of examining a problem and searching for solutions. The other great thing about math is that there is literally a portion involved in just about everything. Curious about how objects interact with each other? There’s calculus and mathematical physics. Wondering how particles operate at the quantum level? There’s functional analysis and mathematical physics. Curious about encryption? Advanced algebra and discrete math. Wonder how the weather works? Chaos thoery and dynamical systems. The list goes on and on. All of these fields of mathematics will challenge you and your problem solving abilities. Full disclosure: I love doing math and have a few degrees in it.
Last is not my idea, I got it reading an article on Cybrary.it (unfortunately I don’t remember the specific article to credit it correctly). Creativity. Do something that requires you to use your imagination. Make sure it is something that challenges your creativity.
Everything I’ve talked about in this post has basically been about challenging your brain in specific areas. Hacking isn’t just about downloading a program and running it. Its about figuring out how things work and making them do what you want them to do, even if they weren’t designed to do it. The best way to start is to pick one area and get good, then branch out into other areas.
I chose OS hacking because I’ve always been curious about how a computer turns 1’s and 0’s into the graphics and utilities we see on our screen. Then I wondered how to get in and make it do what I want while not alerting the user. Then the next step is how to prevent others from doing the same thing.
98 Days to go…