Part 1: So you want to infosec?
I find what seems to be the downfall of many people new to learning information security is that they attempt to ignore the fundamentals before moving on to the more advanced topics. Although many of us get our satisfaction from a deep understanding of how things work others settle for memorized tricks. These tricks are summed up by watching somebody else do something and duplicating it because there is a desirable outcome. Many times this causes people to only see bits and pieces of the bigger picture. So here are a few things you can do to get to the bottom of things. For part 1 of this articles see below.
#1 Get down and dirty with code
This tends to be a topic that scares people off but it is simply a matter of getting your hands on some code and spending time figuring out what it does. Don’t use the lame excuse “I know how to read code but not write it.” you can start by just reviewing code and breaking it down. Follow this up by taking code and copying it. Afterwards manipulate it a bit see what happens. This can all lead to a better overall understanding plus can be a path to writing you own code. Get an understanding of how different languages work even if you don’t fully commit. A scripting language can be a good place to start but don’t avoid the low level action. Once you feel comfortable with coding concepts don’t stop get a debugger and see how deep the rabbit hole goes. Poke around to see the results even if you don’t know what your doing at first. I would also recommend looking into the Metasploit source code to understand how it works long before you start firing off commands in hope of getting your first shell. Any kind of code you can get your hands on will help.
#2 Packet diving
One of the very first things I would recommend people do is get a deep understanding of networking and networking protocols. The TCP illustrated series does a great job of this but there are many resources out there for this purpose. Learn about socket programming and do some yourself even if your just copying known code snippets. Setup services that run the protocols and give them a spin. I would also highly recommend diving into network packets and breaking them down. I have often found many people who don’t even have a fundamental understanding of networking trying to skip over the topic in hopes of getting to the fun stuff. Grab a copy of Wireshark or your favorite network protocol analyzer and start breaking down the frames, bits, and flags. NetworkMiner is also a good tool for learning about what’s happening on your network. Often many people think they have an understanding of networking but are baffled by the idea of SYN, SYN/ACK, AND FIN and they get left with a blank stare when asked about these more in depth details. Don’t be that guy download Wireshark or tcpdump, grab a beer, and dive in.
#3 Don’t spread yourself too thin
There are thousands of articles written everyday about new vulnerabilities, exploits, tips, tricks, books to read, what to do, what not to do and it can be really overwhelming for somebody new. I always hear the same thing “Where the heck do I start.” to me the answer is simple get a very strong foundation. don’t learn a bunch of tricks when you don’t fully understand networking and core fundamentals. Focus on the bulk amount of information that needs to be digested to give you a fighting chance of learning the advanced topics.
In conclusion I just wanted to get the point across that you are selling yourself short if you stop before you even scratch the surface. Do yourself a favor and dig into the topics your interested in and spend the time to learn them well. Being 100 miles wide and 1 inch deep can really hurt you.
Part 3: So you’re still infosecing?