So you still want to Infosec?

Part 1: So you want to infosec?

I find what seems to be the downfall of many people new to learning information security is that they attempt to ignore the fundamentals before moving on to the more advanced topics. Although many of us get our satisfaction from a deep understanding of how things work others settle for memorized tricks. These tricks are summed up by watching somebody else do something and duplicating it because there is a desirable outcome. Many times this causes people to only see bits and pieces of the bigger picture. So here are a few things you can do to get to the bottom of things. For part 1 of this articles see below.

#1 Get down and dirty with code

This tends to be a topic that scares people off but it is simply a matter of getting your hands on some code and spending time figuring out what it does. Don’t use the lame excuse “I know how to read code but not write it.” you can start by just reviewing code and breaking it down. Follow this up by taking code and copying it. Afterwards manipulate it a bit see what happens. This can all lead to a better overall understanding plus can be a path to writing you own code. Get an understanding of how different languages work even if you don’t fully commit. A scripting language can be a good place to start but don’t avoid the low level action. Once you feel comfortable with coding concepts don’t stop get a debugger and see how deep the rabbit hole goes. Poke around to see the results even if you don’t know what your doing at first. I would also recommend looking into the Metasploit source code to understand how it works long before you start firing off commands in hope of getting your first shell. Any kind of code you can get your hands on will help.

#2 Packet diving

One of the very first things I would recommend people do is get a deep understanding of networking and networking protocols. The TCP illustrated series does a great job of this but there are many resources out there for this purpose. Learn about socket programming and do some yourself even if your just copying known code snippets. Setup services that run the protocols and give them a spin. I would also highly recommend diving into network packets and breaking them down. I have often found many people who don’t even have a fundamental understanding of networking trying to skip over the topic in hopes of getting to the fun stuff. Grab a copy of Wireshark or your favorite network protocol analyzer and start breaking down the frames, bits, and flags. NetworkMiner is also a good tool for learning about what’s happening on your network. Often many people think they have an understanding of networking but are baffled by the idea of SYN, SYN/ACK, AND FIN and they get left with a blank stare when asked about these more in depth details. Don’t be that guy download Wireshark or tcpdump, grab a beer, and dive in.

#3 Don’t spread yourself too thin

There are thousands of articles written everyday about new vulnerabilities, exploits, tips, tricks, books to read, what to do, what not to do and it can be really overwhelming for somebody new. I always hear the same thing “Where the heck do I start.” to me the answer is simple get a very strong foundation. don’t learn a bunch of tricks when you don’t fully understand networking and core fundamentals. Focus on the bulk amount of information that needs to be digested to give you a fighting chance of learning the advanced topics.

In conclusion I just wanted to get the point across that you are selling yourself short if you stop before you even scratch the surface. Do yourself a favor and dig into the topics your interested in and spend the time to learn them well. Being 100 miles wide and 1 inch deep can really hurt you.

Part 3: So you’re still infosecing?

So you want to Infosec?

The question arises time and time again “How can I get started in infosec?”. The vast amount of information out there it can to say the least make it overwhelming. I just wanted to write up a small jump start guide that can help you dive in and become a part of the fun. These are just my opinions so feel free to disagree or contact me with any others suggestions.

#1 Get a Twitter account

Twitter can be used as a very effective news feed if you follow the correct people. This will allow you to keep up to date on trending topics and ideas floating around the security world. Like most social media sites this can also turn into a big source of distraction so be careful.

#2 IRC

Many popular tools and groups have an irc channel that can help you immerse yourself daily in security related topics. Even simply observing the conversations that are happening can be infinitely educational. Get on IRC and don’t be scared to ask questions.

A few channels I like on Freenode irc:

#metasploit
#armitage
#veil
#psempire
#kali-linux
#infoseclabs
##security
#bugcrowd
#hackerone
#corelan
#vulnhub
#offsec
#python
##C
##asm

#3 Read, Read, Read

This should actually be number one but read like it’s going out of style. Anything you can get your hands on. Find books that are up to date and make a reading plan so that you can absorb the large chunks of info that are required to have a general oversight of the infosec realm. Find articles online to read, blog posts, white papers, academic papers, or any other material you may find interesting.

#4 Listen to Podcasts

This can be a great wealth of knowledge on a consistent basis if you pick the correct podcast. Best thing is you can listen to them while driving so you can squeeze infosec into every second of your day. Many experienced and respected infosec professionals have podcast that can be downloaded weekly or daily.

Here is a list of some of my favorites:

  • Paul’s Security Weekly
  • Risky Business Podcast
  • ISCStormcast
  • Exotic Liability
  • Social-Engineer Podcast
  • SpiderLabs Radio
  • Securabit
  • Defensive Security Podcast
  • Southern Fried Security Podcast
  • Brakeing Security
  • TrustedSec Security Podcast
  • Hackers on Fire

#5 Videos

Conference videos, youtube, and Securitytube combined can be a wealth of information. Securitytube offers a centralized location for everything infosec related and the creator Vivek has many megaprimers that are free and very in depth about many topics such as Wireless security, Meteasploit, and Assembly language. These mega primers will start from the basics and go deep into detail. I feel these mega primers can be a true jump start for anybody jumping on the security train. Conference videos if watched in a timely manner can give you up to date information on current research, techniques, and findings in the infosec realm. They can also be useful for years to come. Binge watching videos and trying the techniques can help you rapidly grow.

#6 Home Lab

Hands on is a must. Get in there and get you hands dirty.  Don’t be afraid to fail as those are the times you will learn the most. Setup scenarios and test every software and OS you can get your hands on. Without hands on experience you are going to waste tons of time when you actually try to do things you thought you had down because you understood the concepts. No amount of reading can suffice for real hands on experience.

These are just a few ideas that can help you start on a learning track.

Part 2: So you still want to infosec?