Monday, August 5, 2019

So You Want to be a Hacker

This post has been on my mind for a while now, but the length and laziness to search my archives and bookmarks has deterred its publication, but alas! it is here now. Since 2014, I have encountered lots of materials here and there that I keep track of and frequent to update my knowledge. This list of resources also includes twitter accounts, but I have excluded that category from this post. There are various sub-domains in cyber security. Hopefully, this post can give you a place to start in the your field of interest. This is a non exhaustive list.

Early 2017, I did a seminar with an old friend on the topic. At that time, I was trying to get students to enroll in my new club on Computer and Network Security. Unfortunately the club was terminated after I graduated in 2018 but it may be resurrected soon (hopefully).  I cringe every time I see a snippet of that video. I don't know why I kept smiling the whole time, but that's story for a different day. I never watched the full video so I may have said some b.s but oh well..

In the same year, I was privileged to be teaching assistant for CSCD27H3 - Computer and Network Security under Prof. Thierry Sans. At the end of the course, I made a final post for the students in case any one wanted to continue their studies in the field. The content of the original post will be in the Appendix section.

This post is an updated take on the original, links have been updated and newer or more useful materials have been added. These are marked as [UPDATE] and [NEW] respectively. The marker [NU] means No updates at this time. Most likely reason being I haven't done much in this domain since the original post. Another reason could be the materials from the original post are still authority in the field. Feel free to suggest

 DISCLAIMER:
As much as I try to stay in loop with most of the aspects of Computer and Information Security, I have a strong bias from certain sub-domains. You can expect that my knowledge on materials and resources will be skewed in favor of these areas. If you have a resource that you can vouch for, mention in the comments and I'll add it to the list and credit your mention.

Also, I have not visited or used every resource there is, so if something is missing from this list, it does not in any way imply that the material is subpar. I've just not looked into it. Also, I do not rate content. If I have used a resource and it was beneficial to me in any way (or recommended from the comments) it will be on this list.

Appendix 

Hi Mallories,

This post is in response to <redacted>

Hopefully, for most of you, this course has sparked an interest in Computer and Network Security! and now for those of you interested in pursuing this interest, it's never too late to start. Security hasn't been the most publicly available knowledge but that has changed in the recent years given the rise in breaches and the shortage of grey hats.

I'll attempt to provide a list of resources related to the topics covered in this course and more so you can explore your curiosity! You'll learn by doing so I'll provide books and challenge sites. This is a non exhaustive list and the list is unordered.


Combining it all together:
  • Penetration Testing
    •  Hack the box:
       Site:       https://www.hackthebox.eu/
       About:        You're required to hack the invite process before you can register. The platform has a variety of Windows and Linux servers available for compromise over VPN.
      Hackers are ranked by number of system accounts hacked (NT\AUTHORITY and root) and regular user accounts. You start as n00b. This hacker rank also comes with some perks. There are also job postings and you can only apply to jobs whose hacker rank requirement includes your rank.

      Access to servers is completely free but while attacking a server you may get kicked out or the server may be reset by another hacker if you don't cancel the reset request in time. I usually have to wait for off hours to work.
      There's also an in house community. Allowing you to chat with other hackers in case you're stuck. Your questions have to be smart though, no one would give you the direct answer. If you think Prof. Thierry's answers were usually indirect, you haven't met these folks. This is why people there know everyone has earned their stripes. That being said, in this field, talking to someone is better than Google.

      There's also regular challenges on forensics, crypto, exploitation etc. You also cannot find writeups online because that will ruin the fun. My handle on this platform is n33trix. I haven't been active since May but I'll probably spend my holiday on here. If you stop by, hit me up :-)
    • Pentestit Labs
      Site:       https://lab.pentestit.ru/
      About:Registration is free. The platform simulates a cooporate environment and runs for about six months before a new simulation is up. Hacker progress are also publicly announced on their site and twitter. Since the lab simulates a cooperate environment, there is a sense of accomplishment when you own the Admin servers/boxes.

      You start as an external attacker over VPN. Starting from the external gateway (the only box you initially have access to) you are required to make it into the Admin network, owning as many machines as possible. This is a sample network map. Connectivity is more stable. There's community as well and same applies for the community mentioned above. Hacker's aren't ranked. Write-ups are posted about 3 months in.
  • Malware Design and Analysis
    • Malware DesignNot many books or resources on the design of malware (how to make/write). However, there's this (possibly dated book) does a good job. You'll need to brush up on your assembly skills and knowledge of OS to read this book. Good thing is, if you can analyze Malware, then you can find the recipe to how they work :-). I also haven't researched a lot on this so there may be some resources i'm not aware of. Be curios but that land in the wrong place.
    • Malware Analysis
      Shout out to all the reverse engineers reading binaries on a daily, much respect. Reverse Engineering is not for the faint of heart, so you'll need to be good with that first. After which, you can explore, the following from OpenSecurityTraining. These courses might have pre-reqs, I find it's better to complete the pre-req courses first.

      1. Malware Dynamic Analysis

      2. Reverse Engineering Malware

      3. RPISEC on Malware

      Books:

      1. Practical Malware Analysis
  • Bug bounty
    • Introduction to bug bountyThis is a new step to better security. Essentially, companies release their software or service for hacking and the successful hacker gets rewarded. You will need to report the bug to the company and probably work with them to fix it. Hacker's are registered, no fowl play. This book will enlighten you further. HackerOne and BugCrowd are example bounty platform. Companies like Google also have standalone bounty programs.

  • CTFs
    After you have trained like a pro, go out there and join a team! All of this is to much work for one person, find a niche you love the most, specialize in it and play CTF games for fun and profit. For more about CTFs, read this and check out CTFtime.org to join a team and play


Best of luck!
Posted by at No comments:
Labels: , , ,

The Old Bytes

In case you've ever wondered the meaning of my blog title, this post would serve as some context! The name of this blog is inspired from the idiomatic expression; 'chip off the old of the block' which means 'likeness in character ...'.

There are many individual whose knowledge, influence and inspiration have contributed to and still contribute to who I have become in this field. Since we are in the digital/hacker world, I refer to these individuals as the old bytes and I believe they deserve an honorable mention.

1. Harold Kim
    I e-met Harold in 2014 on Facebook. His photo from a CTF event got me intrigued about this field. He gave me the initial pointers; books to read and websites to visit. Interestingly, I and Harold have been trying to meet for the last 5 years to no avail.

2. Harold Rodriguez
    I met Harold in 2017 from the DC416 community; a Defcon chapter in Toronto. Harold lent a helping hand when I was starting out in actual exploit development. He answered and explained everything I couldn't Google or found difficult to understand. I look up to him when it comes to Exploit Development and Penetration Testing.

3. Nick Aleks
   I met Nick in 2017 from the DC416 community. It was a very interesting encounter. He had pressured me (in a good way of course) to go up to the stage and participate in the on going CTF. I have never been so anxious! I was visibly shivering but it was one of my best experience in that community and I made some new friends after. Some of the best advice I have received with regards to career development came from Nick. He also has a wealth on knowledge in Security and Software Engineering and there is still a tonne I'm looking to learn. Nick was my manager for about 2years, If you get to have him too, consider your life blessed!

4. Thierry Sans
   Professor Thierry Sans; he is the best thing that happened to me during University. He's a renowned Professor in Software Engineering and Computer Security. I was privileged to be in the first set of students he thought when he moved to University of Toronto. I was even more privileged to teach for him. He was more than a Professor, he cared about my growth in the field and shared knowledge and experience with me. In the ranks of relationships I value, his is way up there.

5. Eugine Yevgeny
   I don't know of many advanced members of the community that would put up with naive individuals like myself; no, for real. I met Eugine from DC416 community as well, I believe in 2018. Eugine once gave a talk on Malware Analysis. I remember asking Dolev, about a 6-months later who that speaker was. Once Dolev responded, I was in his inbox. If you've been on twitter, it's very easy to be left on read simply because you're unknown so I'm pretty used to it. Eugine however, responded. During this time, I was going over Practical Malware Analysis and Eugine readily clarified confusions. Fast-Forward to now, we work on side projects together. I have learned a lot from him, technical, career advice, name it. Thank you for accepting to work with me despite my n00b status. I look forward to more projects with you

6. Dolev  Farhi
    I met Dolev in 2017 from the DC416 community. I remember always bugging him with computer networking and web application questions and he would readily respond and clear up confusions. I also remember the countless times we tried to meet but our schedules would not let us until the DC416 community meetings. At this time of writing, I haven't seen Dolev in a while, but I'm going to fix that. I don't intend to lose touch with such a great mind

7. John Simpson
    John is my team lead at TrendMicro's VRS. He's a great, patient and very knowledgeable guy. Recently, he introduced me to Java security research by walking me through an Oracle de-serialization vulnerability. That one session sparked a level of curiosity and since then I have studied a variety of materials from papers to YouTube videos on the subject of Java Security. If John, hadn't introduced me to Java security when he did, i probably would have never looked into CVE-2019-0230.
   
8. Pengsu Cheng
    Pengsu is a senior colleague at TrendMicro's VRS. Pengsu showed me a couple tips and tricks that I have consistenly found invaluable anytime I venture into Windows binary patch diffing. Like John, and the rest of the squad on this team, he's patient, knowledgeable and all round awesome guy. I'm happy to be working with these guys!

There's also the online humans who freely share awesome knowledge. There are very many of them, but below are the online accounts I frequent.

1. Live Overflow
   If I started writing about this guy, the chances of  'overflowing' this textbox and probably some server somewhere are probably high. I hope you know him already, but if you don't check out his website. He posts very well explained no bullshit instructional videos. He tries to be funny on twitter too. He's an awesome dude, but I've never met him before. He virtually held my hand in introduction to Browser Exploitation with his newest series (at time of writing) on the topic

2. Ippsec
   Although a spend a fair chunk of my research and practice time on the binary, vulnerability and exploitation side of life, I'm also into Penetration Testing. IPPSEC is like a gold mine without the mining part when it comes to Red teaming/penetration testing. I've also never met him in person but his instructional videos are one of a kind. He always looks for opportunities to share something new even with the simplest of challenges. Again, I hope you already know him, if not, please visit his link.

3. Matthais Kaiser
   Soon after the introduction to Java security by John, I began gathering and studying materials already available. That's when this name started popping up every corner. I watched all his videos and boy did I feel uber enlightened. As CVE-2019-0230 made the rounds on the internet mainly due to fake PoCs, I decided to look at the vulnerability. He was the original discover and just knowing this, I was certain he submitted an actual RCE PoC to Apache. I was challenged and determined to find it. Of course, my environment was right; John had gotten rid of the external pressure, offloaded some of his Java research techniques to me and let me take my time. I learned a tonne and in the end, after ZDI published the research, Matthais reached out, we connected and it was a really special day. I look forward to meeting him in person in the future!

This post will updated frequently.. stay tuned!

Posted by at No comments:
Subscribe to: Posts (Atom)