Computer coding


Book Reviewer
There are 10 types of people...
... those who understand binary, and those who don't
Is that EBCDIC, UNICODE or ASCII, and which code page?
The followup is....

There are two types of people in this world, those who can extrapolate from incomplete data,,,,,,,
Which trade teaches you computer coding? Or anything similar to cyber security.
As has been mentioned, coding and 'cyber security' are two opposite ends of the playing field.

Some great advice given already, but I'll just add this:

If you want to learn how to 'code' start with HTML and building basic web pages. Pretty soon you will be needing to learn lower (meaning higher) level languages like PHP and PERL. You will also come across Javascript pretty quickly too. Not to be confused with Java. Javascript is more for browser scripting (and very powerful it is too), PHP and PERL tend to be more for back end server side CGI stuff. Javascript has elements of even lower level languages again such as Java itself and C. So this is a good way to slowly break yourself in as you need to go with doing some real world programming stuff. This is what coding is all about.

You need to learn this by yourself really. When I went to uni to learn this, I learned pretty quickly that I would be 'taught' nothing. You still have to do the hard work yourself. Uni is not for training. Find a local college training course if you want to get 'taught'. Some are even free. The internet is your friend. Find a good forum once you have done the basics of learning.

If you want to dive in to C, which is a standard intermediate compiled language, then there are two books I would recommend, the first is K&R - it's as short and terse as the language itself. Really, if you can't do the exercises in this book (even badly) then computer programming is not for you. Another, lesser well known book is called ABC (A Book on C). The first book I mentioned should be your first port of call though, written by the language's authors, it sorts the men from the boys with regard to 'coding'.

But that's the hard stuff. There are people who 'code' and only work with higher (meaning lower) level languages such as Visual Basic. You can earn very good money just by using this abomination of a programming language. And as I said about learning HTML and web-programming you can earn good money there as well if you have an eye for design on top (and maybe can bluff a bit of graphic design). None of this requires C language levels of intellect or intelligence. Beware though, even though HTML is just a very high level 'Markup' language - its a right bugger to debug on larger projects.

The good thing as well about web-design is the fact that there are already so many 'templates' out there and you will often just be altering other people's well written code. This is permissible and acceptable as long as you don't try to pass it off as your own work, giving credit where it is due (but often even this is not necessary).

To become a coder you will need serious passion. You will have to be able to 'kick dead whales down a beach' and 'nail jelly to a tree' as they say in the New Hacker's dictionary. You can find it online. It gives an interesting overview of what coding is really about.

And then there is 'Cyber Security' as you so quaintly call it (no offense) - some people still call it this - it's never really gone totally out of fashion. What is Cyber Security really?

Well, it's partly hacking, partly cracking, partly reverse-engineering. It treads a thin line sometimes between ethical and illegal cracking, so called white hat or black hat, respectively. The best Cyber Security experts are probably what would be considered grey hats.

To catch a thief...

There are certain programs you can get like Metasploit and Nmap which are pretty standard tools for doing penetration testing. We are talking about breaking in to servers and websites and networks here. Ideally without anyone ever knowing you were there. You can call up a command prompt in windows or linux and type: "Ping" which will send out a signal for the server to reply to you that it is alive and well. This is the IP of Google. It's not illegal to do this on this server. But some servers do consider even a basic Ping attempt to be a form of illegal penetration testing.

When you get a job doing penetration testing you will be given the all clear to do your damndest on that companies servers to see if you can get in. I think Nmap and Metasploit are included on a Linux Distro called 'Kali' (it might be called something else now). And you will also have tools to crack open wifi networks and break in to them. If you scour the chans you will find the best wireless cards to do this for war-driving or even building your own (pringles cans for antennas for extra power).

There are several ways you can break in to people's home networks and therefore their personal computers. This is a good one. There are some very easy 'exploits' as well that can be, well, exploited, to gain easy access. All of this is illegal of course, so use a VPN where necessary or learn how to not get caught. You'll need to do this to become a Cyber Security Expert. You can't do it just by reading.

Also, there is phone cracking. If you read the chans there are boards there for breaking in to people's home camera systems and also their phones. Every now and again someone shares or trades their spoils and all the nudes that young lady put on her phone are now on the internet for 'evah'. When you get more advanced you can re-direct cameras to look around a room from people that don't change their password. And if you don't have the skills to do this yourself you can hire someone to do it for you. All you need is a mobile phone number. They use forensic level programs and usually have some degree of autism that allows them to gain the knowledge and go through the boring shit to get good at that. It doesn't cost much money, but of course it is highly illegal. At least know about this stuff, if you don't actually do it (doing it is not advised).

So that's a couple of quick angles of it.

Cyber Security could also mean learning about CPU (computer chips) and how they can be exploited by flaws in design. Been some major ones lately. It's not just network stuff.

Another field of Cyber Security could be the obfuscation of proprietary code so that adversaries can not reverse-engineer it and steal it.

You will need to understand concepts such as Decompilation and Disassembly for this. I recommend Cristina Cifuentes' PHD dissertation on Decompilation techniques. [PDF FILE]

It's a reet riveting read if you like that kind of thing.

There are tools built in to windows itself to aid with this kind of thing (DEBUG) but you will want a proper program like Softice or IDA or OllyDbg to do serious work. And these will be useless without a basic working knowledge of Assembly language (which was already described very well earlier in this thread by someone else, so I won't repeat). You will also need a Hex editor like WinHex (a really great forensic tool in itself), or one of a million like it, if you want to patch the code once you 'grok' it.

Really, in total, you will need some kind of knowledge of all these things to call yourself an Expert in the field of Cyber Security. Often, you will need these talents in aggregate to really know what you are doing. You will be competing with guys (and sometimes gals) who already are proper programmers, working in the lowest level languages all the way down to machine code or whatever for drivers at Ring O. They will have been doing this for years as well.

This is a very hard game to get in to, especially if you don't have a computer background. You need to focus on what area it is that you want to work in. Obviously it's not possible for a single human being to do all of this 'well'.

There's probably some stuff I've missed out. You can find forums for this kind of stuff but you will have to prove yourself to be accepted to get the 'higher knowledge'. Basically just the state-of-the-art at the moment. The latest tips and tricks.

Also you will need to know how to make yourself anonymous on the internet. If you don't use a VPN you will need to learn how to use one, or else the big boys on the proper cracking sites will just laugh at you. They'll probably go through your real email for fun as well. They can be brutal. You need to show a certain level of competency to play in this field. If you thought the Debian Linux forums were savage, boy...

It helps to get a recommendation. Sometimes it's who you know at the beginning to get started. But once you are in you will get access to further resources, the most important of all being communication with people that have been doing this for decades, for fun, black hats, white hats and grey hats alike.

There is so much information out there on the net about this. I've just given a quick overview.

I'm a failed programmer and failed hacker and failed cracker, so take what I say with a pinch of salt. I have, however, spent a long time studying it.

Good luck. And oh yeah, learn how to use Google! (this is not simply just a facetious remark)

Latest Threads