Cyber101 - Getting into Cyber as a Student

These are our own views/thoughts and do not reflect the views/thoughts of our employer.

Who are we?

We graduated from UMD in '19 with our BS in CS. We were involved in CSEC and helped create challenges for UMDCTF-2018/19.


Now we have to be adults and work our lives away, but still love CTFs and connecting with the community! (And we love our jobs! #cyberroolz)

Mike - WittsEnd2

Drake - drakemp

Researcher

Reverse Engineer

Hobbyist - DIY electrionics

                 - RF

                 - MISC.

Foodie

 

Software Engineer - C, Python, & Web

Reverse Engineer

Graduate Student - M. Eng. Cyber Sec.

Hobbies: CTFs/Dev Projects, Entrepreneurship, Baseball, Music, Stocks

 

How to reach us

#!/usr/bin/env python3
user = 'drakemp'
sites = {
    "discord:  ": "#3083",
    "gitlab:   ": "",
    "email:    ": "@terpmail.umd.edu",
    "spotify:  ": "",
    "itch.io:  ": ".itch.io",
    "duolingo: ": ""
}

for site,ext in sites:
    print(site + user + ext)
#include <stdlib.h>
typedef struct Contact {
    char discord[15];
    char twitter[15];
    char github[10];
} Contact;

int main() {
    Contact *contactInfo = malloc(sizeof(struct Contact));
    contactInfo->discord = "WittsEnd2#9274";
    contactInfo->twitter = "@RagnarSecurity"
    contactInfo->github = "WittsEnd2";
    return 0;
}

General Resources

(The good stuff)

Reddit:
  - r/ReverseEngineering
  - r/ghidra
  - r/hacking
  - r/HowToHack
  - r/humblebundles
  - r/memoryforensics
  - r/RTLSDR
  - r/securityCTF
  - r/netsec
  - r/netsecstudents
  - r/LiveOverflow
  - r/linux
  - r/linuxmemes
  - r/linuxmasterrace
  - r/unixporn #getricing
Youtube:
  - LiveOverflow
  - Hak5
  - pwn.college
  - RTL Engineering
  - Guided Hacking
  - Ben Eater
  - Computerphile
  - DEFCONConference
  - Aerospace Village
  - Car Hacking Village
  - Cheat The Game
  - LockPickingLawer
  - Suckerpinch
  - John Hammond
Websites:
  - vx-underground.org
  - index-of.es
  - repnz.github.io
  - www.corelan.be
  - github.com/RPISEC/MBE
  - pwn.college
  - exploit.education
  - hockthebox.eu
  - hackthissite.org
  - www.overthewire.org
  - tryhackme.com
  - ringzer0ctf.com
  - ctftime.org
  - picoctf.com
  - lobste.rs

Your friends are just as (if not more imporant) than these resources!

Roles/Positions in Cyber

Offensive - RED Team

  • Exploitation
  • Social Engineering
  • Penetration Testing
  • Cryptography (Cracking)

 

Black Hat vs White Hat

 

DON'T Hack anything you're not allowed to!

 

Mindset: Offensive

Defensive - BLUE Team

Mindset: Defensive

  • Secure programming
  • Network Security
  • Cryptography (encryption)
  • Incident Response
  • Digital Forensics

 

Law Enforcement is huge on hiring Incident Response specialist/Digital Forensics Analyst/etc. 

drakemp@mojito:~$ r2 - #Neat trick with radare2
 -- There are 5 minutes from WTF to FIX in r2land
[0x00000000]> w https://youtu.be/LhF_56SxrGk
[0x00000000]> pqs
 ▄▄▄▄▄▄▄  ▄ ▄▄▄▄ ▄▄▄▄▄▄▄ ▄ ▄▄▄▄▄▄▄  
 █ ▄▄▄ █ ▄ ██▀▄▀▄▄█▀▄██▄▄█ █ ▄▄▄ █  
 █ ███ █ ▀▀█    █▀▀▄█ █ █▄ █ ███ █  
 █▄▄▄▄▄█ ▄▀▄▀█▀█▀█▀█ █▀█▀▄ █▄▄▄▄▄█  
    ▄▄ ▄▄  ▄▀▀▄ ▀▀  ▀▄ ▀ ▀    ▄▄    
 ▄▄▄▀██▄▄█▀▄▄ ▄▀█ ▄ ▀█▀▄▄▄█▄█▀█▄▄▄  
 ▄█▄▀▀█▄█▄█▀▄▀   ██▄▄▀█▀▄▄ ▄██▄▀█   
 ▄▀▀▄▄█▄█▄█ ▄▄▄▀▄▄  ▄▄▀ ▀▄ ▄█▀█▀▀   
 ▀▄▄█ █▄ ██    ▀▄   █▄  ▀ ▀▄▀ █▀▄▀  
 ▄▄  █▀▄█ ██▄▀▀▄▀█▄ ▀▀▄▀▄▀███▀█▄ ▄  
  ▀▄  ▄▄▀ ▀▄█▀▄▀▀▄▄ ▀█ █▀█▄▀▀ █▀█   
 █▀▄▄ ▄▄▄ ▄▄██▄  █▄▄▄▄█▀ ▄▀█▀▀▀ ▄█  
 █▄█▄██▄██   ▄▀▀█▀▄  ▄ ▀ ▄▄▄██ ▀▀▀  
 ▄▄▄▄▄▄▄ █▀█▀█ ▄ ▀▄▀▄ ▄███ ▄ █ ▄    
 █ ▄▄▄ █ ▄▀█  ▀ █ ▄▀▀█▄ ▄█▄▄▄████   
 █ ███ █ ▀▄ ▀▀██ ▄█▀ ▄▀▄ █▀ ▀▄▀ █▄  
 █▄▄▄▄▄█  █▀ ▄ ▄█▄ ██  ▀ ▄ ▀ ▄ █▀▀  
                                    
[0x00000000]>

Hybrid - PURPLE Team

  • Security Research (generally)
  • Reverse Engineering
  • Bug Bounties
  • Vulnerability Research 
  • Developers 

 

#PURPLETeamizb3st

Mindset: Both Offensive and Defensive

Genres (topics) in Cyber

Reverse Engineering

Understanding how something works, whether its software, hardware, or anything else.  

Ghidra

IDA Pro

Binary Ninja

Radare2

ptrace/strace

Sysinternals Suite

@malwareunicorn

Tools (Software):

Exploit

Taking advantage of an unintended bugs features

Binary - 

   Buffer Overflow

   String Format

   Return Oriented Programming (ROP)

   Timing Attacks

   Side channel

Web -

    SQL Injections

    XSS/CSRF

Can require some RE to do successfully.

Examples

Whats the exploit here?

Digital Forensics

Data Analysis - Aggregated Data investigations

Disk - Storage Drive forensics

Memory - RAM/Snapshot forensics

Network - IP traffic forensics

Mobile/Embedded - Niche technology based forensics

Popular Areas

Forensics is uncovering evidence and artifacts like a detective solving a crime scene.  

Criminal Investigations

Malware / Intrusion Detection

Volatility

Autopsy

Hardware

Embedded Systems - Internet of Things

Software Defined Radio - RF Hacking

Hardware Hacks - Side channel
 

Tools/Resources:

  • GNU Radio
  • Hak5
  • HackRF
  • Architecture Manuals
  • etc

Hardware covers a variety of topics, and as Software folk we generally don't get to play with this stuff. 

Cryptography

Secure communications in an adversarial setting. In CTFs, usually breaking uses of crypto or broken crypto. (there's a difference!)

 

Broadly speaking, unless you become an expert in Cryptography, uses of crypto are limited to consulting and designing with secure crypto primitives. (secure primitives does not imply secure communications!)

data = 'CAPTURETHEFLAG'
key = 'A'
encrypted = ''.join([chr(ord(x) ^ ord(key)) for x in data])
print(encrypted)
# '\x02\x00\x11\x15\x14\x13\x04\x15\t\x04\x07\r\x00\x06'

Networks/Web

  • Web applications 
  • Industrial Control Systems
  • Open Source Intelligence

 

Extremely broad, often see exploit development, cryptography, and forensics in web. 

 

Tools: 

  • Burp Suite
  • Kali Linux
  • WireShark
  • OWASP Zap

https://www.destroyallsoftware.com/talks/wat

[0x00000000]> w https://www.destroyallsoftware.com/talks/wat
[0x00000000]> pqs
 ▄▄▄▄▄▄▄     ▄   ▄       ▄▄    ▄▄▄▄▄▄▄  
 █ ▄▄▄ █ █▀▄▄▄█▄ ██▄  ▀▄▄▀█▄ ▀ █ ▄▄▄ █  
 █ ███ █ █▄▀ █ ▀█▄▀▀▀▀██ ▄▀█▀▄ █ ███ █  
 █▄▄▄▄▄█ █▀▄ ▄▀▄ ▄▀▄ █ █ ▄▀█ █ █▄▄▄▄▄█  
   ▄  ▄▄▄▄ ▀▄ ▄  ▀▄▀ ▀▀ ▀  ▀▀█▄ ▄▄▄▄▄   
 ▀▀ ▀██▄▀█▀█▄█▄███▀▀ ▄▀▀ ▄▀▀█ ▄█▀▄▀█▀█  
 ██▄▄█ ▄█ ▀██▀▄  ▄█▄▀ ▀▄▀▀ ▀█  ▄  ▄     
 ▀▀█ ▄▄▄▄▀███▄ █ ██▄█▄█ █ ███▀███ ▄█▄█  
 █  █▄▀▄ ▀█▀ ▄▀  ▄▀█▀█▄▀█▄ ▀▄▄▀█▀ ▀ ▀█  
 █▀  ▀▄▄▄▄▀▀█ ▄ ▄█▄▄ ▀  ▀█▄ ██▀█▀▄█▀ █  
 █▄  ▄▄▄██▄▄ █▄▄ ▄▄█▄ ▀▀█  ██▄ ▄▀ █     
 █ ▀██ ▄███▀▄▄ ██▄▀▀▀▄▀▀██  █▄▀▀█▄   █  
   ▄▀ ▀▄▄▄ ▀▀▄ ▄▄█▄ ▄▄  ▀█ ▀▀  ▄█ █ ▀▀  
 ▄▄█ ▄▄▄▀▄█▄▄  ▀ ▄▄█ ▀▀▀▄▄  █▀▄██▄▀▀ █  
 ▄▄ ▀██▄▄▄██▀▄▀█▄█▄██▀▄█▄█ ▀▀▄███▄▀     
 ▄▄▄▄▄▄▄ █▄▀█▀▄ ▀█▄█  ▄██▀▄█ █ ▄ ██▄▀█  
 █ ▄▄▄ █ ▀█▄  ▄ ██ █▀█▄▀█  ▀██▄▄▄█▀ ▀█  
 █ ███ █ ▄ █▀ █ ▄█▄ ▀█ ▄█▀▀ ▀█   ██▄▄█  
 █▄▄▄▄▄█  ██▄▀ ▀▄▄▀▄▄█▀█▄▄  ▀██▄▀▀█  ▄  
                                        
[0x00000000]>

POP CTF CHALLENGE

// What is the value of this in JavaScript?
{} - []
result: -0

Resources

Programming

- Python : Useful for everything

- C/C++ & ASM : Exploit & RE

- Golang & Rust 

- Web - JavaScript, PHP, etc. 

- Machine Learning: For working with data

Little reason to write in assembly, Lots of reasons to read assembly

  • Hackerrank - Great for learning languages fast and practicing your understanding of algorithms. Ex. functional programming, Regex, ML, Bash, C/C++, etc.)
  • Side Projects - Websites, Hardware, SDR, IOT, etc. 

CTFs

CTFs are a great way to learn and apply skills!

Where to start!

Classes

Cybrary - Red Team and Blue Team Cyber 

RPISEC-MBE - Intro to Exploit Dev.

ACES-Minor @UMD

pwn.college - Intro to cyber (and ctfs)

Graduate Degree: M. ENG and Computer Science

CMSC389R - Intro to Ethical Hacking

CMSC389J  - Intro to Reverse Engineering

 

Certifications: 

Certified Ethical Hacking

Offensive Security - OSCP

 

Open Source

Git____ is your friend!

 

CTF Writeups/Source Code

Metasploit

Wireshark

Nikto

NMap

Volatility

angr

Capstone - (not a school project)

BAP - Binary Analysis Platform

Many many more!

Books

  • Ghidra Book - Reverse Engineering

  • Practical Reverse Engineering

  • Practical Malware Analysis

  • Programming Linux Anti-Reversing Techniques

  • Black Hat Python - Development (Pen. Testing)

  • The Hacker Playbook 2 & 3 (Pen. Testing)

  • PoC || GTFO

  • Hacking the Art of Exploitation

  • Shellcoders Handbook

  • Grey Hat Hacking

  • Open Source Intelligence Techniques

Academia

- Research (Network with professors/faculty)

- ACES

- Cyber Security Specialization 

- M. Eng. in Cyber Security

- Breakerspace 

- Lots of open source projects are being run by universities as research projects. You can easily get involved by contributing to these projects. Features/Bug Fixes/Documentation are all encouraged!

Internships

NETWORK NETWORK NETWORK

Go to CSEC meetings & meet recruiters (they are here for you)

 

Pro tips -

Open conversation with... "I'm taking <some class title> and I really enjoyed this project on <topic like bufferoverflows>. Do you guys do stuff like that on the job?"

 

Ask... "What kind of training/learning opportunities do you have? I love to learn!"

 

Ask... "Whats the office culture like?" (You'll love your job if you love your coworkers)

Questions/Comments/Random

Thank you!

Made with Slides.com