Hello all!

I want to get started by sharing with you guys, why I want to start this blog.

This article is addressed to every one of you, who uses a mobile phone, internet (so everyone :P) to understand the current situation of Security and how we can respond to it.

Reason 1:

I started my journey in the security field an year ago, through a workshop I attended in college. . I was too excited about this after the workshop. I started exploring!. Over a period of 1 year, I was able to make note of these 3 issues as I dug deeper .

Issue 1: Inadequate resources for beginners to start off.

I found a huge number of blogs, resources and books which discuss various aspects of security in good detail, but a very few resources which can be read, understood and enjoyed by beginners. It took a lot of time to understand stuff and apply them in the right manner by reading them online, following books like Shellcoder’s Handbook etc.,

When we conducted the Summer Mentorship Program on what is known as Reverse Engineering for our juniors, I got the same complaint “There are not enough resources on the net”.

Even if there are resources (say ) on Malware Analysis, many of them focus on “how to use a particular tool” than the techniques used to analyze a given sample. A simple example of why this approach is not effective is, the set of tools used to analyze Windows malware is different that those used to analyze Linux Malware(Windows and Linux are 2 different Operating Systems). So, the techniques are the ones which we should catch hold of, because tools and frameworks used keep changing, and as new malware enter the wild, learning those core techniques become more important than “how to use the tools”.

There are resources which teach “hacking” using Kali Linux. Kali Linux is an amazing Linux flavor build just for Security folks. It has readymade tools and exploits available, with just a click of a button, we can attack a computer or a network. These resources teach how to use the tools and “exploit” a particular system. But think about it, if there is a vulnerability is a system and it is found out, then it is patched immediately. Suppose you find out a critical security hole , but there is no exploit readily available in Kali. What do you do??

So, the right way to approach this problem is by learning how to develop exploits rather than just learning how to use a readily available one.

Issue 2: Lack of awareness among us.

I have noticed that not many people are interested in Reverse Engineering, Network Security, Forensics etc., and the major reason being many of them unfortunately don’t know what Computer Security is, what it deals with and how important it is to a common man. It is not only an interesting field, but also a field where one holds high responsibility.

Mcafee released a report on the Shortage of the Cybersecurity skills in the world. The study predicts 1-2 million cybersecurity positions unfilled by 2019.

One of the reasons for this is, the undergrad students are not even trying to explore this field. Even if they get started, issue 1 is a major factor which will stop them from moving forward. And the undergrad curriculum followed in most colleges do not have adequate number of courses on this subject. This makes things even worse.

Issue 3:

We like writing code, and one which performs the best - most efficient code. This is very important while building a system and there cannot be any compromises on the efficiency of code. But, most of us are not aware that most of these systems are deployed on the internet , are under constant attacks by the bad guys. So, along with writing efficient code, we have to write most secure code also. But most of us are not aware of what makes a piece of code “non-secure” and “secure”.

I strongly feel it is time to start educating people about this field, the stuff it deals with and (unfortunately) advertise the huge amount of opportunities one has in this field . The developers who write software should be aware of those very simple and unimaginable mistakes that will get the software or the system pwned.

Reason 2: I wanted to start writing about what I explored.

I felt that I have to start recording the stuff I read about, the new things I learn, because a lot happens in college and I would love to make note of them and share it with you guys.

Conclusion:

I hope it has given some insight on current skill shortage in this field. I hope some of you realize the scenarios presented above, and take some action regarding this!

I will start off with my blog by addressing the first issue of Reason 1. I will be starting off with Reverse Engineering and Binary Exploitation tutorial series on Linux Operating System, which starts with what very basic things like how a C/C++ program is converted into an executable file(.exe file) is, it’s internal structure and probably go till introduction of different exploitation methods.

Anyone who has a computer and a bit of experience in C programming, and mainly interest can easily follow this series. The whole idea of this series is to introduce important security concepts and techniques to beginners.

That’s it for now. Thank you guys for reading!

PS:

Link to the Mcafee Report.