In our previous blog in the series, “5 DIY Cyber Security Skills Every IT Professional Needs to Master,” I discussed the importance of nmap as a critical command line toolthat improves network visibility and overall security. Today, I’ll cover some concepts related to translating coding and programming structures.
Being a resident cyber handyman isn’t easy. Not only are you often asked to accomplish what’s beyond your skill range, many times you don’t have proper resources to complete the task. Basic programming skills can help close the gap, but it is no simple task. For a cyber handy man or woman, it’s often hard to figure out where to start. Every other month I change which language I’m going to attack the hardest, then a month later it changes. Fortunately, I have a solid understanding of coding concepts, which makes jumping around languages relatively easy.
Here’s an example of why understanding programming is useful. Years ago, I was heading up a small incident response shop in the Army, and we lacked sufficient funding for tools and other necessary resources. Still, we created forensic machines out of spare parts and used open source everything to get the job done. I learned a bit of batch scripts and wrote one for volatile data collection during incident response. About a week after I finished and tested the script, we got a call of a potential attack in progress. Low and behold, my crazy little script worked! I reduced the time on the box and the need to fool around with commands.
Before I describe this short list of coding concepts, here are a few reasons why they are important:
- Scripts – If you can automate something with a script, do it. Life will become easier
- Mods – Perhaps code exists, which you can modify for your use (if you understand it)
- Awareness – If you’re testing an exploit, you should have an idea what it’s going to do before you run it
It must be noted that languages have different names for the same object or structure type. For example, in Python, arrays are called lists, and “else if” is “elif”. Remember to understand the concept, and when you look at a language make sure you understand its lexicon.
In simplest terms, variables are placeholders for data. They can represent different values (numbers, strings, etc.). These make programs way more flexible. Here is an example:
Probably my favorite structure, loops allow you to repeat an action until some criteria is met. FOR loops and WHILE loops are probably the most common types. These are two simple examples, but they describe how each works:
- FOR every <IP Address> in this <list of IP Addresses> check if port 22 is open
- WHILE <result of ping> is FALSE, keep the <ping> going
And, Or, If, Else if, Else
This logic helps make decisions based on some criteria. Though each has a different purpose, the resulting code depends on the result of the logic being TRUE or FALSE. The logic works much like philosophical logic (here’s to you, Aristotle):
IF your age is less than 18: you cannot buy tobacco you cannot buy alcohol ELSE IF your age is less than 21 AND greater than or equal to 18: you can buy tobacco you cannot buy alcohol ELSE: you can buy tobacco you can buy alcohol
It’s worth remembering some truth table basics here. Unless it’s an “exclusive OR” (save that for another day), the result is TRUE is either side of an OR is true as well as if both sides of the OR are true. Also make note how we can control many different potential outcomes with the IF, ELSE IF, ELSE logic. We can keep adding ELSE IF statements (however after a certain point it’s not the most efficient way).
Arrays/lists allow you to store multiple values in one location. There are a lot of things that can be done with arrays, and most languages have some built-in methods to define and append arrays. For example, the ages of people reading this blog may look like this:
Methods are specific pieces of code that can be executed on a certain object type. For example, an array may have methods to get an average, return the number of items, or add and remove items. Here’s a Python example of adding the age if a new person reads this blog.
These are what make programs so flexible. If you have a task that may need to be repeated, write a function to do so. Functions (normally) take some sort of input passed to it, then provide something as a return. Functions can be written for almost anything, and the beauty is if you pass the correct types of data to it, you can reuse that function anywhere. Here’s a Python example of sorting the ages in our list:
These are the basic building blocks of programs. With this understanding of code, you can write simple scripts/programs to do many different things. My suggestion is to read code with the sole intent of trying to understand its functionality. Read different languages. If you can, get simple programs and modify them.
We hope this blog on coding and programming structures has given you a bit better understanding of this topic. When you can combine the basics of coding with a solid understanding of the command line, you’ll give yourself the ability to automate a lot tasks (including analysis) without having to depend on a graphic user interface (GUI). Coincidentally, leaving the GUI behind is where we’ll pick up next time in our blog series. In the meantime, you can learn more about our cyber security training courses and services.
Matt Kuznia is senior associate at Delta Risk LLC, a Chertoff Group Company that offers managed security services. You can follow him on Twitter for his latest #cyberhandyman tips and tricks. Read more Delta Risk LLC blogs here.