Wanderings

Weekly Wanderings

Wed, 11 Feb 2026 00:00:00 GMT

what she explored this week

week 0x17

completed all shellcoding lectures and 2 levels of the same

week 0x16

completed all lectures of memory corruption and 2 levels of the same
2 lectures of shellcoding

week 0x15

got ret2.systems's wargame
completed chapter 0, 1, 2

week 0x14

did 2 challs from pwn.college rev section

week 0x13

did 15 challs from pwn.college rev section

week 0x12

completed hackaday's ghidra course

week 0x11

completed C course
wrote the blog post for making my first crackme -- medusa

week 0x10

started orange belt of pwn.college
completed 25 challenges from the same

week 0x09

working on x86-64 course from OST2

week 0x08

completed 4 challs from rev @ pwn.college
tried writing C code to XOR a file but failed

week 0x07

ELF files and information about them
completed GDB course from OST2

week 0x06

started back with c from beej's guide
did picoCTF rev chall - WinAntiDbg0x100

week 0x05

did few challs of pwn.college, stuck on the shellcoding part

week 0x05

did 10 challs of pwn.college of assembly crash course
did 3 chapters of C book

week 0x04

completed begin.re except the minesweeper challenge
did 7 levels of pwn.college asm crash course
solved 5 challenges from picoCTF in reversing section

week 0x03

completed basic static analysis from PMA book and all of it's labs

week 0x02

itsy bitsy of HTB CTF, couldn't play much
PMA book as usual
brought back my gitbook to life

week 0x01

pwn.college - program misuse 10 levels
practical malware analysis book - 50 pages - some windows API calls, understanding and identifying what makes a malware, a malware
developing with astro theme and some tailwind CSS

Making Medusa : My First CrackMe - Part 0x01

Sat, 19 Jul 2025 00:00:00 GMT

MAIN.C
PSEUDO-C
DISASSEMBLY
LAYERING
PROBLEMO
WHAT WE LEARNT

I had just started learning C and after completing few basics, I was looking for my first project to make. After thinking around, I landed on making a CrackMe challenge in C. Goal would be to start small, compile the binary, view the disassembly, view the pseudo-C code in IDA-Free and co-relate everything and move to adding more complexities.

GGs, that sounds fun! Lets code, shall we?

MAIN.C

First I wrote a simple main.c program--

#include  <stdint.h>
#include  <sys/mman.h>
#include  <string.h>

int  main()
{
	uint8_t  code  []  =  {0xB8,  0x42,  0x00,  0x00, 0x00,  0xC3}; // mov eax, 0x42; ret

	void  *mem  =  mmap(NULL,  1024,  PROT_READ  |  PROT_WRITE  |  PROT_EXEC,  MAP_ANON  |  MAP_PRIVATE,  -1,  0); // create a protected executable anonymous private memory region

	memcpy(mem,  code,  sizeof(code)); // copy the code to that region

	int  (*func)()  =  mem; // cast a function pointer and point it to mem

	int  result  =  func(); // execute the func() function and store the result in result variable

	return  result; // return the result which should be 66
}

Lets compile the program and view its pseudo-C code

gcc -m32 -fno-stack-protector -z execstack -no-pie -fno-pic main.c -o main

-m32 : Produces a 32-bit binary
-fno-stack-protector : Disables canary-based stack protection
-z execstack : Marks the stack as executable
-no-pie : Generates a binary with a fixed base address instead of randomized addresses (ASLR for PIE)
-fno-pic : Disables generation of position-independent code. Relevant mostly for shared libraries or PIEs.
main.c : Source file to compile.
-o main : Names the output binary main.

PSEUDO-C

int __cdecl main(int argc, const char **argv, const char **envp)
{
  int (*v3)(void); // function pointer that takes no argument

  v3 = (int (*)(void))mmap(0, 1024u, 7, 0x22, -1, 0); // calls mmap to allocate 1024 bytes of memory with read, write, and execute permissions
  *(_DWORD *)v3 = 0x42B8; // store 0x42B8 in memory
  *((_WORD *)v3 + 2) = 0xC300; // store next bytes (0xC300) with offset of 4 (2 WORDs)
  return v3(); // calls the function executing the code
}

DISASSEMBLY

and now its disassembly

; int __cdecl main(int argc, const char **argv, const char **envp)
public main
main proc near

; variables
var_1A= dword ptr -1Ah
var_16= word ptr -16h
var_14= dword ptr -14h
var_10= dword ptr -10h
var_C= dword ptr -0Ch
var_4= dword ptr -4
argc= dword ptr  8
argv= dword ptr  0Ch
envp= dword ptr  10h

; __unwind {
; stack frame setup
lea     ecx, [esp+4]
and     esp, 0FFFFFFF0h
push    dword ptr [ecx-4]
push    ebp
mov     ebp, esp
push    ecx
sub     esp, 24h

; call mmap to allocate executable memory and storing return pointer in var_C
mov     [ebp+var_1A], 42B8h
mov     [ebp+var_16], 0C300h
sub     esp, 8
push    0               ; offset
push    0FFFFFFFFh      ; fd
push    22h ; '"'       ; flags
push    7               ; prot
push    400h            ; len
push    0               ; addr
call    _mmap
add     esp, 20h
mov     [ebp+var_C], eax

; copy machine code to allocated memory
mov     eax, [ebp+var_C]
mov     edx, [ebp+var_1A]
mov     [eax], edx
movzx   edx, [ebp+var_16]
mov     [eax+4], dx

; prepare and call the function
mov     eax, [ebp+var_C]
mov     [ebp+var_10], eax
mov     eax, [ebp+var_10]
call    eax

; return the result and clean the stack
mov     [ebp+var_14], eax
mov     eax, [ebp+var_14]
mov     ecx, [ebp+var_4]
leave
lea     esp, [ecx-4]
retn
; } // starts at 8049166
main endp

_text ends

LAYERING

Now that we have seen code in all three forms, let's add some layers. I wrote another file validate.c--

#include  <stdio.h>
#include  <string.h>
int  validate(const  char  *input);  
int  main()
{
	char  input[64];
	scanf("%63s",  input);
	if  (validate(input))
	{
	printf("Correct!\n");
	}
	else
	{
	printf("Wrong!\n");
	}
	return  0;
}  

int  validate(const  char  *input)
{
	const  char  *flag  =  "pwning-since-1337";
	int  i  =  0;
	for  ( ; ;  i++)
	{
		unsigned  char  a  =  (unsigned  char)input[i];
		unsigned  char  b  =  (unsigned  char)flag[i];
		if  (a  !=  b)
		{
			return  0;
		}
		if  (a  ==  0)
		{
			return  1;
		}
	}
}

I compiled it again and this time we extract just the raw instruction bytes of validate part of the code

objdump -M intel -d validate | awk '/<validate>:/,/^$/' | awk '/^[[:space:]]*[0-9a-f]+:/ {for(i=2;i<=10;i++) if($i ~ /^[0-9a-f][0-9a-f]$/) printf "0x%s, ", $i} END {print ""}'

(thanks chatGPT).

which now we will be XORing with a key (0x1337) using python--

def  xor_encrypt(buf:  bytearray,  key:  int)  ->  None:
	key_bytes =  [key &  0xFF,  (key >>  8)  &  0xFF]
	for i in  range(len(buf)):
	buf[i]  ^=  key_bytes[i %  2]

validate_bytes =  [
0x55,  0x89,  0xe5,  0x83,  0xec,  0x10,  0xc7,  0x45,  0xf8,  0x1d,  0xa0,  0x04,
0x08,  0xc7,  0x45,  0xfc,  0x00,  0x00,  0x00,  0x00,  0x8b,  0x55,  0xfc,  0x8b,
0x45,  0x08,  0x01,  0xd0,  0x0f,  0xb6,  0x00,  0x88,  0x45,  0xf7,  0x8b,  0x55,
0xfc,  0x8b,  0x45,  0xf8,  0x01,  0xd0,  0x0f,  0xb6,  0x00,  0x88,  0x45,  0xf6,
0x0f,  0xb6,  0x45,  0xf7,  0x3a,  0x45,  0xf6,  0x74,  0x07,  0xb8,  0x00,  0x00,
0x00,  0x00,  0xeb,  0x13,  0x80,  0x7d,  0xf7,  0x00,  0x75,  0x07,  0xb8,  0x01,
0x00,  0x00,  0x00,  0xeb,  0x06,  0x83,  0x45,  0xfc,  0x01,  0xeb,  0xc1, 0xc9,
0xc3

]

data =  bytearray(validate_bytes)

xor_encrypt(data,  0x1337)

print("Encrypted:",  ', '.join(f'0x{b:02x}'  for b in data))

Now we update our C code to look something like this--

#include  <stdint.h>
#include  <sys/mman.h>
#include  <string.h>
#include  <stdio.h>

void  xor_decrypt(uint8_t  *buf,  size_t  len,  uint16_t  key);

int  main()
{
	char  input[64];
	printf("WELCOME TRAVELLER, SPEAK THY SHAN'T BE STONED: ");
	fflush(stdout);
	if  (scanf("%63s",  input)  !=  1)
	{
		return  1;
	}
	
	uint8_t  code[]  =  {0x62,  0x9a,  0xd2,  0x90,  0xdb,  0x03,  0xf0,  0x56,  0xcf,  0x0e,  0x97,  0x17,  0x3f,  0xd4,  0x72,  0xef,  0x37,  0x13,  0x37,  0x13,  0xbc,  0x46,  0xcb,  0x98,  0x72,  0x1b,  0x36,  0xc3,  0x38,  0xa5,  0x37,  0x9b,  0x72,  0xe4,  0xbc,  0x46,  0xcb,  0x98,  0x72,  0xeb,  0x36,  0xc3,  0x38,  0xa5,  0x37,  0x9b,  0x72,  0xe5,  0x38,  0xa5,  0x72,  0xe4,  0x0d,  0x56,  0xc1,  0x67,  0x30,  0xab,  0x37,  0x13,  0x37,  0x13,  0xdc,  0x00,  0xb7,  0x6e,  0xc0,  0x13,  0x42,  0x14,  0x8f,  0x12,  0x37,  0x13,  0x37,  0xf8,  0x31,  0x90,  0x72,  0xef,  0x36,  0xf8,  0xf6,  0xda,  0xf4}; // encrypted xor
	
	void  *mem  =  mmap(NULL,  1024,  PROT_READ  |  PROT_WRITE  |  PROT_EXEC,  MAP_ANON  |  MAP_PRIVATE,  -1,  0); // create a protected executable anonymous private memory region
	
	memcpy(mem,  code,  sizeof(code)); // copy the code to that region
	
	xor_decrypt((uint8_t  *)mem,  sizeof(code),  0x1337); // decrypt mem in runtime (use sizeof code as we only need to decrypt that many bytes)
	int  (*validate_func)(const  char  *)  =  mem; // cast a function pointer and point it to mem
	
	int  ok  =  validate_func(input);
	
	puts(ok  ?  "YOU ARE SAVED TRAVELLER, YOU MAY PROCEED!"  :  "YOU GOT STONED BY THE MEDUSA!");
}

void  xor_decrypt(uint8_t  *buf,  size_t  len,  uint16_t  key)
{
	uint8_t  key_bytes[2];
	key_bytes[0]  =  key  &  0xFF; // lower byte
	key_bytes[1]  =  (key  >>  8)  &  0xFF; // upper byte
	for  (size_t  i  =  0;  i  <  len;  i++)
	{
		buf[i]  ^=  key_bytes[i  %  2]; // alternate between lower and upper byte
	}
}

PROBLEMO

But there comes a problem, no matter what I entered, wrong flag or right flag, It would always give me "YOU GOT STONED BY THE MEDUSA!" What went wrong, after pondering and tinkering I realised that the flag pwning-since-1337 would be stored in .rodata and there would be no way to access it in validate's function.

We need to write self contained function which has the pwning-since-1337 itself. So we just make an local array, easy-peasy-lemon-squeezy!

Here is our updated validate-self-contained.c--

#include  <stdio.h>
#include  <string.h>

int  validate(const  char  *input);

int  main()
{
	char  input[64];
	scanf("%63s",  input);
	
	if  (validate(input))
	{
		printf("Correct!\n");
	}
	else
	{
		printf("Wrong!\n");
	}
	
	return  0;
}
  
int  validate(const  char  *input)
{
// Store the flag as a local array, not as a pointer to a string literal
const  unsigned  char  flag[]  =  {
'p',  'w',  'n',  'i',  'n',  'g',  '-',  's',  'i',  'n',  'c',  'e',  '-',  '1',  '3',  '3',  '7',  0};

int  i  =  0;
while  (1)
{
	unsigned  char  a  =  (unsigned  char)input[i];
	unsigned  char  b  =  flag[i];
	if  (a  !=  b)
	{
		return  0;
	}
		
	if  (a  ==  0)
	{
		return  1;
	}		
	i++;
}
}

Compile. Extract. XOR. Same yadda yadda process and lets hit run! yipeee, it is working!

We now have a simple working CrackMe.

WHAT WE LEARNT

we can create a executable region in memory from which we can execute code
how to alternatively use key's both bytes to XOR
the data or our flag was stored in .rodata hence we needed to make it local

In next post, we will be adding more layers to this, see you soon pwners : D

PMA - 0x02 - Basic Techniques

Sat, 01 Mar 2025 00:00:00 GMT

Static Analysis
Malware Analysis in Virtual Machines
- Introduction
- Structure of Virtual Machine
Basic Dynamic Analysis

Static Analysis

Antivirus Scanning

Running it through multiple antivirus which may have already identified the malware, although they are not perfect
They rely on identifiable pieces of suspicious code (file signatures) and behavior/pattern matching analysis (heuristics)
Virustotal is great help here as it runs the malware through multiple antivirus systems

Hashing : Fingerprinting a malware

Hashing is common method where you run the malware through hashing programs
They use algorithms such as MD5 or SHA-1 to produce unique hash (fingerprint)
Hash then can be used as label or sharing it to other analyst to identify the malware or see if it has been already identified

Finding Strings

Strings can be great method to find texts within the malware
ASCII and Unicode format are used to store strings
They store by characters in sequence and ending with a NULL terminator to indicate that string is complete
ASCII uses 1byte per character while Unicode uses 2bytes per character

Sometimes if strings program identifies a sequence of characters which end with null terminator, it might think of it as string while it could be just some CPU instruction or memory address

Packed and Obfuscated Malware

Obfuscated malware are the one whose execution are hidden
Packed malware is subset of obfuscated malware where the program is compressed making it harder to analyze
When packed program is ran, a small wrapper program, it de-compresses the packed program and then executes unpacked program
When packed program is analyzed statically, only wrapper program can be dissected

Packers can be detected using software such as PEiD
Packed program must be unpack so that we can analyze it

Portable Executable File Format

PE format is used by windows executables, object code and DLLs
It contains necessary information for the Windows OS loader to manage the wrapped executable code
PE files begin with a header that includes information about the code, type of the application, required library functions and space requirements

Linked Library and Functions

Imports are function that are used by program whilst they are stored in another program, such as code libraries that contain common functionality which are connected by linking
Code libraries can be linked statically, at runtime or dynamically
Static linking is not used often although it’s common in UNIX programs
When code is statically linked, all the code from the library are copied to our main executable making it grow in size which makes analyzing code harder
Runtime linking is commonly used in malwares especially when it’s obfuscated or packed
Some linked functions can be imported without being listed in program headers like LoadLibrary, LdrGetProcAddress , LdrLoadDlland GetProcAddress
Dynamic linking is the most common method of linking, where OS searches for all necessary linked libraries when the program is loaded
Libraries used and called are very important for us to understand what the program does
Functions can also be imported by ordinals making it harder for us to analyze
Below are some common DLLs

Ex is a suffix used when the function is updated by Microsoft
A and W appearing at the end is extra information about suffix which doesn’t appear in actual documentation and is just there to tell us that function accepts ASCII string and word respectively
Like imports, there are also exports, which are functions exported by programs so that other programs can import and utilize them, these are most common in DLLs

PE File Headers and Sections

.text section contains instructions code that CPU will execute
.rdata section contains information about imports and exports, storing read only data
.data contains global data accessible from anywhere in the program
.idata stores data about import functions, usually not present
.edata stores data about export functions, usually not present
.pdata present only in 64bit applications storing exception-handling information
.rsrc contains other data such as icons, images, menus and strings
.reloc contains information about relocation of library files

Some Tips and Trivia

All Delphi programs use compile time of June 19, 1992
Virtual size (space allocated for section during loading) and raw data (how big section is on disk) should be equal (small differences are fine), if they aren’t that means it’s a packed program

Malware Analysis in Virtual Machines

Introduction

One can analyze malware in either physical machine or virtual machine.
Physical machine gives advantage of malware behaving the same was as intended though as it is on air-gapped network malware communications with internet might be hampered
Virtual machine solves this but there is possibility that malware might behave differently on virtual machine than physical one making analysis hard

Structure of Virtual Machine

A virtual machine is computer within a computer, allowing complete isolation of virtual machine from host machine

Using host-only network is common practice in VMs for malware analysis

Taking snapshots is important before you analyze any malware so you can return back to original state once you are done with your work

Basic Dynamic Analysis

Introduction

Dynamic analysis is performed after we have exhausted our static analysis
It allows us to observe actual behavior of the malware
It is important to know how to run a malware if you want to perform dynamic analysis. Quite often it can be simple as double clicking the exe
DLLs might be hard to run, there is tool called rundll32.exe which comes with all modern version of windows which has following syntax rundll32.exe DLLname, Export Arguments. Where Export value must be a function name or ordinal selected from exported function table in DLL which can be viewed using tools such as PEBear etc. Example syntax for both would be rundll32.exe mal.dll, install or rundll32.exe mal.dll, #5 where install is the export function name and #5 is the ordinal number prepended with #
Malicious DLL quite often run their code in DLLMain (called from the DLL entry point) and as DLLMain is executed when DLL is loaded, we can force DLL to load via rundll32.exe to get information out of it
One can also modify the PE header of DLL and change the extension and force windows to load DLL as EXE. To modify that, wipe the IMAGE_FILE_DLL (0x2000) flag from the characteristics field in the IMAGE_FILE_HEADER , thought it might cause malware to crash or terminate but as long as the changes cause malware to execute it’s payload, we are good to go.
DLL malware may also be needed to install as service with following syntax rundll32.exe mal.dll, InstallService *ServiceName* and then to start the service net start *ServiceName*
When there isn’t a export function such as Install or InstallService in the DLL, we may need to manually install the DLL as service via either Windows sc command or modifying the register for unused service and then using net start on that service. The service entries are located in HKLM\SYSTEM\CurrentControlSet\Services

Monitoring With Process Monitor

Process monitor or procmon is powerful tool to monitor certain registry, file system, network, process and thread activity although it should not be usually use to log network activity as it is inconsistent throughout windows versions.
Procmon can monitor all system calls as soon as it is ran making it impossible to look through all of them as they are over in thousands and it may crash our virtual machine, so it is advised to load it up, stop capturing, clear the events and capture for few minutes once you load the malware.

Promon Display

Lets have a look at example where malware mm32.exe creates a file called mw2mmgr.txt at sequence number 212 using CreateFile . The word success in result column tells that operation was successful.

Filtering in Procmon

One can also filter on individual system calls such as RegSetValue, CreateFile, WriteFile, or other suspicious or destructive calls.
Filtering is only for visual purposes, all data is still being recorded

Some of the important filters
- Registry : By examining registry operations, you can tell how a piece of malware installs itself in the registry.
- File system : Exploring file system interaction can show all files that the malware creates or configuration files it uses.
- Process activity : Investigating process activity can tell you whether the malware spawned additional processes.
- Network : Identifying network connections can show you any ports on which the malware is listening.
If your malware runs at boot time, use procmon’s boot logging options to install procmon as a startup driver to capture startup events

Viewing Process With Process Explorer

Process Explorer shows process in tree format listing child and its parent process.

Using the verify option

Verify button on image tab checks if the image on disk is microsoft signed binary or not
This process happens on disk rather than in memory, so it is rendered useless if attacker uses process replacement which involves running a process on the system and overwriting its memory space with malicious executable providing same privileges as the process it is replacing

Comparing Strings

One way to recognize process replacement is to compare strings between the memory and disk version of executable

Using Dependency Walker

Process Explorer allows launching of depends.exe (Dependency Walker) by right clicking a process
It also allows you to search for Find Handle or DLL which is useful when you want to know if a particular malicious DLL is being used by any running process or not

Analyzing Malicious Documents

One can also open malicious PDF or word documents and see if any process are being created when opening them to see if they are malicious or not

Comparing Registry Snapshots with RegShot

To use regshot, first take 1st shot, run the malware and then take 2nd shot and then we can compare what changes had been done

Faking a Network

Malware often communicates back to their C2 server, to get this data we need to setup our VM appropriately and not make it realize that its in virtual environment

Using ApateDNS

ApateDNS spoofs DNS response to user specified IP address by listening on UDP 53

Monitoring with netcat

Lets use ApateDNS to get malware to send its request our localhost, we can then use nc for listening to connections before cutting off the malware
Malware often use port 80 and 443 for communication as they aren’t blocked or monitored for outbound connections

Packet Sniffing with Wireshark

To use wireshark to view contents, right click any TCP packet and click “Follow TCP stream”

To capture packets, just click Capture→ Interfaces and select the interface

Using InetSim

InetSim provides fake services, allowing you to analyze the network behavior of malware
It also handles all requests given to it appropriately without throwing a 404

PMA - 0x01 - Malware Analysis Primer

Fri, 28 Feb 2025 00:00:00 GMT

Malware Analysis Primer

Goals of Malware Analysis

To determine what exactly has happened to ensure that you’ve located all infected machines and files and then develop signatures (host and network)
Types of signatures
- Host based are used to detect malicious code on victim computers by identifying created or modified files by malware
- Network based are used to detect malicious code by monitoring network traffic
Finally we figure out how the malware works

Malware Analysis Techniques

Types of techniques
- Static Analysis
  - Examining the executable
  - Reverse engineering the malware’s internals by disassembling it and looking at it’s instructions
- Dynamic Analysis
  - Running the malware and examining its behavior in order to remove it’s infection and create signatures
  - Quite often we use debugger to understand how malware is being
Types of Malware
- Backdoor —> Malicious code that is installed and allows attacker to gain access to local system with little or no authentication
- Botnet —> Similar to backdoor but it allows attacker to send command from a central command-and-control (C2) server
- Downloader —> Malicious code which downloads additional malicious code
- Information stealing malware —> Malware which steals sensitive data from victim’s computer and sends it to attacker
- Launcher —> Used to launch other malicious programs
- Rootkit —> Code designed to hide other malicious programs
- Scareware —> Designed to frighten the user into buying “software”
- Span-Sending Malware —> Sends spam allowing attackers to generate income by that process
- Worm or Virus —> Code that can copy itself and infect additional computers
Tips and Tricks
- Focus on key features rather than dissecting every details as malware is a complex piece of software
- Try analyzing malware with different approaches and angles using different tools, don’t get stuck on one
- Recognize, understand and defeat the new and approaching techniques written by malware authors on the fly

Init How to Hack

Tue, 01 Sep 2020 00:00:00 GMT

#init how to hack

We all saw this, black hoodie, green text on the screen, and what not and after a second the person says “i’m in”. Well, hold your horses and your computers, that is not actual hacking. well in a sense, you could wear a black hoodie and have a black and green terminal and sit in dark and wear a mask and stare at your screen, but you might hurt your eyes and your mum might yell at you. mine did, so just a warning!

Well enough of that Let’s have a look into what the hacking means; hacking is the process of finding a vulnerability in a system, and then exploiting that vulnerability to gain something you wouldn’t otherwise have. a vulnerability can be a mis-configuration, an error, or improper use of existing functionality. the exploitation is the method you use to access that vulnerability. you then get something in return — say, more access, or a list of passwords, or simply a crash in the system.

Whoa, wait, wait, what’s this?

Well, that’s just a technical definition, to put it in simple terms — to make things work they are not supposed to! Did you find a way to open coca-cola without the opener? congrats, you *hacked *it! yay! p.s — i am not sponsored by coca-cola :D or am i? (vsause theme plays)

Hacking is generally assumed to be hitting keys on your keyboard but it’s not just that, it’s reading code, documentation, researching, and well lots of reading! It’s thinking out of the box.

Now that we know what actual hacking is, let’s dive deeper into it! hacking is a really broad term. numerous things come under it, like really a lot of stuff, you can get lost in it, if you just go here and there and look and try out things without knowing what to do and what to learn, it can be overwhelming and you might get disheartened. have a look at this image which briefly covers the network of cyber security.

image courtesy : linkedin

whoa whoa, that’s a lot and it’s not green text :p

well, it’s okay if you don’t know any of these terms, trust me you will learn, just be curious and ask the right questions! well, how do i ask the right questions? ask questions first, don’t be afraid to ask, you will realize which questions are wrong and which are right, but the important part is to ask.

there are only two things you need to be good hacker; will to learn and curiosity

okay, i got that much! now what?

warning : you might read some terms now which you never heard before, don’t stress out, google about them, see if it vibes with what you love, and learn googling, it’s a really important skill!

no one knows everything and in cyber-security where the amount of data is being increased every day, you won’t know everything. so don’t be ashamed to google stuff if you don’t know stuff or if you just forgot something.

well now let’s have a look at what are major domains there in information security

1. security engineer. — this includes network designing, security architecture design, and review, cloud security, secure application development. so basically making secure stuff

2. security operations — this domain mainly includes all the operations right from the prevention of cyber attack to dealing with as well as eradicating it.

3. threat intelligence — the people in this domain are cyber threat analysts and they have immense knowledge of information security as well as knowledge in networking administration.

4. risk assessment — here is the spicy part which you mostly see, the red teaming(attacking) and blue teaming(defense)

5. governance — it’s basically like the government which sets and controls laws, administration, auditing, etc, it comprises of auditing, laws, policies and procedures, compliance, etc

well okay, i understand who are hackers and what roles they have, but why do we need them? well, we are humans, we progress and we make mistakes, no one or nothing is perfect. there will be flaws and imperfections. that’s where hackers come into the picture, we protect systems, we test systems to know where the flaws are, we govern the networks, we architect them, we find information, we use it. we are anon…um we are hackers.

this is why we need people who will secure the device or browser which you are reading this article on. but wait, i heard there are bad people too, who use the knowledge of hacking for their benefits, those are called unethical hackers, who do things without anyone’s permissions and then there is a nice part which is ethical hacking, people who do ethical hacking are called ethical hackers and they prevent and test systems so that unethical ones won’t be able to bring your systems down. there is also a spectrum which might help you understand a bit better

image courtesy: spectrum

so i got that much, but how do i proceed? where are the resources? how do i do this and that? how do i learn is there like a road-map? well yes but no! there is no definitive road-map here, as i said the industry is constantly evolving and growing and moving, so things change. but! yes, there is a but! but, you can start in this way, which i found helpful and easy to grab things onto. let’s have a look at what you might need to get started.

networking:

everything is connected, so you must know how things work and how data is being transferred from one place to another, what is ip and mac, and what is that and this. it will show you a new perspective to look at the world and the internet. you can pick up any good resource love, i found professor messer’s network+ to be a good start, you don’t have to give the exam if you don’t want to but learn and always keep on learning. some people did find it too long or over the top for learning security, so i have linked one more small youtube playlist which will work decently good.

link: network+ & link: playlist

linux:

now, wait, what is linux again? that penguin? well, it’s technically a kernel but let’s not get into technicality. if you are going to hack, you will eventually end up at a terminal, a window with nothing but text, and getting familiar with it helps, master it! linux journey takes you from basics to good enough understanding of linux fairly well. so install a virtual machine and get set go! wait after completing the article maybe.

link: linux journey

a programming language:

now, i know i said we were hacking, so why do we even need to learn to program? well to break something you must understand how it is built. don’t be scared we don’t need to learn every language out there, just learn one and you can move the concepts and knowledge from there to another. so which one should i start with? i found python to be a real good start. it’s easy to get hold of and you can make fun tools and projects with it (maybe i am making one, just maybe). i found the book automate boring stuff with python a real good resource to learn. it takes you from no knowledge about programming to good enough that is needed. i also suggest learning bash for good automation, why? because automation is fun and it reduces the time needed for our tasks

link: automate boring stuff with python, bash guide (basics), shell script (little advance)

practical:

now that you know the basics and fair enough, it’s time to play and gamify your hacking. there are resources like hack the box(htb) and try hack me(thm) which let you test your skill and much more! what and how they work? well, i’ll leave the introduction of them to themselves! thm and htb feels a little overwhelming to me to directly dive into, so i suggest to try out overthewire first and then picoctf, again you will know what they are when you visit their respective websites i suggest the order as otw and parallelly picoctf then thm then htb.

once you feel comfortable sprinkle in ctfs in between from ctftime

link: overthewire, tryhackme, hackthebox, picoctf, ctftime

phew, that was a lot!

wait, wait i forgot (not actually) a really important thing! communities!! yes, get into a community, a discord server, or a telegram group or irc or whatever you love! even if you don’t understand anything, in the beginning, you will! you will learn and improve and you will fail too, but that’s the proof that you are trying. so start getting active into communities! and don’t get into rabbit holes of certification. the important part is to keep learning and growing and asking questions! also a tip, that you don't have to learn this one by one, you can learn parallely too, which in my opinion is better as you don't get a burn out i have mashed up all resources and much more interesting stuff into a sweet github repository called pandora and along with that a supplementary gitbook — texts of athena

have a look ^^

special thanks to my fellow friends for encouraging and helping me with the article-

thewhiteh4t shane jiab77 starry-lord aditya

and oh, if you want to reach out to me, feel free to do so at avantika(@iamavu)

get set and pwn and happy hacking :D

references :

https://netsec.ws/?p=468#more-468

https://netsec.ws/?p=536#more-536

https://docfate111.github.io/cybersecclub/roadmap.html

https://medium.com/@rana.miet/information-security-what-why-how-462a1ae8fa61

https://computersciencems.com/resources/cyber-security/cybersecurity-for-beginners-50-resources-to-get-you-started

https://medium.com/@tarun.n/cyber-security-for-beginners-5936020f91d6

google

Wanderings

Weekly Wanderings

what she explored this week

week 0x17

week 0x16

week 0x15

week 0x14

week 0x13

week 0x12

week 0x11

week 0x10

week 0x09

week 0x08

week 0x07

week 0x06

week 0x05

week 0x05

week 0x04

week 0x03

week 0x02

week 0x01

Making Medusa : My First CrackMe - Part 0x01

Table Of Contents

MAIN.C

PSEUDO-C

DISASSEMBLY

LAYERING

PROBLEMO

WHAT WE LEARNT

PMA - 0x02 - Basic Techniques

Table of Contents

Static Analysis

Antivirus Scanning

Hashing : Fingerprinting a malware

Finding Strings

Packed and Obfuscated Malware

Portable Executable File Format

Linked Library and Functions

PE File Headers and Sections

Some Tips and Trivia

Malware Analysis in Virtual Machines

Introduction

Structure of Virtual Machine

Basic Dynamic Analysis

Introduction

Monitoring With Process Monitor

Promon Display

Filtering in Procmon

Viewing Process With Process Explorer

Using the verify option

Comparing Strings

Using Dependency Walker

Analyzing Malicious Documents

Comparing Registry Snapshots with RegShot

Faking a Network

Using ApateDNS

Monitoring with netcat

Packet Sniffing with Wireshark

Using InetSim

PMA - 0x01 - Malware Analysis Primer

Malware Analysis Primer

Goals of Malware Analysis

Malware Analysis Techniques

Init How to Hack

#init how to hack

there are only two things you need to be good hacker; will to learn and curiosity

networking:

linux:

a programming language:

practical: