DaemonForums  

Go Back   DaemonForums > Miscellaneous > Programming

Programming C, bash, Python, Perl, PHP, Java, you name it.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 6th May 2017
beiroot beiroot is offline
Shell Scout
 
Join Date: Sep 2016
Posts: 86
Default Adventure with security, C and computers in general

Dear Community,
Please help. I have this adventure I need to go on.

I would like to move on with my knowledge in IT security towards such goals: write secure code, find bugs in kernel, protocols, software, exploit them.

My specific goal is to learn C (and perhaps some ASM).

My general goal is to get a better understanding of how computers work. Anything from physical hardware, through kernel, operating systems, protocols up to the application level. Not that I don't know any of that stuff, but I want to be five again. Knowing how stuff works makes my inner child happy and I'm more that sure, it helps in every aspect of IT.

And my journey is not specific-skill-to-market-oriented, I always wanted to do that, but never had guts to keep moving on (there were other things in life that kept me postponing this + my god damn procrastination). For me, it's a matter of a lifetime journey rather than skills needed to move from job A to job B.

Why I chose you to join me on this journey? According to what Henning said in this article:
"not knowing very much C has its advantages" and "OpenBSD is the best community to learn C". But I'm addressing this to a wider group since although I've been here only for a short time, from the quality of posts on this forum, I know you're the people I should be asking this.

I did my job browsing through the forum (Programming, General software and network, General Hardware, Book reviews, Guides and Off-Topic) and found this threads useful:

http://daemonforums.org/showthread.php?t=8124
http://daemonforums.org/showthread.php?t=2521
http://daemonforums.org/showthread.php?t=2746
http://daemonforums.org/showthread.php?t=5361

...along with many other articles/posts online.

I think I know some of the answers, but I'd like to hear your opinion and advice.

I hardly know any C or details on how computers work, but I want to learn it the proper way. Only from materials worth reading and repeating. I'd like to acquire as broad security-oriented knowledge as I can in the shortest time possible. It's not that I'm impatient wise guy, but I rather need something to inspire me for lurking moar and finding my spot! Think of it as a bootcamp -
short and intensive. Security is the leitmotiv and C is the main exercise

My type of learning could be compared to climbing the highest mountain to see what's on the horizon and choose a place to go. All I need is path to follow and a mentor to ask for directions. I start late, so I don't have time to make mistakes, but believe me I am a humble student and I treat this adventure as a lifetime journey.

So, can you join me on this journey? From what I saw browsing through this forum, there are other padawans like me looking for programming-, security-, computer- oriented material. I hope this thread may become useful to others.

What, how, why would you recommend to see, read, do? Please keep in mind that it should be:
- security-oriented
- mountain view perspective
- digestible in reasonable time

Thank you in advance for all opinions, answers, criticism.

P.S: Sorry for my poetic language, but when it comes to important decisions I always become that romantic :P
Reply With Quote
  #2   (View Single Post)  
Old 6th May 2017
hanzer's Avatar
hanzer hanzer is offline
Real Name: Adam Jensen
just passing through
 
Join Date: Oct 2013
Location: EST USA
Posts: 314
Default

I recommend that you approach it from an engineering perspective rather than a programming perspective. Secondly, rather than a focus on security, you might get more from research into fault-tolerant and high-reliability design principles and methods.

To get started, I suggest that you acquire three books. Find the most clear, concise, and insightful books that represent these three domains:
  1. Digital Systems Design
  2. Computer Architecture
  3. Operating Systems
And browse them for the fundamental ideas.

From there, you may find value in studying Joe Armstrong's thesis on fault-tolerant software concepts, and the core papers it references. (He is one of the primary Erlang guys - the thesis is concurrent-distributed system centric).

Another source of foundation and insight might be gleaned from the Ada community. This video is a very accessible introduction. The entire sequence of requirements documents that are mentioned in the video can be found here. And there may be some value in looking at the latest efforts of that community's high-reliability technology - http://www.spark-2014.org/about - and it's application in embedded systems - http://www.inspirel.com/articles/Ada_On_Cortex.html

With an understanding of the principles and methods of fault-tolerant, high-reliability systems engineering, the issues of security can probably be addressed in a more robust way.

Finally, I suggest that anyone taking on such a research project be very careful not to assume that the current-off-the-shelf computing systems are representative of mature best practices, or even good decisions. What currently exists is largely the product of rapid market-driven evolution and frontier pioneering rather than fully conscious, fully comprehending, and deliberating design. A re-factoring and revolution is in order, IMnsHO.

Last edited by hanzer; 6th May 2017 at 04:59 AM.
Reply With Quote
  #3   (View Single Post)  
Old 8th May 2017
beiroot beiroot is offline
Shell Scout
 
Join Date: Sep 2016
Posts: 86
Default

Thank you very much for your answer

Quote:
To get started, I suggest that you acquire three books. Find the most clear, concise, and insightful books that represent these three domains:
Digital Systems Design
Computer Architecture
Operating Systems
And browse them for the fundamental ideas.
any suggestions?

I've studied the fault-tolerant software concepts from the thesis you pointed and it was very educating. Interesting concept of software design. I'm moving onto the ADA community materials
Reply With Quote
  #4   (View Single Post)  
Old 8th May 2017
hanzer's Avatar
hanzer hanzer is offline
Real Name: Adam Jensen
just passing through
 
Join Date: Oct 2013
Location: EST USA
Posts: 314
Default

Quote:
Originally Posted by beiroot View Post
any suggestions?
It depends upon what is available to you. I prefer open resources.

This is in my library and it seems okay:
Digital Electronics: A Practical Approach with VHDL (9th Edition): William Kleitz

And there are freely available video lectures:
Video Instruction for Digital Electronics with VHDL 9th edition textbook

There may be some value in looking at the RISC-V Instruction Set Architecture Specification.

I thought Practical File System Design was a well written and thoughtful document.

Be creative and innovative - become an education and research process hacker.
Reply With Quote
  #5   (View Single Post)  
Old 10th May 2017
beiroot beiroot is offline
Shell Scout
 
Join Date: Sep 2016
Posts: 86
Default

@hanzer, I know there are hunderds of books on this. Even in the sticky here you have a decent list. I was asking for a suggestion the same way you would ask for a good mystery, detective, fantasy book.

Thank you very much for the books and videos (especially) you pointed.

Last edited by beiroot; 10th May 2017 at 12:25 AM.
Reply With Quote
  #6   (View Single Post)  
Old 15th May 2017
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

I am not an expert, but I have been listening to a few talks at security conferences (I mean watching videos published via webpages) and there almost always been a little of assembly code to understand what is going on. I think that somebody interested in security of C programs should have skill to write at least small programs in assembly.
Easiest way to gain practical assembly skills is to practice writing software for 8-bit microcontrollers (AVR ATmega-s or μc-s based on the 8051 instruction set), but they are very different environment than PCs. They don't have operating systems. Physical separation of instruction and data memory.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #7   (View Single Post)  
Old 15th June 2017
paulr paulr is offline
Port Guard
 
Join Date: Oct 2016
Posts: 16
Default

In my view, the best way to learn about Programm security is to learn how Programms work.

I would suggest to learn the Assembler for your CPU first and the software interface Basics about your hardware.
So you basicly would be able to Play around with Firmware.
Then you could dig into the OS's programming Interfaces and try to reverse and edit Ring 3 applications with disassemblers and Debuggers (CrackMes are a good Training before you try to exploit functions). You could also do this step first, but since many Assembler books for X86 concentrate on 16bit realmode programming, this step mighte be a bit harder at first, if you own a X86 CPU.
After you got enough Knowledge on the Topics: Firmware and OS, you probably could start kernel Debugging.

There are many good exploitation tutorials on the web, at least for Windows.
But i think that taking a look at this would also help a lot to understand how to find and use security flaws, even if it is another Software platform.

!Take in mind, im only beginner Level in this stuff (and i hardly hv any Knowledge about BSD-OS's and BSD-OS's programming, so some suggestions might by far not be perfect!

+excuse my english skills
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
A Newbie installation adventure targetting an old ibook G3 daemonfowl OpenBSD Installation and Upgrading 12 30th January 2012 01:26 PM
NeXT computers never sold outside the US? Turquoise88 Off-Topic 5 7th July 2011 10:46 PM
Do you build your own computers? JMJ_coder Off-Topic 28 28th July 2008 03:04 AM
NetBSD + old laptop adventure anomie NetBSD General 4 27th June 2008 01:57 PM
Newbie - adventure in gateway world Johnny2Bad FreeBSD General 1 17th May 2008 10:22 AM


All times are GMT. The time now is 11:59 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick