ZTH-CH1: From Zero to Technical Hero

This post will take the very core basics and explain them in a series of analogies that are easier to understand if you're completely non-technical or have minimal know-how. I want to make information security and the technicalities more accessible to the masses....

9 months ago

Latest Post NMAP Tips: RTFM? by Andy Gill

Introduction

I'm just back from a live hacking event hosted by Hackerone in London, UK which was a lot of fun. It's also the reason why this post came to be, I brought my girlfriend along to the event who is not a techie at all but she is really interested in how things work and after seeing how lucrative and exciting bug bounties can be she signalled that she was interested in learning.

Df5O-LwU8AAtQDC

Originally this post was going to be one big guide for folks who don't understand or haven't looked at the core technical topics; however, that quickly grew arms and legs. As a result, it will now become a free ebook, with accompanying posts along the way with general hints and tips.

There are always talks of how there aren't enough people in the security industry and that there are many routes into the industry. However, has anyone ever taken a step back, looked at things from a non-technical standpoint, realised it is pretty interesting and wanted to learn more? Sound like something you've thought before? Then this post is for you, if not and you're reading anyway somehow, welcome!

Given that there's already a book out there that explains some bits and pieces about the basics(LTR101), it does assume a bit of technical understanding. If you know what DNS means, or have an understanding of what OSI might mean then jump straight into the book. If those two acronyms mean nothing to you and you are none the wiser, don't worry I've got you covered.

This post will take the very core basics and explain them in a series of analogies that are easier to understand if you're entirely non-technical or have the minimal know-how. I want to make information security and the technicalities more accessible to the masses.

This post will assume nothing and serve as a prequel to my book (LTR101), so if you feel you know it all or some of it well enough skip on. Additionally, if you have any recommendations, please get in touch on Twitter.

If you are reading this and don't see yourself as technical, don't be afraid it's not witchcraft.

Witchcraft

All it takes is a bit of Googling(searching the web for the answers), reading & determination. All of the information below will be presented in a relatable manner with analogies that hopefully sync up with common sense, to enable you to understand better how things work and why they work.

Structure

I'm going to explain some fundamental concepts that some people may find easy to understand whereas for others it will just click. So hang on and bear with me, please.

As mentioned above also this tutorial will be split into two sections:

Common Phrases & What They Mean

In the world of technology and security, in general, there are a multitude of different phrases, three letter acronyms and other nonsense chucked about. Before we get started here are a few common phrases I will use throughout and what they mean:

Logical Thinking

logic
Starting off on a non-technology standpoint. One of the key points often overlooked is logical thinking. If I do an action what is the likely reaction, while this applies to all aspects of life it is also closely tied to security and often technology in general.

This lesson is about how to learn – a critical skillset to have. Hacking, in reality, is a creative process that is based more on lifestyle than teaching. I can't teach you every possible topic that you need to know, but I can help you recognise what you need to learn.

This is also true due to the constant advances in the field of technology and specifically security. What I teach today may not be relevant tomorrow. It is much better for you to embrace the hacker mindset and the learning habits, which are probably the most vital part and will separate you from mere muggles(a person who is not conversant with a particular activity or skill.)

Think of this scenario, if I am using a shopping website and manage to set the price to £0.00 or even a negative value -£1,000,000. What happens? Well in a broken situation the site might permit you to gain the item for free! Or even worse(I've seen it before) credit your account with the negative value!

Understanding How a Computer Works

hardware-diagram
TL;DR: A computer uses the core components to process information, be that browsing the web with a browser, playing music, watching media or writing out documents.

For starters technically, I'm going to explain an analogy as to how a computer works, some key points you might not be aware of and why they're essential.

In the modern era we're living in, the way in which a computer was described to me when I was learning is a lot different now. A computer can be your smartphone, a laptop, desktop or anything these days. However, for this explanation, I'm going to talk about a desktop or notebook and the insides of it(also known as components).

Thanks to Paul Stewart for this analogy. In a computer there are three main components; Hard Drive, Memory also referred to as RAM and a CPU also known as a processor. Imagine these as the following items:

You will work a lot faster if you bring the files out of the cabinet and work with it on your desk. This is what a computer does. It can work with the information on the hard drive, but it will be a lot slower. If you have a bigger desk (more RAM/memory), You can get more work done, but only if you (CPU/processor) is working as efficient as possible.

Core Topics

Over the next few posts, I aim to explain the different areas you'll want to look into and learn about to get a better understanding of the technicalities. I believe that anyone can become technical if they are willing to learn.

So some core topics that you might want to have a google of but don't worry; I plan to explain them too in later posts!

I hope to cover many more topics too, as the plan is to put this into an ebook, not everything will be covered at once in one post! Hopefully, the post above is enough to get you started and start to get your feet wet :-).

Andy Gill

Published 9 months ago

Subscribe to our newsletter

Recieve news directly to your email.

ZeroSec - Adventures In Information Security © 2019.