What is it like... Cybersecurity, Software Development and Software Engineering.

[gvisoc]

Are those languages or any other languages used by hackers to do their hacking, hijacking, etc?

From my limited understanding you need to know more than one language. That's why focusing on the programming skills rather than particular languages is useful. Going from python to other scripting languages is easier than it seems, but then you'd also need to know other languages closer to the machine like C, Assembly, etc., depending on the target.

For example, if the target of the exercise would be to steal emails, one would look at the email server, the underlying host, and the technologies that are typically present in that host that can be exploited to access the data files and sent over the network. Some steganography and a couple of layers of scripting and some binaries may be necessary. I really enjoy reading about these kind of attacks.

This one https://www.bleepingcomputer.com/ne...se-steganography-to-target-320-orgs-globally/ involves scripting to target the Microsoft Equation Editor, then an image with an executable payload written in Powershell that then downloads the final one, probably coded in C or Assembly.

Python can be playing a part in any attack like the above, where the host can't run PowerShell but it can do run Python. If the attack was targeted to non-windows technologies, most likely would be useful but just not by itself.

 

[gvisoc]

My personal example: I have been focused on Java and C in my career, but I can write reasonable python, reasonable javascript, horrible rust, terrible assembly and I can understand what other stuff nobody likes like Ruby or PHP does with very little reference. There are lots of common things that repeat through the languages once you pick up pace in a couple of them and you learn the basic syntax differences.

If you throw Perl at me I will resent you forever, though.

 

[KGIII]

stuff nobody likes like Ruby or PHP

I don't dislike PHP. I'm out of practice but was once quite fluent.

If you throw Perl at me I will resent you forever, though.

I have shared my Perl story already, explaining how I made the web just a bit less secure.

 

[Mike-BTU]

If you throw Perl at me I will resent you forever, though.

I used to make my living using a Perl e-commerce script: Perlshop. Don't knock it.

 

[Sherri is a Cat]

Finally really learning about something. I've wondered about some of them, but never had need or time to find out more about them.

An IP address is an octet <-- learned that the other day!. Why the address in broken down into four parts, how to create more networks by manipulating the last octet.

Subnet mask, another word I haven't needed to know the meaning of yet. Seems pretty logical now. A network under the network. I know there's a lot more to it, but I think this is probably enough for now.

I never thought it would be possible to ask too many questions in school, but I was politely subtlety asked to calm down a bit!

 

[gvisoc]

I don't dislike PHP. I'm out of practice but was once quite fluent.

Yes, me too, and that was a joke. As it was the whole ranty post, trying to trigger one or two of those very fond-of-their-choices other programmers

 

[KGIII]

Yes, me too, and that was a joke.

Ah, I missed the joke. You can do some pretty great stuff with PHP and it's fairly 'readable' (for lack of a better word).

I did learn some Java back in the day and have also played with JavaScript but not for years. I don't really program anything these days. I pretty much have all the tools I need already.

 

[Sherri is a Cat]

What I am trying to say is don't worry about paper. don't worry about tests and certs, worry about actually knowing what you are doing.

How do you get a start though? There is a guy in my class who has no certs at all but he has worked in IT. When I ask him how he got a start without any PAID experience, he just shrugs. In some ways I know more than he does, yet I haven't been able to just get an interview or take a stupid personality test! My teacher said he would talk to us about this. My cybersec friend said to mention personal projects. I don't know what to put on a resume. 'I love computers' just doesn't cut it!

 

[Sherri is a Cat]

Hexadecimal... yikes!

NOW I have to THINK!!!

 

[APTI]

How do you get a start though? There is a guy in my class who has no certs at all but he has worked in IT. When I ask him how he got a start without any PAID experience, he just shrugs. In some ways I know more than he does, yet I haven't been able to just get an interview or take a stupid personality test! My teacher said he would talk to us about this. My cybersec friend said to mention personal projects. I don't know what to put on a resume. 'I love computers' just doesn't cut it!

that is a tough question with no definitive answer. The only thing I can tell you is what works for me. Impress somebody that hires and do it outside of work. Once you have that person's attention, you get your in. Another thing is to do some of the work for a charity or local business so you can gain your references. I have found that word of mouth speaks much louder than any degree or cert. I have a B.S. degree (please I know the puns) in computer science. It has gotten me squat. People talking about what I have done for them has gotten me everything.

 

[Sherri is a Cat]

This is directly out of my CompTIA digital text. I'm confused.

	If one byte is 8 bits shouldn't this be written 1000? <---Isn't this 129
Or is it that 1 byte has 8 binary digits?

 

[APTI]

This is directly out of my CompTIA digital text. I'm confused.

View attachment 26528	If one byte is 8 bits shouldn't this be written 1000? <---Isn't this 129
Or is it that 1 byte has 8 binary digits?

Yes, 8 bits in a byte. and that would be 65 according to mine.

 

[Sherri is a Cat]

65 according to mine.

I keep starting in the wrong place to count binary. Thank you.

I keep thinking of it the same way I think of decimal.

 

[Sherri is a Cat]

Hexadecimal
Binary
Storage

I need help understanding something here.

From the CompTIA text..."Hex numbers are compact and use less memory, so more numbers can be stored in computer systems"

I'm going to use a HDD because I understand the mechanics better than a SSD. Information is written in binary onto the HDD with magnetized spots. A magnetized spot is a '1' or 'on'. If it's not magnetized it's a '0' or 'off'. What other way is there to write data to a HDD?

 

[KGIII]

When I ask him how he got a start without any PAID experience, he just shrugs.

I hired a number of people who were initially recommended by good employees.

I also liked to hire people right out of college. I'd do a bit of poaching by paying the nearby university to do some research, and then I'd try to hire the best of the people who worked on it.

Dunno how those fit in with modernity or your situation.

 

[osprey]

I keep starting in the wrong place to count binary. Thank you.

I keep thinking of it the same way I think of decimal.

Not sure if this quite addresses one of the issues, but here goes:

If you take the table in your post #35, it can be used to determine the decimal value of a binary number by placing the binary number under the table as shown in the following.

The first row in the table: 10 to 0, describes the postion of a bit number, that is, from the zeroth (0th) to the tenth (10th) position of a binary number.

The second row is the value in decimal of the binary number (0 or 1) which may appear in that position. For example the binary number shown in post #51: 01000001 can be aligned with the table to discover its value in decimal:

  +----+---+---+---+---+---+---+---+---+---+---+
  | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | <- Position number.
  +----+---+---+---+---+---+---+---+---+---+---+
  |1024|512|256|128| 64| 32| 16| 8 | 4 | 2 | 1 | <- Binary bit value.
  +----+---+---+---+---+---+---+---+---+---+---+
                 0   1   0   0   0   0   0   1   <- Binary number
               |                               |
               +-------one byte (8 bits)-------+ <- One byte (8 bits)
Decimal          |   |   |   |   |   |   |   |
equivalent --->  0 + 64+ 0 + 0 + 0 + 0 + 0 + 1 = 65 <- bit value

Thus the decimal equivalent of this binary number 01000001 is:
64 + 1 = 65.

 

[Sherri is a Cat]

Not

I foget about this 'position', the first binary digit.

This is a great chart! I'm going to copy it and add hex to it.

Thank!

 

[Sherri is a Cat]

@osprey That one word you mentioned, 'position' clarified some things for me.

1 byte does not equal 1000, 00001000, or 8 things. This has been tripping me up. I've been thinking of it as an amount, how of something I have.

It's value from 0 to 256 expressed in an octet of bits.

|x|x|x|x|x|x|x|x|

X= either 0 or 1, Off or On

 

[Sherri is a Cat]

Container Virtualization v Virtual machines....

Would the Bottles app be considered a container?

 

[gvisoc]

No, Bottles / Wine prefixes are not containers, although they resemble them.

While VM are virtualisations of the host's hardware, containers are virtualisation of the underlying operating system's kernel. This means that each container has its own full-blown user space on top of a single shared kernel: the host's users are different to each container's, the permission spaces are different, and containers don't share the same filesystem with each other or the host unless you make them share it explicitly. The same user "sherry" can have different permissions, password, uid and guid from one container to the next, in one container can be in sudoers, in other not, or not even exist. Everything a container see is controlled and defined by the host's kernel directly, with no intermediary*.

Check this out: https://www.redhat.com/en/topics/containers/whats-a-linux-container

Wine defines a folder (prefix) with a set of Windows programs that call some libraries put there by Wine. Applications see Windows libraries, and then Wine maps all the library calls to whatever Wine needs to do the job. Wine is an intermediary that is not needed if those were containers and there's no virtualisation of anything whatsoever. The users Wine see are the users of your linux host, there's a single network --the host's--, there's absolutely nothing isolated from the host. As a result, the applications inside Wine can't be limited in resources and permissions the same way than a container can.

Also, you can't have a Windows Container on top of Linux, or a Linux container on top of Windows. Docker Desktop uses a Linux Virtual Machine to run the containers, and on Windows you can configure Docker to use Windows Containers if that's what you need.

(*) Docker or podman are not really runtimes like Wine, they are just command line tools to interact with the kernel, cgroups, and those other bits and pieces that are part of the containerisation mechanisms. Who ends up running the containers is the Linux kernel (or Windows kernel if you wanted to use Windows containers on Windows)