• Derek Scheller Jr

Cyber Security Programming Languages


Assembly

Oh the bane of my existence, good ole' assembly. This language is the closest you can get to programming in machine language, with that it is also one of the best languages to know when dealing with cyber security. Whether you are debugging a program to find vulnerabilities in the code, such as buffer overflows, or you are reverse engineering a malware program it is extremely beneficial to know this language. The assembly language allows you to speak directly to the memory of a computer and force it to execute instructions that you may not be able to get it to execute utilizing other languages.

One of the other reasons this language is still widely used and/or able to be read by security experts to this day is that even "C" allows for in-line assembly. Being able to push and move instructions that are to be executed can be extremely helpful when trying to force a program to do something other than what was intended. In order to truly understand what you are doing when programming assembly, you will definitely need to understand how processors and memory read and write instructions to and from each other.

C


The C language is another language that has been around for quite some time. Many programs still run based off of C and many exploits as well. The advantage to C is that it can be ported to just about any operating system just by compiling to be read by whichever operating system you need it to be executed on. As C is a higher level language than Assembly, it is also easier to read. Where assembly is written in such away that you are interacting directly with the memory, C is more reader friendly and is actually compiled without you worrying about how it interacts with memory. That isn't to say you don't have to worry about secure coding and avoiding things such as buffer overflows.

Python


Some of the easiest programming languages to learn are scripting languages. Python is one of the most popular scripting languages and there are even many security tools written in python. One of the more popular tools is SEToolkit. Others have utilized python to create their own variation of an nmap scanner, or with different imported modules it can be used to pull down every tweet on a persons twitter. Statements in python are very blunt and make it a lot easier to write. Statement like "print", "if", and "while" do exactly what they say without the need for deciphering. Print prints whatever you put in quotes to the screen, if starts and if/else code block, and while starts of course a while loop. There is much more to it, and yes even "C" has statements like these, though the way some of these statements have to be written are more convoluted.

Another advantage to python is that you can actually use it to write your own exploits. Though unlike "C" the target system has to actually have the python interpreter already installed or else there will be nothing to read the code. As such it is beneficial to validate that a python interpreter is already installed on the target system you are attempting to exploit.

Final Thoughts

Now by no means is the a comprehensive list of languages to learn or even what they can all do, but it is a starting point. By being able to at least read assembly and C you become an invaluable resource to reverse engineers. If you can write in assembly and C you become essential to exploit developers, reverse engineers, and penetration testers. Exploits written by yourself provide different signatures that will allow for you to bypass many anti-virus scanners that rely on already known signatures. If you can work with python that you can utilize many of the tools built into security distributions as well as become a valuable resource for web app penetration testing. This is because python can also be used to automate SQLi and other web app testing.

#cyber #programming #cybertraining #cybersecurity

0 views
  • Black Twitter Icon
  • Black YouTube Icon

Pittsburgh, PA, USA

©2017 Scheller Cyber Security | Proudly created with Wix.com