Oftentimes we’re told that you don’t need to learn to code/get a Computer Science degree to get into cybersecurity/ethical hacking and while I agree for the most part, learning how to program early will be a benefit rather than a hindrance further down the line. That’s why I decided to take HarvardX’s Introduction to the intellectual enterprises of Computer Science and the art of programming. In fact, one of my role models Ricky Tan, the host of Cyberspatial says most people who come from programming backgrounds tend to advance in the field much faster. There are a variety of reasons why learning comp sci is beneficial that I will detail below alongside helpful resources to help you learn how to “program” not just a few programming languages. By the end of it, you’ll even have a few projects on your github to vouch for your skills! Don’t worry though. It won’t take you a whole four years, just a couple of months ;)
My reasons for taking CS50x:
If you’ve been following my activity on Twitter, you’ll know that I recently decided to take my first step and enroll in CS50 despite being “familiar” with bash, python scripting and aims to study Computer Science at the University level. Why did I do this? To understand this, first you need to understand what CS50 covers.
“This course teaches students how to think algorithmically and solve problems efficiently. Topics include abstraction, algorithms, data structures, encapsulation, resource management, security, software engineering, and web programming. Languages include C, Python, and SQL plus HTML, CSS, and JavaScript. Problem sets inspired by the arts, humanities, social sciences, and sciences. Course culminates in a final project. Designed for concentrators and non-concentrators alike, with or without prior programming experience. Two thirds of CS50 students have never taken CS before. Among the overarching goals of this course are to inspire students to explore unfamiliar waters, without fear of failure, create an intensive, shared experience, accessible to all students, and build community among students.” — CS50’s official website.
With such a wide array of programming languages available to learn in such a short time, there’s obvious incentive to take it up. But what can we accomplish with them in the art of pwning? I’ll start with the course itself.
The goal is to teach you how to program not just a few programming languages. In learning this, learning new languages and adapting won’t be as difficult as starting out which is very worthwhile moving forward.(Especially in implementing new technology like machine learning and blockchain into security) Additionally, learning to think “programmatically” i.e breaking steps down and finding the most efficient way to solve a problem also known as defining an algorithm will help your methodology quite a bit along with learning how developers think in order to better exploit websites and software. The little computer science touched will help you understand how computers function and is a good base for any role in IT, I’d say be it system administration, software development, cloud administration etc.
C: When it comes to understanding how your computer and low level programming works without touching Assembly Language, learning the mother language is something you won’t regret. Powering the internet, modern systems, IoT and even malware. In fact, Paul Ungur(A 17 year old security expert and malware developer) exclusively writes his malware in C. An absolute mad lad. Additionally, knowledge of C makes learning syntactically similar programming languages like C++ or better yet, Rust and Go less of a pain which will make the transition to learning how to program and exploit Solana(a cryptocurrency built with rust) smart contracts much easier. Additionally, C builds the base for learning reverse engineering and even basic knowledge of it will help in learning assembly language.
Python: I don’t think python needs any more explanation on use cases but just in case there are any newbies reading this…here we go. Python is an interpreted language known for it’s simplistic syntax, ease of use and versatility. It’s use cases range from building websites with Django and Flask, implementing Machine Learning/Artificial Intelligence to simple scripts that automate information gathering or enumeration on a target machine. Additionally, it is pretty much present on most Linux devices you will encounter in the wild. David Bombal even has a few videos on it covering subjects like Denial of Service scripts, WiFi scanners, keyloggers and network automation. Friendly reminder to always practice your craft within the law so that means no running these scripts on targets without permission. Aside from all these benefits, scripting with Python will evidently help automate and increase your efficiency in implementing new techniques where you don’t have a pre-existing tool on hand i.e configuring a script to scan and pick up malicious traffic heading into your infrastructure via well known ports in order to bypass firewall rules or developing a Proof of Concept script to exploit a recent CVE. Evidently, some SIEMs can do that but a script is at times faster and more efficient as Ricky Tan can confirm.
SQL: SQL stands for Structured Query Language and it’s primarily used for database management. An understanding of SQL will help in understanding and exploiting SQL injection(one of the most common website vulnerabilities) when you aren’t using SQLmap that is i.e in an OSCP exam. Knowing how they’re implemented won’t be so bad either if you’re ever in a role that needs it.
HTML, CSS and JavaScript: The go to languages for web development with HTML forming the structure of web pages and CSS styling them while JavaScript gives web pages the interactivity that is so common today. Moving away from websites, JavaScript is also used for mobile app and game development with frameworks like React Native and can even be applied to blockchain programs. It’s use in a penetration tester’s arsenal comes into play via Cross Site Scripting(XSS) where you have to get a little creative to bypass Web Application Firewalls or filters put in place to mitigate the issue and a working knowledge of JavaScript and HTML boosts your chances of success significantly since you’re not blindly copy pasting commands out of a cheatsheet.
At this point, you’re wondering what the difference would be if you decided to learn all this by yourself. Well first off, it’s Harvard! :D Jokes aside, considering we’re all about practical knowledge here. CS50’s style of assessment focuses on projects. As any competent programmer will tell you, the best way to learn is by doing and in this case completing fully fledged programs as projects with various use cases. When you’re done, you can use them to populate that empty GitHub account you’ve been hiding. ;) This has the added benefit of showing actual competency to whoever is scouting you out for a job role and gives you something to talk about during an interview. One of the projects is recreating sections on the classic Super Mario game. Who wouldn’t want to make that?!
Additional Resources and Way Forward:
This wouldn’t be an article made by me if I didn’t throw you guys a plan or resources so without further ado…
- If you want to branch out past this and expand your skillset towards Machine Learning, Quality Assurance, Data Analysis, Backend and Frontend dev or maybe responsive web design then it may be best to consider freeCodeCamp for some of the same reasons we mentioned above. I encourage you to avoid puzzle based ways of learning until you know a bit of computer science and have some projects under your belt as they are only good for learning new syntax. They offer their own free in house certifications as well and boast alumni in Google, Apple, Microsoft, Spotify and Amazon.
- OSSU or the Open Source Society University also offers a completely free bachelor’s degree equivalent in Computer Science that covers the same topics as in a regular University. If you want to practice before University, catch up on topics then I fully recommend it. If you want to get a real degree then I suggest you look at the next option.
- If you want to go ahead with computer science but can’t afford going to University then I recommend signing up for University of the People’s Computer Science programme. UoPeople is a non-profit, tuition free, American accredited University with a goal that resonates strongly with me. Find out in their official website here. Note that tuition free doesn’t mean completely free. Admission fees are about $60 and there are fees for exams although I’m not sure about the price. These are necessary to keep the University running and for administrative costs. It’s also work friendly for those of you with jobs so nothing’s stopping you from going ahead and signing up and guaranteeing a salary increase as a degree whether you like it or not opens up many doors and opportunities for promotions although it’s not necessary to have a degree to work in this field, it certainly helps.
With that, we have come to the conclusion of this article. Thank you for reading and do not hesitate to contact me about any feedback or topics you’d like covered over on Twitter or Discord. I usually hang around in the TryHackMe server and a few others.