Aspiring Security Researcher - About Me
What Initially Drew Me to Security Research?
Cybersecurity is a huge field.. So many directions to go.. but I'll always follow my heart.. And I've always loved learning about the low-level stuff in computing.. my heart always goes to the fundamentals.. how do computers work? how do operating systems work? how does the normal software applications work? how virtualization achieves what it achieves? how did we turn electricity into applications? and so on.
With that passion.. I started delving deeper.. when in 2019.. I read a book called "But How Do It Know?".. the book starts with the joke - A guy goes to the market.. finds someone selling a flask bottle.. the seller tells the guy that the bottle can keep cold liquid cold.. and warm liquid warm.. the guy questions "but, but, but - how do it know?" - how does the bottle know, if the liquid is cold or warm? that's the joke - the bottle doesn't know the temperature of the liquid at all.. the way a flask bottle works is very scientific.. the container is surrounded by vacuum which slows down temperature exchange between the outside environment and the inside of the container thus maintaining the temperature of the liquid inside - cold or warm.
And then the book goes on explaining how computers are the same.. we look at this black box wondering how this thing does all the things that runs the world just by taking electricity as the input.. most of the things are abstracted thus giving the complexity.. but if we break it down.. computers are actually very easy to understand.. and that was the beginning of my journey learning about computer architecture.. a very simple architecture.
Going Deeper - Building from NAND Gates
I kept going.. I took a course called NAND to Tetris.. where we start with a NAND gate.. build the different parts of a CPU.. build a memory.. connect them together so the CPU can take instructions from the memory.. save data in memory.. and has IO to facilitate connections with peripherals.. thus building the whole computer where we write instructions in assembly.. and finally write a compiler that takes a higher level language and compiles it into assembly that is used by the processor.. and use programming to write a video game - Tetris.
This course was beautifully created.. gave me a better understanding of how a simple computer can come into existence.. it also helped me understand the basics of assembly language.. Later I read "Assembly Language Step-By-Step" Book by Jeff Duntemann.. which is an old book.. to learn more about x86 assembly.. it also talks a little about linkers and loaders and how programs are ran after they are compiled.
The Operating System Journey
But that's not the end.. modern applications don't run on hardware directly.. hardware is fully managed by the operating system.. now the next step I thought was to learn about how operating systems work.. with that in mind I started my journey to understand operating systems.. starting with the dinosaur book - "Operating System Concepts".. a book I found in an old book store just laying there probably for years.. waiting for me to come and take it one day.. and that's what happened.
It took me a while to finish the book.. as most of the concepts were very new to me.. but that didn't satisfy my curiosity.. I thought why don't I write my own operating system.. as the best way to learn something by heart is by getting your hands dirty and execution.. I took a Udemy course "Developing a Multithreaded Kernel From Scratch", supplementing with the osdev.org site.. to spend the next 2 months writing a kernel very similar to Linux.. but very very basic - with a built-in library, a simple shell, FAT16 file system.. ELF loaders.. simple process/task/memory managers, bootloader and so on.
The COVID Turning Point - Into Security
As you see.. until now.. all I did was learn about the fundamentals.. which never actually ends.. These were before Covid.. I remember during Covid when I understood that I'll be stuck at home for at least a year during the quarantine time.. I thought how can I make use of this time.. that's when I was looking into learning more about hacking.. I was inspired by Mr Robot the 2014 show.. when I watched it as a teenage kid.
During that time tho.. there weren't that many resources to learn hacking available to me like it is right now.. I found Heath Adams Udemy course which was a complete course for ethical hacking for beginners.. but it was very difficult for me to understand as I was missing a lot of the prerequisites.. such as networking (I didn't even understand what an IP address is).. so another fundamental.. with that in mind I started learning about networking.. and I ended up taking a CCNA course and passing the exam on December 2020.
Around that time I also did some binary exploitation exercises on HTB.. strengthening my understanding more about assembly and how low level vulns can be abused.. but my technical abilities hit a ceiling.. I'm still 21 years old.. who is learning everything on his own.. and I wanted to get a job in cybersecurity where I can learn more about the real world.. and contribute as well.
Building Up the Security Skills
With all the good foundational knowledge that I had.. I wanted to learn more about cybersecurity.. started with Security+ then finished the CPTS path on HackTheBox which taught me so much about penetration testing.. a very technically detailed course ever created.. after that did the CySA+ cert.. did a cloud cert called the AWS Cloud Practitioner.. and currently studying for the SecurityX certification while working as a SOC Analyst for a huge MSSP.
Where My Heart Takes Me - The Low Level Path
Like I said.. my heart always goes to the low level stuff.. I still think to myself.. that I haven't even dived deeper into things like linkers and loaders.. I wanted to write my own compiler.
So my binary exploitation study journey.. my kernel development journey.. penetration testing journey all of that made me fall in love with offensive security.. focused on low level computer operations.
I'm currently reading Windows Security Internals.. and I'll write more about it in the upcoming blogs as I learn more.. one thing I learned so far is that not many people understand Windows at a low level as it is closed source.. so I see a lot of value in it.
I'm also planning to take courses in OpenSecurityTraining2 which is all about low level stuff - It has courses on WinDB, from beginner to intermediate to advanced! A well as courses on assembly language, Windows kernel exploitation and more. I also plan to do courses from MalDev Academy suggested to me by a good friend, Anton. And eventually take the OSED exam.
What's Next?
This blog is going to be my way of documenting everything I learn.. sharing the struggles.. the wins.. the random rabbit holes I go down when something catches my curiosity.. because let's be honest.. the journey never really ends when you're someone who can't stop asking "but how do it know?"
If you're like me.. someone who needs to understand things from the ground up.. who gets excited about assembly code and kernel internals.. who thinks writing your own OS is a fun weekend project.. then stick around.. we're going to dive deep into some really cool stuff.
Next up.. I'll be sharing what I'm learning from Windows Security Internals.. and trust me.. it's fascinating how much is happening under the hood that most people never see.
Resources Mentioned
Here are all the resources I talked about in this post.. in case you want to check them out yourself.
Books:
But How Do It Know? - The Basic Principles of Computers for Everyone by J. Clark Scott - Amazon.
Assembly Language Step-by-Step by Jeff Duntemann - Amazon.
Operating System Concepts (The Dinosaur Book) by Abraham Silberschatz, Peter B. Galvin, Greg Gagne - Amazon.
Windows Security Internals by James Forshaw - Amazon.
Courses:
NAND to Tetris (nand2tetris.org)
Developing a Multithreaded Kernel From Scratch (Udemy)
Practical Ethical Hacking by Heath Adams (TCM Security)
CPTS Path on HackTheBox Academy
OpenSecurityTraining.info (for low-level security courses)
Malware Dev Academy (https://maldevacademy.com/)
Other Resources:
osdev.org - for OS development
HackTheBox - for penetration testing and binary exploitation practice.
