An overview of why knowing programming can make you a better cyber security professional, a look at the most popular languages and some pitfalls to avoid
2. DISCLAIMER
This presentation and the Services methodology, frameworks and templates used in
this document will remain the property of ES and must not be used or re-used
without explicit consent from ES unless it is already available, or becomes available,
in the public domain.
{elysiumsecurity}
cyber protection & response
2
PUBLIC
3. CONCLUSION
CASE STUDY
WHAT LANGUAGES
WHY PROGRAMMING
CONTEXT
{elysiumsecurity}
cyber protection & response CONTENTS
3
PUBLIC
GOAL
WHO AM I?
COMPANY
BACKGROUND
CYBER SECURITY RISK
CONCEPT
CYBER SECURITY
JOB’S RELEVANCE
AUTOMATION
TOOLING
REVERSE
ENGINEERING
EXPLOITS
MANY LANGUAGES
TO CHOOSE FROM
MOST USEFUL
LANGUAGES
POPULAR SECURITY
PROJECTS
SECURED ANDROID
APP
O365 LOGS IP SOURCE
BEWARE
TAKE AWAY
4. Icons: from The Noun Project unless stated otherwise
GOAL
4
TO AVOID SOME COMMON
MISTAKES
3
TO KNOW WHERE TO START
2
TO KNOW HOW
PROGRAMMING CAN BE USED
1
TO UNDERSTAND THE IMPORTANCE OF PROGRAMMING IN
CYBER SECURITY
{elysiumsecurity}
cyber protection & response
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
5. WHO AM I?
5
{elysiumsecurity}
cyber protection & response
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
https://www.elysiumsecurity.com
6. COMPANY BACKGROUND
6
{elysiumsecurity}
cyber protection & response
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
FOUNDED IN 2015 BY SYLVAIN MARTINEZ
INCORPORATED IN MAURITUS/UK AND OPERATING
WORLDWIDE
PROVIDING INDEPENDENT EXPERTISE IN CYBER
SECURITY
COMPREHENSIVE CYBER SECURITY SERVICE
PORTFOLIO: FROM CISO ADVISORY TO PENETRATION
TESTING AND INCIDENT RESPONSE
EXPOSURE TO A VARIETY OF BUSINESS SECTORS:
FINANCE, TELECOMS, HEALTHCARE, HOTELS,
MANUFACTORING, NAVAL, RETAIL, ETC.
BOUTIQUE STYLE APPROACH WITH A DISCREET,
TAILORED AND SPECIALIZED CYBER SECURITY
SERVICE THAT FITS YOUR WORKING ENVIRONMENT
7. CYBER SECURITY RISK CONTEXT
{elysiumsecurity}
cyber protection & response
7
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
PAST FUTURE
100%
0%
TIME
GROWTH
PAST FUTURE
100%
0%
TIME
GROWTH
PAST FUTURE
100%
0%
TIME
GROWTH
CYBER SECURITY RISKS’ PROBABILITY AND IMPACT ARE INCREASING.
THEIR ABILITY TO DISRUPT COMPANIES BUSINESS OPERATION HAVE GROWING
FINANCIAL, REPUTATIONAL AND LEGAL NEGATIVE CONSEQUENCES
+ =
8. CYBER SECURITY JOB’S RELEVANCE
{elysiumsecurity}
cyber protection & response
8
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
PROGRAMMING
KNOWLEDGE
BENEFITS
MOST MANAGEMENT
ROLE
MOST ADVISORY
ROLE
ALL TECHNICAL
ROLE
How much could knowledge of programming help you be better at your job?
ALL MANAGEMENT
ROLE
ALL ADVISORY
ROLE
ALL TECHNICAL
ROLE
PERCEPTION REALITY
9. AUTOMATION
{elysiumsecurity}
cyber protection & response
9
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
REPETITIVE TASKS
EFFICIENCY
SAVE TIME
REGEX SEARCH
FILTERING
PROCESS LARGE
VOLUME OF DATA
EXTRACT PATTERNS
FIND NEEDLE
10. TOOLING
{elysiumsecurity}
cyber protection & response
10
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
TOOLS CREATION
EFFICIENCY
CAPABILITY
TOOLS CUSTOMISATION
ADAPT AND REUSE
12. EXPLOITS
{elysiumsecurity}
cyber protection & response
12
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
VULNERABILITY ASSESSMENT
ACCURACY
PENETRATION TESTING
INCREASED ATTACK
SURFACE
13. MANY LANGUAGES TO CHOOSE FROM
{elysiumsecurity}
cyber protection & response
13
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
images from exploring-data.com and graphext.com
LANGUAGES RELATIONSHIPS
MOST USED LANGUAGES
14. MOST USEFUL LANGUAGES
{elysiumsecurity}
cyber protection & response
14
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
ANY LANGUAGE IS
GOOD!
MOST COMMONLY USED LANGUAGES
IN CYBER SECURITY
PYTHON
C/C++ PHP
JAVA
PERL
SHELL
SCRIPTS
ONCE YOU UNDERSTAND THE CORE PROGRAMMING CONCEPTS YOU CAN
UNDERSTAND AND CHANGE ALMOST ANY CODE
HTML
ASM?
RUBY
15. POPULAR CYBER SECURITY PROJECTS EXAMPLES
{elysiumsecurity}
cyber protection & response
15
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
POPULAR SECURITY TOOL PURPOSE LANGUAGE
BANDIT Python code analyser PYTHON
BURP SUITE Web traffic manipulation JAVA
HAWKEYE VA Scanner PYTHON
MALTEGO Data Visualisation JAVA
METASPLOIT VAPT Framework RUBY
NIKTO Web scanner PERL
NMAP Network scanner C/PYTHON/LUA
OPENVAS VA Scanner C
RECON-NG OSINT Search PYTHON
SATAN (very) old linux scanner PERL
SCAPY Network manipulation PYTHON
SQLMAP DB Scanner PYTHON
WIRESHARK Network analyser C
16. SECURED ANDROID APP NEEDS TO BE TESTED
{elysiumsecurity}
cyber protection & response
16
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
CHALLENGE
• Need to audit an Android APK app
• App does not allow “Routing” and has “Cert pinning”
PROGRAMMING SOLUTION
• Decompile the code to Java (i.e.: d2j-dex2jar)
• Analyse the Java code for security hooks (i.e.: jd-gui)
• Decompile the code to SMALI (i.e.: apktool)
• Edit the SMALI code to remove the protection (assembly)
• Recompile and sign the code
• Execute the non-secured code and manually check for issues
NON-PROGRAMMING SOLUTION
• Use the great MobSF framework to get some automated analysis
• Give up / ask for a non-secure version
17. SECURED ANDROID APP NEEDS TO BE TESTED
{elysiumsecurity}
cyber protection & response
17
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
JAVA
SHELL SCRIPTS
ASSEMBLY/SMALI + SHELL SCRIPTS
18. O365 LOGS IP SOURCE IDENTIFICATION
{elysiumsecurity}
cyber protection & response
18
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
CHALLENGE
• O365 Audit logs list of IP
• Identify suspicious IP
PROGRAMMING SOLUTION
• Export logs as csv
• Format csv to extract list of IP
• Use IP country mapping API
• add countries against each IP
• Easily filter with countries of interest
NON-PROGRAMMING SOLUTION
• Manual IP extraction and resolution
• or Pay for extra security add-ons: Risky-sign on, conditional logins, etc
19. O365 LOGS IP SOURCE IDENTIFICATION
{elysiumsecurity}
cyber protection & response
19
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
(POWER) SHELL SCRIPT
20. BEWARE
{elysiumsecurity}
cyber protection & response
20
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
Wasting time on non
essential activities
Reinventing a “broken” and
less “efficient” wheel
i.e.: crypto
answer: ”Hello”
Customization may lead to
medium/long terms
support issues
22. GOING FURTHER
{elysiumsecurity}
cyber protection & response
22
PUBLIC
CONCLUSION
CASE STUDY
WHAT
LANGUAGES
WHY
PROGRAMMING
CONTEXT
• https://flatironschool.com/blog/best-programming-languages-cyber-
security
• https://www.sans.org/cyber-security-courses/automating-
information-security-with-python/
• A lot of free resources online, google “free python hacking course”