.

An letter to don...

<<

shakuni

Jr. Member
Jr. Member

Posts: 80

Joined: Sun Nov 04, 2007 2:24 pm

Post Sun May 25, 2008 10:27 am

An letter to don...

Dear don,

I have noticed that this is one of the best forums on InfoSec out there. It is truly our Resource for Forensics, Pen testing and Incident Response.

But don't you think that we should have a forum dedicated to programming ? Don't you consider programming as a must have skill for pentesters. What if one needs to-

=> Modify tools because they don't suit this particular circumstance.
=> Write tool to do a particular thing for which no tool is available.
=> Write, modify and compile exploits.

How can one expect to use a tool for something that it was never intended for if she can't read it source. She has to satisfy herself by just getting a broad overview of the tool available in the manuals. She can't "hack" tools without knowledge of programming.

I have tried to present my point by giving examples related to pentesters, like use of tools etc. There are many more reasons to learn programming. It is an indispensable skill.

I think that it is high time we should have a forum dedicated to programming on EH.

Regards
shakuni
There is no rule, law or tradition that apply universally... including this one.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sun May 25, 2008 12:12 pm

Re: An letter to don...

Hey Shakuni,

Thanks for your compliments. And back at ya. Your participation has been of high quality itself.

As for a programming, I agree with you. So much so that I thought it was just something that would permeate every board.

On the other hand, I'm always open to feedback and suggestions. If we get enough people to reply to this post with the same feelings that we need a board dedicated to programming, then it shall be done. I've always thought about sub-boards on each language. I'd like to hear thoughts on that as well.

The floor is open...

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Bogwitch

Jr. Member
Jr. Member

Posts: 51

Joined: Wed Aug 16, 2006 3:29 am

Post Sun May 25, 2008 1:27 pm

Re: An letter to don...

My 2p worth....

I think that a programming board would be a Good Idea.
My experience with programming if fairly limited, I understand assembler to a degree but my only experiences are with Z-80, 6800 and 68000 and a small bit of 8086 back in the mid 80s. Since then, I have only dabbled with a little disassembly/ analysis.
I have used C quite productively, even going so far as to adjusting Linux kernel drivers to support my own hardware. I spent a good while messing about with TurboC under DOS (which I am glad to see that Borland are now giving away!)
Since C++ gained popularity, I have moved away from programming, I found the command set to be so vast as to be off-putting.
I can script to an acceptable level whether bash, csh or dare I say it, batch. I can read and understand to a greater or lesser degree, most scripting languages.

So in short, I can get by, but my skills are lacking and would benefit from some tuition, particularly when it comes to the Windows interfacing side of things.
CISSP, C|EH, C|HFI
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Sun May 25, 2008 1:55 pm

Re: An letter to don...

I think it'd be good as well to add a programming board to the site. I think it'd attract a bigger crowd around here. It'd also prove useful to me too because I'm taking some programming classes.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

shakuni

Jr. Member
Jr. Member

Posts: 80

Joined: Sun Nov 04, 2007 2:24 pm

Post Sun May 25, 2008 2:07 pm

Re: An letter to don...

So in short, I can get by, but my skills are lacking and would benefit from some tuition, particularly when it comes to the Windows interfacing side of things.

Modesty. :-*
You are one of few people who understand assembly. When I find some new trick in assembly, I have to work harder to find someone with whom I can discuss it.

Since C++ gained popularity, I have moved away from programming

Although the most popular languages today are java, C#, python etc. But from security perspective, I suggest one must master C,C++ and assembly. And once you master these languages you can master any of those VHLLs within a week.
(It took me just a week to master java since I knew C and C++ well)

So Guys, lets have a forum dedicated to Programming on EH.net.
Last edited by shakuni on Sun May 25, 2008 2:09 pm, edited 1 time in total.
There is no rule, law or tradition that apply universally... including this one.
<<

Bogwitch

Jr. Member
Jr. Member

Posts: 51

Joined: Wed Aug 16, 2006 3:29 am

Post Sun May 25, 2008 3:25 pm

Re: An letter to don...

shakuni wrote:
So in short, I can get by, but my skills are lacking and would benefit from some tuition, particularly when it comes to the Windows interfacing side of things.

Modesty. :-*
You are one of few people who understand assembly. When I find some new trick in assembly, I have to work harder to find someone with whom I can discuss it.

It's been a long time since I seriously programmed in assembler. In fact, back in the days of the ZX81, I used to know the instruction set so well, I could input raw hex code. I've lost a LOT of braincells since then!

Although the most popular languages today are java, C#, python etc. But from security perspective, I suggest one must master C,C++ and assembly. And once you master these languages you can master any of those VHLLs within a week.
(It took me just a week to master java since I knew C and C++ well)


I can largely understand code I review. That said, I find code review one of the most tedious parts of a security assignment (That, and the documentation!) So, understanding C++, C#, java etc are not too much of a problem but I couldn't possibly be a programmer myself. I  have to sit with a command reference when I do the code reviews - probably why I find it so tedious. Thankfully, I don't have to do too much of it.
I aught to brush up on my programming skills, I have thought about contributing to a couple of projects that I have foundto be interesting, useful and lacking in development but there is a lack of time that prevents me from doing so at the moment.
CISSP, C|EH, C|HFI
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Tue May 27, 2008 3:29 pm

Re: An letter to don...

I think a programming forum here on EH net would be a great idea.  While I am not a programmer myself, I see myself getting drawn to that area if I want to succeed at being an expert in the IT Security field.  So I would love to have an area on this forum to discuss my short comings with people already knowledgeable  in security programming.
CISSP, CEH, GPEN, GCIH, GCFA

Return to Opinions

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software