$30 off During Our Annual Pro Sale. View Details »

The Script Kiddie Trap

Abdullah
April 20, 2019

The Script Kiddie Trap

What you need to know before 101 in cyber security.

Abdullah

April 20, 2019
Tweet

Other Decks in Technology

Transcript

  1. The Script Kiddie Trap
    What you need to know before 101
    Abdullah Hussam
    @Abdulahhusam

    View Slide

  2. WHO AMI i
    WHOAMI
    Abdullah Hussam:
    ❖ Information Engineering Student at UOT
    ❖ Application Security Engineer, Security Researcher and
    Sometimes a Bug Hunter
    ❖ Served at: Isecur1ty, EarthLink, Cure53, and Hackerone
    ❖ 10 CVE’s: WordPress, Joomla, Drupal, …etc

    View Slide

  3. WHO AMI i
    Who Are You?
    ❖ Quick Survey!
    ❖ Bug Bounty Hunters: ?
    ❖ Programmers: ?
    ❖ Or Pentesters: ?

    View Slide

  4. WHO AMI i
    Before We Get Started
    This talk is based on my subjective experience.
    Maybe I am right or wrong, I can’t tell.
    Things may vary for everyone based on where, when,
    who and many other circumstances. What works for X
    won’t work for Y and maybe won’t work for you.

    View Slide

  5. WHO AMI i
    Before We Get Started #2
    This talk may piss some people off and if it doesn’t then I
    am doing something wrong here!
    Also, it may involve abandoning norms and sacred cows.

    View Slide

  6. WHO AMI i
    Our Roadmap
    Talk
    Technical Side
    Behavioral Side
    Motivation

    View Slide

  7. Technical Side
    How not to be a script kiddie technically

    View Slide

  8. WHO AMI i
    Who Script Kiddie is?
    In programming and hacking culture, a script kiddie,
    skiddie, or skid is an unskilled individual who uses
    scripts or programs developed by others to attack
    computer systems and networks and deface websites.
    It is generally assumed that most script kiddies are
    juveniles who lack the ability to write sophisticated
    programs or exploits on their own and that their
    objective is to try to impress their friends or gain credit
    in computer-enthusiast communities – Wikipedia

    View Slide

  9. WHO AMI i
    Who Script Kiddie is?
    Fact #1: Everyone starts as a Skid(Technically).
    Fact #2: Skid != Amateur || Noob (Just lazy
    people who don’t want to learn)
    Fact #3: It is not about the age or the title you
    can find a skid with a fancy title and
    sometimes with a PhD!

    View Slide

  10. WHO AMI i
    What is the Script Kiddie Trap?
    ❖ People who think they don’t have to learn
    anymore!
    ❖ People who think every feedback is a
    Criticism.
    ❖ People who judge other people’s skills
    when they lack to.

    View Slide

  11. WHO AMI i
    Avoiding the Trap
    #1 Choosing the Path
    ❖ What you want to be? Security Eng, Security analyst, …etc.
    ❖ What you have to study?
    ❖ Where to start?
    ❖ Where to end?

    View Slide

  12. WHO AMI i
    Avoiding the Trap
    Find the Key Requirements and
    Cover it First

    View Slide

  13. WHO AMI i
    Avoiding the Trap
    #2 Find the Resources
    ❖ Very hard step(You can’t distinguish
    between bad and good).
    ❖ Stick to one resource or jump between
    them?
    ❖ Believe or not

    View Slide

  14. WHO AMI i
    Avoiding the Trap
    Too many aren’t good! Finish what you have and download another.
    My Unwatched Courses

    View Slide

  15. WHO AMI i
    Avoiding the Trap
    #2 Find the Resources
    ❖ Books are boring sometimes. You can
    read topics instead.
    ❖ Courses have to be presented by
    someone who has day-to-day experience.
    ❖ Write-ups are the most important. Be
    careful!
    “So many books, so little time.” –Frank Z.

    View Slide

  16. WHO AMI i
    Avoiding the Trap
    #3 Security isn’t Just About Security
    ❖ Programming is a key requirement in the
    field.
    ❖ Choose a language based on your focus
    area.
    ❖ Do some programming tasks.
    ❖ You can’t fix what you can’t understand.
    ❖ You can’t hack what you don’t understand.

    View Slide

  17. WHO AMI i
    Avoiding the Trap
    #3 Security isn’t Just About Security
    ❖ Network is a key requirement in the
    field(Mostly).
    ❖ You can’t understand how things work
    without understanding how the network
    works.
    ❖ No deep knowledge, unless network sec
    role.
    ❖ It is very easy! More than other fields.

    View Slide

  18. WHO AMI i
    Avoiding the Trap
    #3 Security isn’t Just About Security
    ❖ OS is also a key requirement(Specially
    Linux)
    ❖ You need to know how to use, secure,
    and analyze these systems.
    ❖ You need to know how process, threads,
    and protection are implemented in these
    systems. Specially if you want to work on
    the binary-level.

    View Slide

  19. WHO AMI i
    Avoiding the Trap
    #4 Bug Bounty Programs
    ❖ What is it?
    ❖ Platforms: HackerOne, BugCrowd,
    HackenProof, …etc.
    ❖ Self-Hosted Programs: Facebook, Google,
    …etc.
    ❖ Bug bounty has more than one face.

    View Slide

  20. WHO AMI i
    Avoiding the Trap
    #4 Bug Bounty Programs
    ❖ The good parts:
    • They give unlimited opportunities to
    everyone around the world!
    • A lot of money if you do it well.
    • You can build a name with it.
    • You can join the community very easily.
    • It is a huge +1 for your resume.

    View Slide

  21. WHO AMI i
    Avoiding the Trap
    #4 Bug Bounty Programs
    ❖ The bad parts:
    • It may(the bug hunting) waste your time.
    • Delay in response, fix, and rewarding
    processes.
    • Sometimes they give a false indicative
    about someone’s skills.
    • Fact: Skids can find bugs too!
    • Rewards are low(it debends)

    View Slide

  22. WHO AMI i
    Avoiding the Trap
    #5 Capture the Flag
    ❖ What is it?
    ❖ Very good to earn new skills and tricks.
    ❖ Good hackers sometimes aren’t good
    ctfer and vice versa.
    ❖ When to participate?

    View Slide

  23. WHO AMI i
    Avoiding the Trap
    #6 Joining the Community
    ❖ Where? Twitter, Slack, and Reddit.
    ❖ How? Write-ups, Involve in discussions,
    and help others.
    ❖ Participate in CTFs.

    View Slide

  24. behavioral Side
    How not to be a script kiddie behaviorally

    View Slide

  25. WHO AMI i
    Avoiding the Trap
    Don’t think you are special!
    ❖ Some people think they do the God work by themselves.
    ❖ You aren’t one of a kind.
    ❖ Don’t underestimate other people’s work.
    “You're never too important to be nice to people.” - Jon Batiste

    View Slide

  26. WHO AMI i
    Avoiding the Trap
    Make friends not enemies
    ❖ It is better for your future opportunities.
    ❖ Sometimes people hate you for what you are. (They are jealous)
    “If nobody hates you, you are doing something wrong.” – Dr. House

    View Slide

  27. WHO AMI i
    Avoiding the Trap
    Three hard-to-say phrases
    ❖ ‘I don’t know’
    ❖ ‘I need help’.
    ❖ ‘I was wrong’.

    View Slide

  28. WHO AMI i
    Avoiding the Trap
    Must to do things
    ❖ Credit people for their work.
    ❖ Don’t talk about what you don’t know.
    ❖ Don’t involve in no-wins situations.
    ❖ Don’t use your skills to hacking, attacking, or threating people.
    ❖ Don’t use fake name and images. That’s lame.

    View Slide

  29. WHO AMI i
    Avoiding the Trap
    Less I more We

    View Slide

  30. Motivation
    Get some home with you

    View Slide

  31. WHO AMI i
    Get Some to Home with You
    Motivation
    ❖ It is very easy to get involved in the community.
    ❖ It is very easy to find job when you are skilled enough. 3.5M unfilled
    positions by 2021 - cyber security ventures
    ❖ You are going to have friends from all around the world.
    ❖ If you are ambition enough you can get a job at Google or Facebook.

    View Slide

  32. WHO AMI i
    Get Some to Home with You
    You need to increase your network.

    View Slide

  33. WHO AMI i
    Offers I Got
    This talk isn’t about
    me it is about you!

    View Slide

  34. WHO AMI i
    Questions?
    Q&A

    View Slide

  35. WHO AMI i
    Bye!
    Thank you!
    Website: ahussam.me
    Twitter: @Abdulahhusam

    View Slide