3

Ever since I was a kid, I've always found malware interesting. I enjoyed analyzing pieces of malware and eliminating common threats for people. I loved analyzing the intricate or sometimes silly viruses and such in a virtual machine.

Fast forward, I'm now 19 and a college student and still haven't learned much in cyber security since I don't know where to begin or how to learn better.

I've never truly looked into how and where to begin if I want to make this my job. Recently, I was inspired by a TED speech by Marcin Kleczynski (Chief Executive Officer of Malwarebytes) where he had basically said something along the lines of "there are too few people in the cyber security industry" and

...If I leave here having convinced just one of you to join the fight in cyber security, I’ve done my job...

The recent WannaCrypt ransomware outbreak also made me want to learn more and fight for it.

At the moment, I only have few basic knowledge for assembly code, networking. Programming-wise, I have only been developing C# applications in my free time.

Edit: The original post was named "Cybersecurity Research: Where do I begin?" After some thoughts, I realized that the topic was perhaps too broad. I'd say I want to get into exploits research, hoping to get exploits patched before anyone could abuse it.

I've seen some posts suggesting that a degree in CS would be crucial; however, seeing that most of the CS majors here don't teach much useful, and the degree is usually quite expensive, I'd rather try to learn everything myself.

StillAzure
  • 131
  • 4
  • https://reverseengineering.stackexchange.com/questions/1812/how-do-i-move-from-rce-being-a-hobby-to-rce-being-a-profession and https://security.stackexchange.com/questions/36331/becoming-a-malware-analyst – julian May 17 '17 at 03:56
  • Note, it is far not so enjoyable as other areas of the programming. First, develop some interdisciplinary knowledge. For example, install Linux, write a tool in it what can be harmed by a buffer overflow attack, turn off its defense and develop an exploit for it. If you learn quickly, it will be around a half year for you to do. Meanwhile, start some it-related study on a University, get a Bachelor degree in IT and then a Master in security. – peterh May 17 '17 at 04:14
  • @peterh the level of enjoyment derived from an activity is subjective. Is your advice here based on personal experience as a professional malware analyst/reverse engineer? – julian May 17 '17 at 06:10
  • for this new focus to the question, the linked questions by SYS_V are where you need to start (see my answer about not needing a compsci degree) – schroeder May 17 '17 at 08:53
  • 1
    As for the degree, you need to understand the *concepts* taught by the degree program, not necessarily to get the degree. Look at the MIT course catalogue and design your own CompSci degree program from the sources that make sense for you (like MIT's free courses!). – schroeder May 17 '17 at 08:54
  • I believe that a degree would be interesting in your case, but that doesn't mean that you can't start to study right now. My suggestion is to create few VMs with outdated software (like, outdated windows XP, old linux versions, etc) and try to exploit those VMs using pre-existing exploits (you can find tons of exploits here: https://www.exploit-db.com/) .. Try to understand the code, how the exploit works, and etc. Maybe try to do small modifications on the exploits and see if they work. – Ricardo Reimao May 17 '17 at 10:05

0 Answers0