Security Without Coding?

Phalanx

So having looked into both sides (red/blue) of security, I haven't found any definitive kind of answer. Was wondering from people's experiences here.

Which of red or blue offers the most/least in terms of coding involvement/knowledge to get the job done? Or is it a 50/50 split?

atippett

The terms Red/Blue team get thrown around like hotcakes these days. Can you give us more specifics on how you define those terms?

Phalanx

I thought it was adversarial role vs defensive role, no?

the_Grinch

I'd say it's 50/50. Scripting would be the better term to use. That's not to say that scripting isn't programming, but in the environment on either side you typically aren't getting into heavy programming. In either case, you could definitely get by without any scripting skills, but it's going to make your life miserable.

Bash and Python are you friend in this sphere because it will allow for the automation of your tasks. Data isn't always clean so you will need to munge it a bit to get it into a format that then can be analyzed further. I can give you a great example. I had a Hadoop cluster and was pulling financial data on a nightly basis. In the beginning it was a manual process, sign in and run a command to pull that data. Eventually I setup a bash script to do the nightly pull and I would confirm it completed in the morning. We weren't to the point where we could provide access to the analysts and they weren't going to be able to handle command line stuff.

So I modified the bash script to pull the data and then create a csv with it. Send the csv to the analysts, they import into Excel and do their magic with it.

Thus learn Bash, Python and PowerShell. In either area it will help you and in your current field it will most definitely help out.

NetworkNewb

Are you considering writing short scripts as coding? I write a lot of powershell scripts and have even converted some of those into little apps that my team uses, but I would never tell someone that I do any "coding".

Phalanx

I did put scripting alongside coding. My apologies there. I'm trying to get a handle on how much I need to understand script/coding-wise before I begin delving into security in general. I've never been overly brilliant with coding languages, so I'm hesitant at the moment. I love the security aspect, but any kind of coding makes me pause usually.

CyberCop123

When it comes to scripting/coding for pen testing or security, I like to say "I can hack code", meaning I can alter code, alter exploits and also write quick and dirty python scripts to parse data or automate tasks.

I see some profiles on LinkedIn where some technical people in security state they have knowledge of C and Java. I don't know how necessary that is, I guess C is very useful, particularly if you want to write exploits or develop existing ones.

mactex

You will need to learn how to write scripts or fix them when they break. Like the others have stated above; when you say "coding"; it makes people think of developers and applications. for scripting; PShell, Bash, and Python are probably the most common depending on the role. Best way to learn is to pick one and push yourself to figure it out. The concepts will transfer.

BlackBeret

Security isn't just "offensive vs. defensive", it has a dozens of different job roles. Scripting, programming, coding, etc. are all going to be very role specific.

Paperwork based roles, such as GRC, C&A, etc. aren't going to need any scripting. Likewise, a network analyst doesn't need to know how to script or code, he needs to know how to read packets at the network layer, use tools to parse through them, read them, etc. Of course if he's in an underfunded company or doesn't have expensive commercial tools, he might be looking at raw capture data, and then scripting out tools to look at specific data would be useful. A malware analyst is going to need to understand programming structures down at the assembly level to properly use static reversing and find out what a sample is really capable of.

Also, the realist in me will say there's a lot of under-qualified people filling roles. Sure, a good pentester should be able to script out something to automate X on whatever system he's dealing with, understand exploits written in C, modify them, etc. There are a lot of "pentesters" who just run Nessus and rewrite the reports, and might​ have an understanding of what they're putting in them.

mactex

BlackBeret wrote: »

Security isn't just "offensive vs. defensive", it has a dozens of different job roles. Scripting, programming, coding, etc. are all going to be very role specific.

Paperwork based roles, such as GRC, C&A, etc. aren't going to need any scripting. Likewise, a network analyst doesn't need to know how to script or code, he needs to know how to read packets at the network layer, use tools to parse through them, read them, etc. Of course if he's in an underfunded company or doesn't have expensive commercial tools, he might be looking at raw capture data, and then scripting out tools to look at specific data would be useful. A malware analyst is going to need to understand programming structures down at the assembly level to properly use static reversing and find out what a sample is really capable of.

Also, the realist in me will say there's a lot of under-qualified people filling roles. Sure, a good pentester should be able to script out something to automate X on whatever system he's dealing with, understand exploits written in C, modify them, etc. There are a lot of "pentesters" who just run Nessus and rewrite the reports, and might​ have an understanding of what they're putting in them.

This is spot on. I should have clarified my earlier statement about scripting would be more for an Engineering type role; which is what I do (Blue Team).

yoba222

Scripting and coding are the same thing. Scripting is coding in a non-compiled language. People also associate scripting with batch scripts and sort of assume maybe that a batch script is not coding. It is though.

Python, Java, bash, PowerShell, the Windows command line interpreter--they're all Turing complete.



Blue teams and red teams refer to penetration testing training exercises. There's nothing ambiguous about the terms. Blue=defense and Red=offense. It's derived from US military and has been a term in use for many years.

As far as which is more useful for blue/red, in my opinion it isn't needed for either, but more useful to a red team. On the red team side, you can write/modify exploits. Without that you have to rely on whatever exploits someone else has written.

On the blue team side, you can reverse engineer malware. This isn't needed but nice to have.

LonerVamp

(It's really not worth discussing the nuances or red/blue team labels; it's all pretty ancillary to the OP.)

Just like other places in IT, today's world is about automation, which often means some level of scripting or coding. I'd say moreso on the red side than the blue side (and even less so if you're doing audit/policy). Red side often will be looking to break code or run code, so typically needs more of a mind for it than the other side.

But just like IT roles, you can certainly get by without it, but I feel like you'll be limited at some time or other.

That said, if you know how to script in XYZ or done coding in ABC, you have a firm grasp of the logical fundamentals of code operation, which means you'll be fine and can pick up whatever specifics you need on a job by job basis.

NetworkNewb

yoba222 wrote: »

Scripting and coding are the same thing. Scripting is coding in a non-compiled language.

So they are same thing, but different you say... All cleared up now! :P



(realize it just semantics and just joking)

JoJoCal19

Others have already covered the benefits of scripting Python and bash. I will say that while not being able to script or code hasn't hurt me in my current career, it has prevented some doors from being open in the first place. Learning both is on my 2018 list of to-dos.

stryder144

edX has some interesting courses to help with scripting/programming. Microsoft, Harvard, & MIT have the most interesting ones, in my opinion.

chrisone

Familiarity of some coding languages always helps within the security realm. I think people get confused or believe they need to have a developers level/knowledge of coding. As for myself I want to be experienced with Python, PowerShell, and C#. I don't necessarily need to be super good at these languages or build apps with these, I just want to be "experienced" enough with them in order to "assist" my other security skills.

As for who codes more, its hard to say as each security engineer or team will use coding to assist in their goals. If you held a gun to my head, I would assume red team may code more since they create the exploits, malware, viruses, that take advantage of vulnerabilities.

#Purple_Team

TheFORCE

most security roles do not require any coding or scripting knowledge especially when you have different teams in your department.