Not all cyber security professionals need to know how to code. But if you do know how to code you will boost your productivity and make you an extremely valuable member of your cyber security team.
Here are 6 best programming languages to learn for Cyber Security.
Python is a powerful interpreted, object-oriented, high-level programming language.
Ok, that’s a very descriptive sentence, lets break it down and go through why Python is a great language to learn for cyber security.
A high-level language is a programming language with strong abstraction from the details of the computer. What this breaks down to is that the language of python is programmer-friendly, easy to understand, portable, and simple to maintain.
Python is an interpreted language. This means that it does not need to be compiled, all we need is the python interpreter installed on our system.
Why Should You Learn Python for Cyber Security? We have a full article on this topic, but we will give a brief summary here.
Python is number one on our list today because of its popularity and ease of use. When we have to write a script in cyber security, the odds are that we will be pretty crunched for time.
The amount of cyber security and other useful libraries that the python community offers are almost unmatched. This means that we can quickly implement libraries, or adapt solutions that other cyber security professionals have made public.
Let’s face it, Windows is not the preferred operating system for most cyber security professionals. For this reason, many people often overlook PowerShell.
If you are a defender, most of the systems and workstations you will be defending will be windows based.
If you are an attacker, most of the systems and workstations you will be attacking will be windows based.
So, if our clients and our targets are going to be windows based, it is a very good idea to learn PowerShell.
PowerShell For Blue Team
Understanding the Attacks: As Blue-Teamers it is very important for us to understand PowerShell. We need to be able to at least read and understand PowerShell. To better understand the PowerShell attacks that are occurring in our environment we may also need to de-obfuscate it.
Writing Defensive Rules: Hopefully, we can stop the attacks before they successfully execute. Understanding PowerShell will help us create alerts and ensure we are upholding all of the PowerShell best practices.
PowerShell For Red Team
PowerShell has been used widely by attackers in the past and is now becoming increasingly harder and harder to get away with.
Blue teams have invested a lot of time into rule creation and because of this, red teamers are moving away from PowerShell. More and more attackers are moving to C#. Don’t worry, we will be telling you why later on in this article.
Why Is PowerShell So Useful for Attackers?
Living off The Land
Living off the land is a common attacker expression that basically just breaks down to using the tools and utilities that are available to you on the system you are attacking.
PowerShell is a very dangerous tool in the hands of a red teamer. PowerShell is built on the .NET Framework. In addition, PowerShell is a built-in command line tools on the systems that attackers are targeting.
PowerShell has access to the Windows API and .NET classes so it can be used to perform some very dangerous and powerful actions.
Blending in With the Noise
PowerShell is used very often in enterprise environments. System administrators commonly use PowerShell to perform administrative tasks. This makes the life of the blue teamer very difficult.
Defenders must be able to sort out the legitimate PowerShell activity with that of the attacker.
PowerShell Through WinRM
WinRM is a remote management utility, commonly used by system administrators. It is also commonly abused by attackers. Attackers can run PowerShell commands or scripts through WinRM in an attempt to avoid security controls.
Fun Fact: You actually can install PowerShell on Linux.
Many people debate whether Bash can actually be described as a programming language. It is a shell scripting language that is available in the Linux shell and can be installed in windows as the Windows Subsystem for Linux (WSL).
Regardless of whether you want to call this a programming language or not, understanding bash is vital for your cyber security career.
Bash for Blue Teams
Bash can be very useful for blue teamers; they can use is to create scripts of tasks they have to run frequently. This saves time and eliminates misconfigurations.
Blue teamers also need to protect Linux systems. They can utilize bash scripts to harden the systems and ensure that systems are up to date.
Bash For Reverse Engineering. Defenders can perform basic checks or write a script that can examine malicious files.
- Strings (prints strings of printable characters)
- Nm (list symbols for target program)
- Strace (trace system calls made by a program)
All of these Linux commands can be put into a bash script that may run a series of checks when a suspicious file is identified.
Bash for Red Teams
Attackers have to be very adept at bash scripting. Most attackers will be using Kali Linux or a similar distribution to carry out their attacks.
The more experienced an attacker becomes the more bash scripts they will create to automate their processes.
Some example use cases that an attacker would create scripts for are infrastructure scripts, text processing, password spraying, emailing, port scanning, etc.
Let me make this clear, bash is rarely used to actually perform the attacks, it is more of a language to support the back-end efforts of the attacker on their Linux attack host.
With that being said, if the attacker is targeting a Linux host or a server running Linux they may employ some more fun bash scripts.
Some examples of offensive bash are, identifying privilege escalation opportunities, creating a simple reverse shell, searching the file system for interesting information, etc.
As you can see, bash is very useful for both attackers and defenders to be able to write and understand.
If you are interested in learning bash, check out this video and article where I cover the 25 most commonly used bash commands in cyber security.
As we discussed while talking about PowerShell, C# is more commonly being used as a PowerShell replacement by attackers. This summary is about to get slightly technical.
Why Do Attackers Use C#?
The use of PowerShell by attackers hit its peak around 2015-2017. Defensive security teams caught on to this and there was a massive effort to secure PowerShell execution.
Skip ahead to 2020 and most organizations have at least enhanced PowerShell logging and have rules to pick up on malicious commands.
Enter C# which shares the same underlying technology (i.e. .NET runtime) with PowerShell but is lacking many of the security features that PowerShell has.
The bottom line is that C# still has access to the .Net libraries and underlying windows components but is not as heavily scrutinized by defensive toolsets.
Running A .NET Assembly in Memory
We previously mentioned that it is significant that C# utilizes the .NET framework. Let’s dig in to how attackers can abuse this.
C# is a compiled language. After we compile our code, we produce a .Net Assembly. Assemblies take the form of executable (.exe) or dynamic link library (. dll) files.
This becomes extremely useful when we have a tool like Cobalt Strike. Cobalt Strike is a popular command and control framework used by attackers and penetration testers.
Cobalt Strike’s “execute assembly” command will run a local .NET assembly in the memory of a process that is on the targeted host.
This means that your malicious binary (.exe file) will never touch the disk of the host you are targeting. This drastically decreases the risk of detection.
If you are looking to get into offensive security+, I strongly recommend you familiarize yourself with C#. It is a very powerful language.
Guess what was the most popular hacking technique (not a fan of that phrase) of 2019? The answer is XSS!
According to Fudzilla, Cyber-attacks have targeted nearly 75 percent of large companies across Europe and North America over the last 12 months. According to Precise Security’s research 40% of all cyber-attacks in 2019 were performed by using cross-site scripting, which is hackers’ favorite attack vector globally.
Fun Fact: 72.3% of all cyber-attacks were targeted towards websites, the 2019 data indicates this is the hackers’ favorite platform to perform attacks globally.
Assembly (commonly abbreviated to ASM) is by far the most important tool for any reverse engineer. Assembly is the human readable version of machine code. Assembly is able to be understood by the CPU.
Languages like C, C++, Go, Pascal, and Haskell are all compiled to machine code, and as a result, the majority of malware can be read as Assembly code using a disassembler (software which translates machine code into its human readable version, Assembly).
If you are able to read Assembly well, you don’t need the original code for anything written in a language that compiles to machine code. As a Reverse engineer, it is not expected that you will have the fortune of getting to reverse engineer high-level languages.
Different CPUs accept different versions of assembly language. Luckily there are only 2 common instruction sets when it comes to traditional computers (i386 and x86_64).
If you are interested in becoming a reverse engineer, you should invest the time to learn assembly. It is a long journey, but you will be well equipped and a very strong cyber security defender.
Top 3 Languages for Blue Teamers
Top 3 Languages for Red Teamers
Which of These 7 Languages Is for You?
After you have heard about the 6 best languages for cyber security you probably have a lot of questions about which language is right for you. We will try to make this easy.
For The Newer Programmer
If you don’t know how to program yet, go with python. The python ecosystem will open you up to many projects and libraries that will get you going very quickly.
Need more convincing, I go into more detail here about why you should learn python.
For The Web App Tester
For The Seasoned Blue Teamer
You should invest the time to learn ASM if you want to be a valuable asset to the blue team. Reverse Engineers are few and far between. You will never be without a job!
For The Advanced Red Teamer
Learn C#. This will allow you to better mimic the threats that are out there and ensure your organization is protected.
Everyone should learn at least the basics of Bash scripting. This will save you a lot of time in the long run. I have a video and article here where I cover the 25 most commonly used Linux commands for cyber security professionals.