Skip to main content

Helpful Starting Knowledge

This website section should be a starting point for students willing to do a thesis in the field of computer security at PELab.

I am writing these few notes because during the previous thesis activities I found out that there were recurring concepts I was finding myself teaching to every new student.

Hence, I decided to sum up these notes which I think can be useful to know before starting your thesis.

Basic knowledge related to a *NIX system

It is important to understand the basics related to the OS you are using, most probably in the PELab you will work with GNU/Linux or *BSD, so it is strongly suggested to know the following things:

  • What are the main directories? What is each directory purpose? Look FHS
  • Understand that there are two big families of OS distros:
    • Debian
    • Red Hat / CentOS (Red Hat is basically CentOS with support, so it's payed) There are other families or sparse distros, but the above mentioned ones, are the two biggest families
  • Understand that Linux is a kernel, and different distros are not different OSes, but what changes between different distros is basically:
    • Origin distro family (debian based, centos based, gentoo based, ...)
    • Package manager (hence, package names in some cases)
    • Repositories
    • Daemon manager
    • Location of some files
    • Different kernel patches and/or configurations
  • Make sure you know basic regex writing/reading

Be sure to read this: Basic Unix

and to review/be comfortable with this: Command Line Crash Course

You should feel confident with these basic commands.

In addition, I suggest to create a personal knowledge base, and when softwares, parameters, options, arguments, configurations become too many or too difficult to remember, use cheatsheets.

A good collection of cheatsheets is found here: Cheat Sheets

Good to know

  • basic *nix utilities (cat, cd, ls, cp, find, uname, df, dh, ...)
  • regexes (be sure to know these)
  • bash scripting
  • sed
  • awk

Few words on Computer Security

Understand that computer security requires:

  • patience, you will need a lot of this, really...
  • Know how to read (it's not a joke), being able to read man page and manuals is fundamental

Computer security is quite a broad field, it includes many subjects covering very different aspects.

I am more interested in the technical aspects of offensive computer security, where broadly the subfields can be categorized into:

  • Network Security
  • Web Application Security
  • Wireless Security
  • Mobile Security
  • Exploit Development
  • Malware Analysis
  • Social Engineering
  • Open Source Intelligence (OSINT)
  • Cryptography
  • Forensics
  • Reverse Engineering (this is transversal to most of the others)
  • Password analysis and cracking

Be sure to understand at a high level, what each of these fields is related to. This can be helpful to understand what are your interests and better address your thesis work.