Comments on: Scripting and Security http://blogs.windowsecurity.com/parker/2007/07/26/scripting-and-security/ Within Don Parker's blog various computer network security issues are discussed. Find coverage on topics such as patch management techniques, reverse engineering, IDS and IPS evasion, anti-virus and firewall usage. Commentary on the top network security news stories and rumors in the blogsphere. Analysis of common security issues faced by Microsoft Windows users and information is shared to help train network security analysts. Fri, 29 Aug 2008 02:28:09 +0000 http://wordpress.org/?v=MU by: Don Parker http://blogs.windowsecurity.com/parker/2007/07/26/scripting-and-security/#comment-31278 Thu, 09 Aug 2007 14:32:19 +0000 http://blogs.windowsecurity.com/parker/2007/07/26/scripting-and-security/#comment-31278 I will have to take a look at the book on C that you referenced. Indeed if speed is a prime consideration then writing it in C or C++ is likely best. Salut! Don I will have to take a look at the book on C that you referenced. Indeed if speed is a prime consideration then writing it in C or C++ is likely best.

Salut!

Don

]]> by: b0ne http://blogs.windowsecurity.com/parker/2007/07/26/scripting-and-security/#comment-30334 Fri, 27 Jul 2007 15:43:52 +0000 http://blogs.windowsecurity.com/parker/2007/07/26/scripting-and-security/#comment-30334 I generally agree that it is a great asset to posses as a security professional, noting some dependency on the type of work you're doing. As your utility gets more complicated to implement, the "just get it done" productivity gains of the dynamic languages like perl, python, and ruby can be a large boon. Also noteworthy, if your code is used on a daily basis or is iterated through thousands of times, the time saved implementing in dynamic code vs. waiting for it to finish executing can be substantial. For a malware researcher / binary analyst though, it is highly beneficial to have a baseline understanding of such a fundamental and relatively simple language like C. It greatly increases your understand of the more complicated aspects of operating systems and their security. I recently read an excellent book on C. It will help anyone who wants to develop a really thorough understanding of the core language. I recommend "Beginning C: From Novice to Professional" By Ivor Horton / Apress. You can actually preview entire book here: http://books.google.com/books?q=beginning+c+from+novice+to+professional I generally agree that it is a great asset to posses as a security professional, noting some dependency on the type of work you’re doing.

As your utility gets more complicated to implement, the “just get it done” productivity gains of the dynamic languages like perl, python, and ruby can be a large boon.

Also noteworthy, if your code is used on a daily basis or is iterated through thousands of times, the time saved implementing in dynamic code vs. waiting for it to finish executing can be substantial.

For a malware researcher / binary analyst though, it is highly beneficial to have a baseline understanding of such a fundamental and relatively simple language like C. It greatly increases your understand of the more complicated aspects of operating systems and their security.

I recently read an excellent book on C. It will help anyone who wants to develop a really thorough understanding of the core language. I recommend “Beginning C: From Novice to Professional” By Ivor Horton / Apress.

You can actually preview entire book here: http://books.google.com/books?q=beginning+c+from+n...sional

]]> by: Don Parker http://blogs.windowsecurity.com/parker/2007/07/26/scripting-and-security/#comment-30323 Fri, 27 Jul 2007 11:23:32 +0000 http://blogs.windowsecurity.com/parker/2007/07/26/scripting-and-security/#comment-30323 Hi b0ne, I would agree with you that it is largely semantics in regards to the difference between programming and scripting. It has always been enjoyable the times that I have studied C in an effort to further my skills in it. At times an infuriating challenge, but that is what makes it fun :-) In my case I think I need to go to a brick and mortar school and take a formal class. Though it is pretty much impossible to find a course in C nowadays as everything is object oriented in the guise of Java and C++. All that said, I would say though that scripting is the more important skill to have for a network security professional. Would you agree? Reason being is that it is unlikely that one would have to write an app from scratch to perform a function that could likely also be mirrored in PERL or Python. Your thoughts? Thanks for taking the time to write, Don Hi b0ne,

I would agree with you that it is largely semantics in regards to the difference between programming and scripting. It has always been enjoyable the times that I have studied C in an effort to further my skills in it. At times an infuriating challenge, but that is what makes it fun :-) In my case I think I need to go to a brick and mortar school and take a formal class. Though it is pretty much impossible to find a course in C nowadays as everything is object oriented in the guise of Java and C++.

All that said, I would say though that scripting is the more important skill to have for a network security professional. Would you agree? Reason being is that it is unlikely that one would have to write an app from scratch to perform a function that could likely also be mirrored in PERL or Python. Your thoughts?

Thanks for taking the time to write,

Don

]]> by: b0ne http://blogs.windowsecurity.com/parker/2007/07/26/scripting-and-security/#comment-30290 Fri, 27 Jul 2007 01:54:40 +0000 http://blogs.windowsecurity.com/parker/2007/07/26/scripting-and-security/#comment-30290 I would disagree that you have given up on programming. The difference between "programming" and scripting is really a semantic argument with respect to perl and python. Perhaps if you were using a shell script I would agree. To mirror the perl functionality in your nice article using the C "programming" language, I only needed to do one extra step; delcare variables. gcc.exe -o findIP.exe programming_example.c programming_example.c: #include int main(int argc, char *argv[]) { FILE *in; FILE *out; char line[1024]; char match[] = "192.168.1.102"; if ((in = fopen(argv[1],"r")) == NULL) { printf("err - could not open input %s\n",argv[1]); return 1; } if ((out = fopen("articleoutput","w")) == NULL) { printf("err - could not open output file %s\ns","articleoutput"); return 1; } while (fgets(line, 1024, in) != NULL) { if (strstr(line,match)) fprintf(out,line,"%s\n"); } fclose(in); fclose(out); return 0; } I would disagree that you have given up on programming.

The difference between “programming” and scripting is really a semantic argument with respect to perl and python. Perhaps if you were using a shell script I would agree.

To mirror the perl functionality in your nice article using the C “programming” language, I only needed to do one extra step; delcare variables.

gcc.exe -o findIP.exe programming_example.c

programming_example.c:

#include
int main(int argc, char *argv[])
{
FILE *in;
FILE *out;
char line[1024];
char match[] = “192.168.1.102″;

if ((in = fopen(argv[1],”r”)) == NULL) {
printf(”err - could not open input %s\n”,argv[1]);
return 1;
}

if ((out = fopen(”articleoutput”,”w”)) == NULL) {
printf(”err - could not open output file %s\ns”,”articleoutput”);
return 1;
}

while (fgets(line, 1024, in) != NULL) {
if (strstr(line,match))
fprintf(out,line,”%s\n”);
}

fclose(in);
fclose(out);

return 0;
}

]]>