What is this about?
I believe that efficient and effective software development is an essential characteristic in any IT-related position. Wether you were a penetration tester, malware analyst, forensic analyst, network engineer or in any it-related position, you will need to be a good software developer to solve the challenges you will face on a regular basis.
New vulnerabilities are discovered everyday. As a penetration tester, you won’t be able to test them all by hand. However, if you are using something like Burp or ZAP you can code your own modules which you can use to detect and exploit this new vulnerabilities. Usually, coding the module isn’t a big issue and is not a technically challenging task, yet people usually do not write the modules because of the “burden” of development! Try to get that off the way to be an 31337 pentester.
Another example, in reverse engineering, you might need to write a plugin to IDA or Radare to do a very specific task to the piece of code you are analysing. It is very unlikely that you will find a plugin that would be that specific. If you have good software-dev skills, the IDA plugin should be a piece of cake for u.
How I do that?
As I recommend all information security enthusiast to participate in as much CTFs as they can, I also recommend them to solve some programming challenges in spoj.com and codeforces.com. Both sites are similar to online CTF websites, where you have different challenges and you try to solve them. The only difference is that spoj and codeforces are software development oriented. Similar to CTFs, spoj and codeforces have offline and live contests that you can participate in.
In this post I am publishing my solutions to most of the challenges that I have solved in codeforces.com and spoj.com. I like codeforces more that’s why you will find more of codeforces than spoj ^^. The main thing I really like about codeforces is that when you submit your code and there is a specific test case that make your code fail, codeforces shows you that specific test case. I see that very helpful especially if you are learning on your own.
Unfortunately, I won’t be able to write a complete walkthrough solved the problems, but (hopefully) the code would be enough for you to understand the solution. It is very time consuming to write a a detailed write-up for more than 100 challenges. In case you find any solutions were un-readable, you want to know why I used a specific approach or you want to discuss the solutions, please don’t hesitate to contact me.
Moral of the story: have good programming skills to build your security arsenal and rule the world ^^
I hope it helps.
PS: you can can find my solutions here https://github.com/the-st0rm/coding-challenges
PS PS: my solutions doesn’t have to be ideal, I am not the best software developer. I am simply someone who tried to solve some challenges