I come from a background where I learned to hack to protect myself and the software I created by leveraging tools and utilities – tools and utilities I also frequently used for my own entertainment purposes.
I never – NOT ONCE – hacked maliciously or with bad intentions.
That’s just not me.
Did I know others who did?
Of course I did. I met them. In Romania. In China. In Latvia. In the UK. In France. In Ireland. In Bosnia. and more
Generally they were all really decent people.
As a result I try not to judge.
For me. Hacking and knowledge of hacking has helped me be a better programmer and professional.
In my ‘day job’ – I consulted as a professional for my services with companies and did not always have the luxury of quality assurance around to help. That worked to my advantage, as many times quality assurance would be thinking from a user experience perspective and frequently would completely miss the part where there’s others out there who may be targeting these applications and looking for vulnerabilities for their own personal gain.
I knew this. And did the work I did understanding the necessity to understand the mindset of the hackers is equally as important as being a consultant would to protect my work. And my own ass.
These tools can be used for good. or not so good for this .. or any society.
You be your own judge.
I was what was known as a white hat hacker.
I never did it for personal financial gain.
But I did gain a great education from it, and hope I can inspire others to want to as well.
Your mind will thank me later.
Without further adieu.. the tools…
For questions like: Hey, what’s actually ‘listening’ for connections on my machine, machines on my network, and on remote machines? What known script vulnerabilities are there, if any? What operating system are they running? Is their network protecting the machine or are they just doing a pass through to the machine directly?
I use nMap for port scanning and finding network vulnerabilities:
You can call it .. self discovery.
You can find nMap here
To answers questions like: What does that web page html look like in the http tcp/ip stream? What is being sent cleartext in the HTML stream and are my passwords encrypted? What else is ‘chattering’ on my network, and (especially) from my machine?
For looking at network traffic, aka sniffing – for traffic analysis and filtering..
I use something called Wireshark.
You can find Wireshark here:
I often want to know what’s running when I start my machine up? What services and devices are installed? What applications are chattering on the network, and let’s cleanup/remove the ones I don’t want. What’s slowing my system down? How’s memory being leveraging and what’s using it and where? What resources are contained WITHIN the running applications on my system, and how are they managing their resources? And more.
For analyzing my local machine, I’m a Windows bigot.
For all of this, I use something called Microsoft Sysinternals.
You can find Microsoft Sysinternals here.
I also use the utilities installed on all windows systems such netstat, ipconfig, nslookup, and regedit (or regedt32).
Sometimes a friend may have lost his password and I know it’s in their browser. This site has the utility to retrieve that. Sometimes I like to see what networks are up and NOT being broadcasted around me, this site has that utility. Sometimes I like to test out applications to see how they run under different accounts and with different privileges. This site has that utility.
Finally, for a wide range of more advanced utilities once you’ve gained access to a Windows Machine.
For all these utilities and more, I go to NIRSOFT, a site which has a plethora of helpful tools.
You can find Nirsoft here.
And as a final aside.
I’m not one to really enjoy disassembly or reverse engineering code but I am one to optimize it, and knowing how something functions ‘inside’ and it’s interconnections is equally as important as understanding how to interface with it.
There’s two products I would LOVE to recommend:
One is called .Net Reflector by Red Gate
This is geek speak: But have you ever wondered what your .NET assemblies have ‘hidden’ in them? How the original coders coded and in what language? Can you reuse someone else’s .NET source code when the provider of that code is a defunct company no longer doing business?? Do you want to know dependencies you’re missing, and what’s dependent on an assembly you’ve lost the source code on?
.NET Reflector by Red Gate does ALL this which works marvelously for .NET assemblies.
A true gift from above when it comes to saving your ass when a hard drive fails.
AND THEN, are you a statistics junkie?
How many times is xxx function getting called in the course of an hour? A day? A week? What are the statistics on the time spent INSIDE of a function or a stored procedure? WHERE can you optimize your loads and HOW? What critical areas are getting hit, hard, and can you take a look at doing your code a little differently to optimize the ‘time spent’ to make your software more responsive, more user friendly, and … safer and more secure?
If you want all of this. There’s an AMAZING tool which tells you all this and more. For a guy like me who LOVED making applications kick ass responsive and easy to use, it was a godsend. An amazing software suite which provides the information necessary to make reviewing application work – particularly other’s work – that much easier and less painful than ever before.
You can find Dynatrace here.