How To: Security-Oriented C Tutorial 0x00 - Introduction

Security-Oriented C Tutorial 0x00 - Introduction

Hello there, reader! If you've clicked on this How-to then it means you are interested in learning some C programming or just generally curious about what this page has to offer. And so I welcome you warmly to the first of many C tutorials!

Introduction

First of all, let me introduce myself. I have been programming in C for a while now and am also still in the process of learning so I am no expert in this field whatsoever. "No expert?" you say, "writing tutorials on C?" What qualifications do I have to write this (and future) tutorials on C to guarantee credible and reliable information? Well I admit it, I have none and I don't know everything, of course, except for the fact that I have experience in programming in C. Now that I have addressed the disclaimer, I want you readers out there to not trust me at all. Seriously, don't entirely trust what I say but try it out and confirm it for yourselves out there, always stay skeptical and if you think something is wrong? Point it out, ask others, try it for yourself and then you shall truly know if the information is either right or wrong. I encourage you all that you go out and experiment on things yourself. Don't be shy.

Why C?

C is the classic language that I believe every programmer must either know or be familiar with. The reason why I think this is because C is a fundamental language and is found everywhere. It is a great language because it is powerful as it takes the high level abstraction of coding and mixes it with the ability to control the low levels, something which most languages are unable to achieve.

C is the standard representation of code in most texts out there and will probably hold its position as such for a long while. Because of this, it's required that you know C so that you will be able to fully understand the presented scenario.

C opens up pathways to both higher level programming as well as lower level programming. Since C is a mix of two worlds, it allows programmers to be able to go either or both way, having background knowledge and experience in either direction, be it coding in Java or in Assembly.

Since C has low level access, it is common to see malware coded in C.

For those who are hardcore fans of the security distribution, Kali, tools such as Metasploit, Aircrack, Veil Evasion, etc. are all either coded in C and/or the output binary payloads are created with C. Understanding C will allow you to also understand how these tools work.

About This Course

How is this different from other tutorials out there? I believe that many tutorials out there lack the important half of what C is about: memory. Memory is quite a difficult concept for starters and it's certainly what make this language so powerful. Of course learning the language itself is crucial but without knowing what works under the hood, the true meaning is lost and you will not have a complete knowledge of what is happening which will prevent you from doing anything beyond an intermediate level merely because you cannot see its entirety and how the higher level language intertwines with the lower level memory to form a union which runs your program. You also probably won't know how to do anything if your program fails to compile or has runtime issues because you will have no idea what you're doing.

Another point is that this course will be done in a security-oriented manner which means that as we go along learning about the language, we will also be covering issues concerning the security and vulnerabilities in the code.

What will be covered in this course?

  • Standard C (32-bit)
  • Basic memory
  • Basic WINAPI
  • Possibly basic malware authoring

I will not cover everything that C has to offer because I highly encourage you to seek out information through independent or collaborated research. I will not be there to hold your hand until the end of time so it is better for you in the long run to learn how to find information by yourself. Of course, any requests may be considered and will contribute to bonus course content.

Who Is the Target Audience?

Preferably, this course is aimed at those who already have some experience with programming however, if this is your first programming language, I will try my best to explain concepts.

Feedback

I attempt to answer all of the questions you have about the content in the tutorials. This language isn't the easiest and I understand if you have trouble (because I had a helluva time when I began learning) so please don't hesitate to ask me or anyone else if you don't know what's going on. If you wish for me to explain more or if the content is too lengthy, please say so otherwise I will not be able to modify future content to suit your level of learning.

Setting Up the Environment

About setting up an environment for you to work with C, there are plenty of resources out there which will teach you that, whether it be using an IDE or using the command line or in Linux or Windows.

In this course, I will be using:

  • Operating System: Ubuntu 14.04
  • Compiler: GCC (through the command line)
  • Text Editor: Sublime Text 3

For those using IDEs out there such as Code::Blocks, Dev-C++, etc. it should be fine if you just click the "Compile and Run" button but any concerns or problems about that, you will have to find elsewhere because it will not be covered during this course.

Style

The style in which I will be writing my code includes:

  • Compact { } brace placement
  • camelCase function and variable names
  • UPPER_CASE constants, words joined with _
  • 4 space indents

You may use your own preferred styling method as you wish.

Conclusion

This concludes the end of the first part of the course. Thanks for popping in and hop aboard if you're interested! Stay tuned!

dtm.

7 Comments

Looking forward to this series!

Good to see someone is making a series about C, because i've been hibernating my series for now. Though I will revive it soon!

Anyways, looking forward to what you have to offer! And, welcome to Null-Byte, ofcourse.

-Phoenix750

Hey there,

Thanks for the welcome! I've noticed that your tutorials have stopped updating for a while and I was wondering if you wanted to do a sort of collaboration where we compile our work into one combined C/C++ series. If you're interested, maybe we can discuss this further.

dtm.

One of my 2016 resolutions for Null Byte was to revive my C/C++ series (aswell as to do a series on hacking the IoT and how to hack industrial equipment), So I'd be interested in a collaboration. Hit me up via PM when you have the time.

-Phoenix750

Hello again, Pheonix750,

I am currently facing an issue where my account's email is unverified yet I have not found a way to verify my email as of this time. I will get back to you as soon as there is a resolution to the issue. Sorry for the inconvenience!

dtm.

Always wanted to learn C, but never found the right tutorial for me.
Looking forward to your approach on the subject.

Hey, Neo

Glad you can join me on this journey! If you find anything that you are not sure about, please, don't hesitate to ask someone for help or find some resources which will help clarify your doubts! Feel free to contact me at any time about anything on this course or C in general if you feel like you still don't understand.

dtm.

Share Your Thoughts

  • Hot
  • Latest