Everyone of us here has above average computer skills, but most of us don't have offensive or defensive cyber warfare skills.
We have all seen how quickly war can break out.
What does one need to know to be of value to one's military, should the need ever arise?
What skills would they be looking for?
How can I acquire those skills?
The quickest way to block cyberattacks with measurable security benefit is probably through network controls. ACLs, segmentation, firewalls, IDS/IPS, etc. You can deploy these and block a lot of attacks right off the bat. Looking into AD security, GPO, anything that can deploy configuration to your entire environment is common to exploit and important to lock down. Those are the kinds of measures that have really measurable impact and help prevent the kind of catastrophe that state-sanctioned operations create.
That being said, and now that it's clear that you aren't just going to push a number higher until you can send all of your cyber zerglings into the enemy's virtual mineral line, this is a good process to follow for finding serious vulnerabilities - exploiting them should be trivial if you have a good enough understanding of the system:
- Think of a system in use, at any layer of the stack. This could be a specific web application in use by the enemy, a runtime that's used by some applications of theirs, or a memory/cache model on a CPU architecture that's flawed or anything like that
- Learn enough about that system that you can understand any inner working of it
- Painstakingly look through areas where you, just via inference, can tell that there could be some sort of vulnerability - key areas to focus on are something that is something downstream to user input, or something similar.
All of that is to say that, if you aren't already "useful", your country is probably going to have a regime change before you can find anything strictly useful.
If there's something simple enough that someone who's relatively unexperienced can do it, then it's probably automated.
OR - use a bunch of stolen credit cards you bought online for $3 each to rent a few VPS' (maybe come up with some consolidation solution to more easily make accounts and setup SSH boxes) and throw as much layer 4 traffic at Russian endpoints as you can :-).
- Know when you might be introducing software vulnerabilities
- Find and repair bugs that might turn into vulnerabilities (things like static analysis and fuzzing, but also identifying code smells and where to inspect)
- Identify and avoid phishing attempts
- Identify (and, ideally, mitigate) places where resource exhaustion attacks are likely to be most effective
- Identify (and, ideally, mitigate) places where a process is dependent on external infrastructure that is controlled by another party
- Teach others how to do these things
These things are of high value in the day to day life of a software developer anyway, and there are lots of reputable resources available to learn and practice. In the future, if it turns out that you need offensive skills, that will work out OK too -- there's quite a bit of overlap, though not 100% overlap.
https://www.gov.uk/government/organisations/joint-forces-com...
If you don't understand a piece of software (and I mean really understand it) you probably can't break it in a meaningful way. You may accidentally break it, but your lack of understanding how it actually works will prevent you from further exploiting it.
Just my 2 cents. Hope it helps.
As part of that training, they should be showing you which skills they want, how they can be acquired, and so on.
This is also important because you need institutional legal support and an objective ethics framework to affiliate with. Otherwise one misstep and you can end up looking like a vigilante even though you had the best intentions. Or you could end up ready to take action yet without the infrastructure or other resources that would be needed to carry out your work in a wartime environment.
If they can't meet that minimum bar it's a non-starter IMO. You are left to your subjective estimations of what is needed and are without formal support. Contact your representatives and hold them to it.
Edit: Is op from UKR? I can't tell--if so the first priority is connection with community of experts no matter how small.
It's a hands-on class that takes you through interacting with programs, to reverse engineering and memory corruption, all the way to race conditions and kernel exploitation.
Created by @Zardus and run also as a class at ASU.
Probably the best education you can get anywhere.
Other than that, working as a pentester. Again, you can learn from online sources, but if you are a competent programmer, why not cold approach asking you would like to work in cyber security
Still def is hard as weakest chain loses and this means phishing, sms, email.
If I were Russian I would have agents working in FB/Twitter and bomb/stalk people based on that.
IMO best software engineers can do to maintain power balance are temper proof communication tools that are easy to use. Best if work also without internet - so called mesh-networking.
- python, C, and assembler
- Gnuradio / HackRF (direction finding, spoofing/replay, jamming, etc)
- basic electronics
- basic model rocketry / pyrotechnics
- basic lock picking, escapes, first aid and wound care etc
- some off the shelf malware / botnet / RAT kits and usb installers, metasploit, etc.
From nothing to developing new zero day probably isn't going to happen during this conflict, and best hack will be using skills to get out of the country.
There was a bunch of things I didn't understand when I first read it, so I took notes of mostly everything and started slowly by isolating topics, trying connect the dots as I was learning something new. Every once in awhile, I would go back to see if there were still things I didn't get it / or had missed, and there was always something. Eventually, the whole thing became a little more straightforward.
From there, it was just a matter of sharping my knowledge regarding more specific types of vulnerabilities and basically try them out into the wild. Worth mentioning, I have a background as a developer and although I had always been interested in cyber security, some concepts just escaped me. My programming skills however, made it easier to understand how to attack / defend applications. But this is just a small part of it.
Hacking is broader than that though, so it's not something that happens overnight. There are things I still have no idea how it works, but at least i know where to look. Also, not knowing a few things here and there doesn't make me necessarily worse than others h4ck3rs, as stupidity plays a huge whole in the cyber security realm as well and quite often, things are easier than you would expect (looking from the attacking standing point). Sitting on the defending side is quite hard though, as you have to covered everything as much as you can, while being an attacker, you just have to get lucky once.
hope this gives you some sort of direction.
Otherwise, maybe try to join your country's cyber warfare group or cyber security in a company. You could try reading up on cyber warfare and practicing on an self-owned network that is not connected to other devices (so you don't accidentally impact anyone else). But I don't think this will be that helpful in most circumstances.
I also think that tanks, fighter planes and helicopters are pretty hard to defend via hacking; it's like defending a password against a 5$ wrench used to hit you repeatedly.
And cyber defense:
"... in cyberspace, it is much easier to attack than to defend. The primary defense we have against military attacks in cyberspace is counterattack and the threat of counterattack that leads to deterrence."
1) There is a real asymmetry between offense and defense in (nominal) peacetime. Helping the defense generally helps the "good guys" much more than the "bad guys" (at least in my worldview). If you look through attempted attribution of 0day attacks in the wild, what you generally see is repressive governments attacking individuals - watering-hole attacks on news sites, targeted malware against lawyers and journalists, etc. Cases of attacks on governments (like the 2012 MD5 collision that took down an Iranian nuclear reactor) seem to be rarer, and in particular, cases that rely on bugs in mass-market software (as opposed to supply-chain attacks or DoSes or very targeted attacks) are rarer, and attacks from less powerful / "hacker underground" groups towards governments are rarer still.
2) Structurally, it makes more sense. Cyberattacks aren't like physical attacks. When ammunition hits a target, there's a very classical-mechanics effect of the energy of the weapon versus the strength of the structure or shielding. Offense, at a very high level, is about more and stronger weapons, and defense is about withstanding or escaping attacks. Software, naturally, doesn't work that way. It's more mathematical; either the attack works, and is potentially completely compromising, or it doesn't. If you can make a system that robustly parses input without bugs (or sandboxes the parsing, or whatever), there is no cyber-weapon that can get past it.
3) You can make a real impact. A huge number of the systems that ordinarily people use are open-source software projects that accept contributions. (And note that this includes a whole lot of security-sensitive code in system that are not open-source as a whole product - for instance, most of the attack surface on iOS is in WebKit, image parsers, or the xnu kernel.) A lot more is available free-of-charge and accepts security reports. And there is, unfortunately, a lot of relatively low-hanging fruit.
Pick something you're interested in, go look at recent exploitable CVEs, and do some reading on how the exploits work and how they might be systematically prevented. A little bit of your time spent making it easier to systematically prevent exploits has a real long-term benefit on the world.
As a good historical example - most database libraries around 10-20 years ago made it most natural to construct database queries by appending strings together, which made SQL injections entirely too common. Since then, there's been a combination of a push for libraries to make it easier to do parametrized queries, a cultural / documentation push to get programmers to be aware of this, and a move towards database abstractions like ORMs that avoided the problem entirely.
Someone who wrote some docs 10 years ago about these libraries probably helped hundreds of annoyed enterprise programmers get their system built in the right way when their boss was yelling at them about deadlines, and may well have prevented millions of people losing their data in a breach.
When you think about attacks on secure messengers, etc., it's not hard to imagine that the same amount of effort could save countless lives just a few years down the line.
I think memory safety is one of the highest-impact changes we could make in development that would help the cause of defense, and there's a lot of work to be done. Most of it, mind you, is not merely showing up places and saying "I'll rewrite this in Rust" - it's helping people be able to integrate incremental rewrites and ship things in new programming languages, or perhaps helping them avoid memory-safety problems in their existing programming languages. Chrome has a good article on this https://www.chromium.org/Home/chromium-security/memory-safet... , and "fuzzing," the technique of throwing generated inputs at libraries to see where they crash and then fixing those crashes, is also highly valuable.
But there are a whole lot of other similar classes of problems to help with, too. The Linux Kernel Self-Protection Project https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Pr... is working on eliminating classes of bugs in the upstream kernel. Some of these have already been addressed, to some extent, in security-focused forks of the kernel, but getting the fixes into the standard kernel is important for getting them in everyone's hands and also a good way to learn about things.
Not sure if it’ll be enough
Adding on to what others have said I would say start with this. To be a useful "hacker" to *defend* your country start with ensuring you are not immediately exploitable yourself & then repeat for others close to you. A incomplete shortlist off the top of my head
1. Ensure all your devices are secured including great passwords, updates applied, minimal/no ports expose
2. Secure your financial instruments w/ great passwords and multifactor options. physical devices like yubikey is (afaik) top of the line, other styles are an improvement over nothing.
3. Create backups of important things so you're unlikely to be blackmailed by ransomware
(others, what am I missing?)