White Hat

This concept is usually more for Cyber Security, but I feel like it should apply to just about every aspect in life. White Hat means that you are operating in respectable and honest ways. This can be seen as doing what's right, or doing what's honest. Think of it like being a Jedi. Being White Hat means you follow a code of ethics. In Cyber Security, you usually sign something like a White Hat Manifesto. That's actually why I won't delve too deeply into Red Teaming / Hacking, as I won't be able to teach what I know without having that assurance that it will be done as White Hat only. I should also mention that anyone learning Cyber Security on their own needs to be careful. Just about anything you do when Red Teaming can be considered illegal and potentially will lead to your arrest, fines, and incarceration. There are several websites that you can practice security concepts on, which I might list at some point. Just be careful.

Anyway, back to White Hat. For me, being White Hat also means teaching others in an honest way. I'm happy to teach what I know, but I won't ever just give someone the answer. It doesn't do anyone any good if they don't figure things out for themselves. So, if you ask a question to me or anyone associated with these tutorial resources, be ready for a vague answer. Hopefully, the examples I provide will be enough for anyone to at least know where to start. Now, don't get me wrong, it's more than ok to help others when they're stuck or frustrated. You just need to be sure you're actually helping them by them understanding why something works. I actually encourage everyone who uses this site to help others when possible. When you are able to explain these ideas to others, you're actually solidifying your own knowledge of the ideas.

That's part of why I'm going back and explaining as much as possible. As time goes on, I get a bit rusty with things I've learned. That's why certifications only last so many years before they have to be renewed. Not only that, but I feel like the world would be a much better place if people were more inclusive with education. It's fine to be proud of what you know, but it's never ok to deny others of such knowledge. The more you help others, the better you know it as well. So, don't worry about facilitating your competition. Trust me, there's already going to be plenty of competition in the world of Computer Science. Also, future generations are going to be exponentially better at technology. So, keep that ego in check and be excited to lend a helping hand to others. Chances are, you will feel rewarded when they understand. If you don't, then you can decide to be guarded with your knowledge. But again, in my opinion, that's one of the things wrong with our world today. Ok, that's my soapbox for White Hat.

Thesis: The Relevancy and Irrelevancy of Labels: A Look at Distributed Social Engineering

Engineering human behavior in a distributed fashion.

The concept of Social Engineering usually refers to manipulating a person in a negative way. The act of using the psychological and behavioral aspects of a person to "hack" them.

Linux

For anyone interested in Computer Science or Programming, Linux is a must! Linux is an Operating System, like Windows or Mac. However, unlike those other two, Linux is Open Source (FREE), much like this project. To download a version of Linux, visit:

Now, it might be a little tricky to setup Linux as an operating system if you haven't done something like this before. You can either save a Linux distrobution to a disk or flash drive. Then, restart your computer and push the "F" key that brings up the boot menu. Select the storage device containing Linux from the boot menu. You'll need the flash drive plugged in or the disk in the disk drive prior to restarting your computer. Honestly, I just spam push all the F1 - F12 keys as my computer is starting up. I'm pretty sure it's either F5, F7 or F12, but you'll be able to tell pretty quickly.

The easiest way to start learning to use Linux is to create a free account at Replit. Here's the link for that:

Replit uses a simulated terminal, also known as a command line interface (CLI). This is also what I use to test Python code, so it's worth checking out. However, everything you can do with a Replit account, you can do with your own version of Linux. As you become more experienced, you might decide you like Red Hat over Debian, or some other distrobution of Linux. For starting out, simple Ubuntu is fine. Just know that each distrobution might have different commands for different things, so it's good to Google how to do something if you are unsure. The Linux basics should work with every distrobution, but things like installing new software or updating are distrobution specific.

Regardless of what "flavor" of Linux you choose, there are a lot of commands you will need to know. While Linux has Guide User Interfaces (GUIs) just like Windows or Mac, Linux relies heavily on the Terminal (CLI / Command Line Interface). GUIs are what most of us are used to. Think of the Windows File Explorer, or whenever you click through folders like Documents, Downloads, Pictures, etc. A GUI has pictures and details. A Terminal is a text-based way to traverse folders, work with documents, and gather details about your computer. Instead of being able to click on pictures of different folders or files, you need to use commands like cd, cat, touch, and so on. For a good explanation on the basics of Linux and the terminal, check out this link from freecodecamp:

Before you learn any actual coding, it is really helpful to play around in a Linux terminal first. Try to create some files, move up and down through a file structure (go into and back out of directories, which is the Linux way of saying folders), install Python3 (or the most recent version), and as many of the 50 most used commands in the article from that link. You should also become comfortable typing "man -command-", where -command- means literally any command you use in Linux. Things like cd, ls, cat, vim, scp, grep, are all also "tools." That means that they are programs coded to help you in various tasks. When you use "man ls", you'll be pulling up the "manual" page (man is short for manual, not an actual man), which will tell you the different options you can use with ls, some background info on it, and relates tools. It'll take some time in the beginning, but reading man pages really helps your Linux skills.

Google Fu

I'll be adding this section to several other pages of this project. This is intentional, as it's probably the most important skill you will need to be a Computer Scientist.

Google Fu refers to one's ability to effectively use a search engine. Now, this might sound simple and something you need not concern yourself with, but it is paramount in Computer Science! I learned real quick in college that knowing how to properly Google search is important.

By properly, I mean being able to find exactly what you're looking for. Or, at least you want to narrow your search results to useful information. Just about anything you want to know has extensive documentation available online. I encourage you to search any terms or concepts that you want to understand better.

To do this, try only searching a few key words at a time. If you're looking for something specific to a programming language, be sure to include the name of that language. Whenever I need to do something with my code that I'm not already familiar with, I try searching with something like: sorting Python. Or: frequency Java. Or even: for loops bash. The less words you use, the less extra results you'll have to sift through. It takes some practice, but this is easily one of the most important aspects of Computer Science. The CS world is constantly changing and you're often required to learn new skills for your career.

After some practice searching for Computer Science concepts, you'll start to notice certain helpful websites that you'll see often. Some of the most popular sites I've used are Stack Overflow, W3 Schools, and Geeks for Geeks. Be careful with any links you go to, though. You should never click any advertisements, as these aren't always regulated well or screened for malware. That's part of why I want to include as much content as possible on this site, so you don't have to worry about annoying ads. However, there's no way I can possibly cover everything you would need to know to be successful. So, you'll need to get good at Google Fu. Oh, and any search engine works. You don't have to be restricted to the Google Giant.

Google Fu is also useful with error messages. If you ever get an error message and would like to know more about it, just copy and paste the entire error message into a browser. You'd be surprised with how many other people got the same error message. You'd be even more surprised (but not in hindsight) how often people will post detailed explanations and solutions for these error messages. All it takes is a little (or a lot) of frustration from an error to inspire someone to help make it so no one else needs to go through that headache.

Debugging

One of the most important and possibly most frustrating things about Computer Science is debugging. I'm going to lay out the most common bugs that I've created, how to find them, and how to fix them.

So, say you have a program that you coded. As you look it over, it looks like it should work as you would expect. However, you're getting either the wrong output or an error message.

Before I get too deep into debugging, I would like to explain the concept of the rubber duck. This might sound silly, but it's a widely used and accepted practice in the world of Computer Science. The idea is you take some inanimate object (commonly used is an actual rubber duck) and you talk to it. Explain what your code is supposed to do and how it's doing it. This can be any object, or even a pet. The idea is you walk through your code by explaining it to something that can't respond. By doing this, you'll often discover the bugs, or flaws in your algorithm.

Another important tip for debugging is to take breaks. I spent countless hours struggling with various bugs and wished I would have just walked away from time to time. The longer you stare at something, there's a good chance you'll keep thinking about it the same way. Getting up and doing something else allows you to think of other angles to the problem. Often times, the solution to a bug would come to me while I was doing something completely different than working with code. Also, remain as calm as you can and remember you're not alone. Literally every single other person that knows Computer Science has gone through what you're going through. Often, struggling with a bug will actually make you that much better at programming, depending on how much it sticks out in your mind. I write plenty of bugs in my code and have to take my own advice. However, instead of spending hours or even days on a bug, I usually find and fix it in minutes.

The first thing to do is look at what the error message is saying. You can even copy and paste that error message into Google (or whatever search engine you prefer) and find a more detailed explanation of what the error is.

The most common bugs (at least for me) have been misspelling or using improper syntax. With both of these problems, you want to go back and read through your code. The reason most professors and instructors start with "Hello World" programs is that it's very useful to be able to print information to the console. This allows you to check the values of variables or functions as you go. The best way to use these print statements is to start from the top of your code. Anytime you change or use a variable, try putting a print statement right after that. Print out the value of that variable and make sure it either changed as you expected, or didn't change if you weren't expecting it to. This will show you what's going on with your variables. You'll also want to add some text with the value, so it makes sense when you're looking at the output in the console. Say something like: "Variable is:" + variable. You might have a lot of things showing in your output, so it's useful to be able to tell what you're looking for.

Print statements are also useful with seeing where your program crashes. If you have no idea how far the code goes before a bug happens, try putting print statements in various places. It can be as simple as saying "Made it here" and "Made it here also." Just make sure you change the print statement if you're using more than one, as it makes it easier to see exactly where your issue is. Don't forget to remove these print statements after you fix the bug. You don't want a bunch of "Made it here" or "Why is this not working?!?!" showing up when other people try to run your code.

Security

Like I mentioned above in my White Hat section, I won't be going too deep into what I know about Cyber Security. However, there are a few things everyone should know about keeping themselves safe.

First, passwords. Most websites and applications require you to make your passwords more complex than previously. Things like longer passwords, upper and lower case characters, and special characters are all good ideas to strengthen your password. What's even better is to create an acronym for your password, yet still mix in upper case, lower case, and special characters. It's a good idea to keep a physical rolodex handy. Of course, you need to be careful of anyone with physical access to your rolodex, like roommates, coworkers, or significant others. What I do is keep a slip of paper in my wallet for work passwords and a physical rolodex next to my home computers. That way, I can make my passwords as complex as I want, often creating lengthy acronyms of my favorite comedy quotes. Acronyms are when you take the first letter of each word in a group of words or a sentence. You'll still want to throw in some special characters, like @,$,#,!,? to name a few. Numbers are good too, just as long as you are able to remember what you use. Never use the same password twice! Often, if one password is compromised, a bad actor (or nefarious person) can use that to guess at your other passwords. There are so many websites and apps that require passwords and it's surprising how just one of those passwords being cracked can lead to more serious intrusions into your life.

Next, your user accounts. Now, this one is still weird to me, but it makes total sense. Most of us like to have our user account for our computer to be an Administrator account or super user account. This makes sense, as we own the computer. However, this can be dangerous. Most times, a hacker will try to become you. If you click a link or have some other vulnerability that allows them to impersonate you, then they can do all the things you're allowed to do. If you use a normal user account in your day to day activities, then a hacker will have to try that much harder to take over your computer. So, create an Administrator account to use when doing things like adding / deleting / editing users or software. For everything else, use a normal user account. This also goes for things like databases. If you're going to be creating databases, then you'll need a super user account. If you're just querying databases, then you can get by with less privileges.

Changing default credentials. If you have default credentials, then you need to change them immediately. This usually applies to things like routers, which most ISPs (Internet Service Providers) will actually make you change the default credentials when installing equipment. This also goes for database or web server credentials. A common tactic for hackers is to look up your equipment and just guess the factory default credentials. Again, do NOT try this with anything you don't own. You should never be guessing other people's login information. It is illegal and you will get in trouble. Also, don't ever guess at a loved one's logon information. That's also illegal, and will most likely lead to trust issues and possibly losing that loved one.

Phishing. Now, most people today are aware of what phishing is. For anyone who doesn't know, it's when a nefarious person tries to get you to click a harmful link. This could also refer to a nefarious person trying to learn information about you with the goal of accessing your accounts. The most common form of phishing is from email. You should trust the spam filter of whatever email you use. However, you ALSO need to be careful of any email that appears to be sent by someone or somewhere you know. Often, a nefarious person will try to impersonate someone you know, or even a company you know. They've become rather clever at this and can even spoof actual email addresses and IP addresses. This means that you could get an email that looks like it's from a relative or a coworker, but isn't. Always be suspicious of links in emails. Try hovering your mouse over the link to see where it goes. If the destination site is even slightly misspelled, DON'T CLICK IT. If you click a link that is harmful, an attacker can hijack your privileges and act as you. They can also install malware just by you clicking that link. Another thing an attacker might do is design an email to look like an official email from your bank or other business you know. They can even build a fake website to mimic your bank and have you try to login. Then, they are able to capture your login credentials and boom, they can access your account. This isn't just limited to banks, but also things like social media, unemployment, or anything else that requires a username and or a password. Again, a common tactic is to find out even just one or some of your passwords. Then, they'll try using those passwords or usernames for more important accounts or services you use.

Https vs http. Https is the secure version of http. This means that the traffic back and forth is encrypted. Most sites today use a URL that starts with https://. Now, a website isn't necessarily unsecure if it doesn't use https and just uses http, but it should if it involves anything important. Even better, always use an app if your bank or service offers an app. It's really easy to make a fake bank website and have people accidentally go to that instead of the real website. This is known as Person-In-The-Middle, and will allow attackers to record your login information. I will say again, though, do not try to make fake websites. If you're caught (and you almost always will be), you will get in trouble. I'll be adding some links to examples of how bad things can go, but it's best to just not try anything that could be seen as sketchy. Even if it seems harmless, the act of altering or abusing a technology is illegal.

Firewalls, IDS, and IPS. Firewalls are essential to being secure. Before you even connect to the internet, make sure your computer has a firewall setup. If it isn't setup BEFORE connecting to the internet, you will get viruses and malware on your computer, guaranteed. Most computers are already setup with a firewall as a factory default, but it's still a good idea to check it out to be sure. Firewalls can be a bit tricky, but it's best to be over secure. If you find that you're unable to do what you need to do, then you can look closer at the firewall settings and adjust them. Firewalls are especially important if you're going to have anything like a webserver or database server on your computer. Always do your research and know what you need to change to be secure. Open ports are a goldmine for attackers. IDS and IPS are a little more complicated and usually used with actual companies. These stand for Intrusion Detection Systems and Intrusion Prevention Systems. That doesn't mean you can't get these for your personal computer, but it will take some research on your part.

Updates and patches. Always, ALWAYS update your computer. Often times, attackers will exploit your computer if you're using outdated software. Software companies develop patches and updates as they find vulnerabilities or issues. Be sure to pay attention to any time a company tells you that your software is reaching EOL, or End Of Life. If that happens, or the software is no longer supported, then that means they stopped fixing vulnerabilities. This also means that if there is a way an attacker can use this to get into your system, they will. It's best to setup automatic updates for your computer. You'll also want to physically run updates often, just to be sure.

Binary Notation

Binary notation, representation, or format means values are being represented in the Binary, base 2 way. Decimal notation, representation, or format means it's being represented in base 10. This means that there are 10 values that can be used, which are 0-9. If the value is bigger than 9, it needs more than just one digit to represent it. Think about decimal places. As you move from right to left, the numbers increase by a factor of 10. So, it goes 1, 10, 100, 1000, and so on. The same goes for the right side of a decimal place, like .1, .01, .001, .0001, and so on. The difference is, the .1 etc are getting smaller by a factor of 10.

This is similar in binary. Only, in binary, you get two numbers: 0 and 1. If it's more than 1, then the value needs more digits. So, 0 means 0 and 1 means 1. However, 10 means 2. Ok, that's going to sound weird, so it's better to look at several examples. Specifically, you should familiarize yourself with bytes, or 8 digits in binary. Here is how you count from 1-10 in binary:

      
      00000000 = 0
      00000001 = 1
      00000010 = 2
      00000011 = 3
      00000100 = 4
      00000101 = 5
      00000110 = 6
      00000111 = 7
      00001000 = 8
      00001001 = 9
      00001010 = 10

It's going to look weird until you get used to it, and that's ok. It's mostly important to just know what's going on with these 1's and 0's. You can always use your Google Fu to either look up what a binary number is in decimal, or the other way around. There are several useful tools on the web that will do conversions for you. Also, most programming languages can convert values as well.

Basically, as you move from right to left, you add that value as 2^N. N stands for the index of the digit from right to left. 00000001 is 1, as it's 2^0. 00000010 is 2, as it's 2^1. 00000100 is 4, as it's 2^2. But wait, we skipped 3? Yes, you will only get even numbers (with the exception of the 1 value) as you move the 1 to the left each digit. To get odd numbers, you can leave the rightmost digit as 1.

Like many things in Computer Science, this will take time and practice. It's handy to write the index above the digits until you get more comfortable with the idea, like so:

      7  6  5  4  3  2  1  0
      0  0  0  0  0  0  0  0

Then, you just find each digit that's a 1 and add 2^N to your total. Again, N refers to the index value, so here it's 0-7. If you have all 1's, like 11111111, you need to add 2^0, 2^1, 2^2, 2^3, 2^4, 2^5, 2^6, and 2^7 together.