A Summer of Learning by Natnael G. '15
Because MIT classes don't spend too much time on hacking into computer systems
“Nat, to hack you need to understand systems better than the sys admins, networks better than the IT department and operating systems better than the people who wrote them” – Dan T. ’85 (my boss)
I chuckled and agreed but little did I know what I was getting myself into.
Eight weeks ago I landed in Austin, Texas to start an internship at Lumension (they sell enterprise level security software, think Symantec & McAfee). The job description was to do some penetration testing with some typical hacking tools to make a guide for sales engineers but what I found was a 10 week introduction to the software security world. What that meant is reading, lots of reading.
And it has easily been one of my favorite summers to date. Computer security is something they touch upon a little bit in classes but it’s something you really can’t delve into until junior year. The internship was pitched to me as a better class than any school could offer and it’s been so much more. There have been three aspects to the work to date.
Script Kiddie 101
The primary portion of this internship was to do quite a bit of work with Metasploit, a hacking framework that makes exploiting an unpatched system as easy as 4 commands. This portion of the internship included a lot of learning about the simple tools put out by the powerful hackers who do this for a living. Script Kiddies are called so because of how simple these tools make it to mess around on the internet and it was a wonderful experience to see what was out there in an environment where I could ask people detailed questions about their inner workings.
Learning About The Backbone of Software
There’s a good reason that it’s hard to take software security classes before junior year and it’s exactly due to the above quote. A lot of my time at Lumension has been spent learning about different systems and a typical learning session will go like this.
Me: *Hmm, I wonder how Windows handles threads.*
Me: Hey Dan, how does Windows handle threads?
Dan: *20-30 minute speech on the intricacy of Windows* and read this book to learn more.
Me: Uhh, errr, okay. *spend a few hours getting caught up*
It’s been drinking from an entirely different firehose and I absolutely love it.
Writing Test Tools
The last week and a half has been writing test tools for quality assurance and it’s been wonderful to get back to coding. Burning the midnight(uhh the 8:30-5:00) fuel listening to NPR’s Car Talk & Pop Culture Happy Hour, it’s been great to get back to the roots of 6-3.
Two weeks to go!
Edit: I’m going to take the next week off so that I can finish my last week in Austin relaxed. I’ll be back on the 12th from Kansas!