As I will do with most of the technical articles, I feel that a disclaimer is warranted; I am writing this from my own unique, personal experience. I do not claim to be in possession of the one and ultimate truth. I am simply sharing my experiences with the hope that they will help you and better guide your own efforts.
If you are trying to join the infosec industry, or are part of it already but you are looking to expand your knowledge/skills, I am sure you have heard blanket statements when it came to choosing an area of focus. I am referring to sentences like “You need to learn Linux“, or “You have to know networking“, or “You have to focus on coding“. While most people will only have good intentions, sharing these very broad opinions with no further guidance or context can be counterproductive for an industry desperately searching for new talent.
I am of the opinion that we do not check often enough how low or high the barrier of entrance is when it comes to learning fundamentals on ever-growing pillars of our industry.
Writing about this was in my head for quite some time, but it was this great thread by @klrgrz that brought this to the forefront of my mind. I also heard the “learn Linux” advice myself early in my career, and I admittedly took a long time to actually start learning it. My biggest challenge was the lack of direction on how to start my Linux journey combined with the lack of real world use cases in my role as a SOC Analyst. It was only after I started to find those use cases and further context myself that I started to learn, and actually enjoy, Linux. Here is my context, what the “you need to learn Linux” sentence has meant to me thus far:
1 – Learning to navigate in filesystems
Filesystems are one of the most fundamental Linux concepts, which makes it a fantastic starting point for learning Linux. Learning to navigate through filesystems helped me not feel utterly useless in a Linux/UNIX environment from the get go. Whether your blue team uses a Linux-based system for forensic analysis (FlareVM, SANS SIFT VM, etc.) or whether you are an inspiring red teamer, getting familiar with commands like cd (change directory), cat (outputting the contents of a file), ls (listing files in current directory) or pwd (print working directory) will be a great way to break the ice when it comes to shell commands, and serve as a great confidence builder. Knowing how to copy files, move files, or create new folders will also become extremely handy while leveraging a Linux based system at work.
2 – Learning how to get help
I am not simply going to point you to the vast amount of YouTube videos, posts, tweets, graphs, books, and such you can find on Linux in this article. I am sure that you have been bombarded with resources like this already, but a little bit of googling should reveal plenty of great starting points for your own journey. A good progression once I learned to navigate in filesystems was to use the shell to help me while trying to leverage more complex commands or arguments. That is, learning about commands like help (provides a brief description of the command) –help (provides helpful information about how a particular command is used and all its flags/switches) man (provides very detailed manual pages for a particular command) or, a personal favorite, apropos (lists several commands that match the keyword you use).
By doing this I was not only learning about additional ways to use the basic commands or using new ones, but I was also not exiting a command line interface to get the help I needed to use it. This helped immensely when it came to losing the fear or defeating the intimidation factor of interacting with a system that did not have a GUI. Nowadays, I use commands that help me in some way most of the times I am leveraging a Linux shell during my work day. It is completely normal to use them, as it is nearly impossible to memorize all the options or all the commands we can use. Do not beat yourself up over not knowing every single command, as it takes ages to learn them. Even the best analysts in the world are out there looking up information or learning new ways to leverage Linux/UNIX systems.
3 – Learning to be more productive while using Linux
Here is where things can get a bit interesting. Once I felt pretty comfortable around the basics, I quickly learned about different commands or operators I could use to increase my productivity in the Linux command shell. For example, | can help you connect commands to their outcomes. > sends the output from a command somewhere else, >> sends the output of a command to the bottom of a file (instead of replacing its content)
While this all can sound complicated, it is not a hard task to put it into practice and can be practiced with the same basic commands we all learn at the beginning of our Linux journeys. For example: echo contentABC > File1 will create a file (named File1) where the text contentABC is saved.
This is not intended to replace a good Linux course, but to show you that, once that basics are controlled, we can improve our productivity by getting to where we need faster. I have come to enjoy the challenge of figuring if I can simplify my steps to get to where I need to, or even to see if I am able to break down the one-liner I am copying/pasting from a trusted source.
4 – Learning to interact with log files using Linux
Whether you are investigating an issue impacting a Linux system, or simply leveraging a Linux system to aid during an investigation via Linux based tools, or a Linux forensics machine, I would recommend getting familiar with interacting with logs via Linux. Viewing/extracting/moving/filtering logs is part of the daily grind for a lot of cybersecurity professionals, and I found the change from spreadsheets to Linux shell refreshing. These resources became even more useful when I became comfortable using some of the commands that can help you be more productive in your searches, mentioned under #3. (and grep, who will quickly become a good ally)
Those are the starting points that helped me feel learning some Linux was finally something tangible, and I hope they can serve as good starting points to those of you that have heard the “you need to learn Linux” but do not really know where to start. While this may seem simple, you will quickly realize along the way how vast, interesting, and challenging things can get using Linux.
Where to start?
I am a firm believer that this type of knowledge is best acquired (and retained) by practicing, so it is a good thing Linux is open source. The couple of methods I would recommend would be the following:
- TryHackMe’s Linux Fundamentals learning path, which will walk you through (and explain) a lot of the points I touched base on in this article. It is free, and you can learn about it here.
- Install your own distribution of Linux, there are many (I use Mint as my main desktop distribution, but there are others well known ones, like Ubuntu, or Kali Linux). Use a Udemy/YouTube Linux basics course to guide you through learning the basics in your freshly installed distribution.
- Use a Linux-based virtual machine tailored for Cybersecurity. You can download SANS’ SIFT machine for free here, or FireEye’s Flare VM here. These will not only allow you to learn Linux basics, but come with plenty of great security tools preinstalled to learn.
- Install Windows Sublinux (WSL) on your Windows machine via Powershell. Which was, surprisingly, incredibly easy to achieve. You can learn about WSL and how to install it here. WSL allows you to run Linux machines without the need for a hypervisor or local partition.
Hope you found this article to be useful. Let’s continue the conversation either here or on Twitter @spapjh.