Foundations

Wiki ▸ 🔰 Foundations

Our Foundations are designed to help newcomers quickly orient themselves within both our own resources and the larger digital environment in which they are relevant.

🔰 🌐 Complete novices may also find Tech Learning Collective's free "Foundations" course series 🎓 of considerable value.

Contents

1. Foundation articles
2. Practice environments
   • Practice labs
   • Mr. Robot's Netflix 'n' Hack
   • Black Hat Bash Back
3. Suggested learning path
   • System administration
   • General programming
   • Web development
   • Information security

Foundation articles

The Foundations articles listed here are explanations of basic concepts, similar to a Glossary, that assume you have no prior knowledge or experience. Pair these pages with a practice environment and/or a suggested learning path.

• BitTorrent
• Bytes
• Command line interface (CLI)
• Configuration file
• Cryptographic hash
• Cryptography
• DDoS
• DHCP
• Dark Web (dark net)
• Graphical user interface (GUI)
• Hash algorithms
• Hidden files or folders ("dotfiles")
• IP address
• Internet
• Internet Service Provider (ISP)
• Malware
• Manual pages (man pages)
• Open source
• Operating System
• Password cracking
• passwd file
• Pretty Good Privacy (PGP)
• SQL injection
• Salted hash
• Servers
• Secure Shell (SSH)
• Shell
• Terminal
• Transport Layer Security (TLS)
• Tor
• Torrents
• Virtual machine

See also: Glossary.

Practice environments

Find a given practice environment such as a foundations lab, an attack exercise, or a detailed guide through the links in this section. These are listed in a (rough) suggested order based on topic.

Practice labs

1. Introduction to Virtual Machine Management with Vagrant
2. Securing a Shell Account on a Shared Server
3. Introduction to Basic Network Administration
4. Introduction to Securing (Virtualized) Secure Shell Servers
5. Introduction to Network Sniffing and Scanning
6. Introduction to Anonymous Communications Using Tor
7. Domain Name System Server Administration
8. Network Perimeter Defenses
9. Configuration and Change Management with Ansible
10. Container Construction and Management

Mr. Robot's Netflix 'n' Hack

1. Week 1
   • Secretly sharing files with OnionShare and Tor Browser
2. Week 2
   • Shellshock and the Importance of Patch Management
   • Strengthening Passwords to Defend Against John
3. Week 3
   • Recognizing fake websites and phishing scams
4. Week 4
5. Week 5
6. Week 6
   • Securing your Wi-Fi router from infiltrators
   • See Black Hat Bash Back: Using Metasploit to Find and Exploit Remote Vulnerabilities
7. Week 7
8. Week 8
9. Week 9
10. Week 10
11. Week 11
12. Week 12
13. Week 13
14. Week 14
15. Week 15
16. Week 16
    • Using Signal to communicate with your team safely

Black Hat Bash Back

1. Introduction to Exploiting Web Applications
2. Performing and Detecting an ARP Cache Poisoning Attack
3. Using Metasploit to Find and Exploit Remote Vulnerabilities

Suggested learning path

🔰 🎓 For those who want or need some additional structure for technical education, we recommend Tech Learning Collective; theirs is the only technical education initiative that meaningfully merges radical politics with quality education.

If you don't know where to start and don't really know where to go in your studies next, consider starting here:

1. Code: The Hidden Language of Computer Hardware and Software - How can a metal box emulate intelligent capabilities like decision making, memory and recollection of past events, or general problem-solving? This book answers that question by starting at the very beginning, which turns out not to be that long ago. Inside a computer, there are only two words, "yes" and "no," yet this is enough to express a bewildering range of ideas and activities. And what is a computer "word?" This book explains it, and does it very well. Read this before you read anything else.

System administration

Sometimes also referred to as Development Operations (or, more commonly, DevOps for short) or Site Reliability Engineering (SRE) these days, system administration is the practice of utilizing computer systems as infrastructural tooling to support the work of others who need to use those systems. System administrators ensure that information technology systems are available for use and are operating within acceptable parameters. Therefore, a system administrator is sometimes also referred to as a "system operator" or "sysop" for short. It is our collective's belief that this area of skill is among the most, if not the most, important area for radical technologists to develop.

1. Servers For Hackers - One of the basic building blocks of any digital infrastructure is the server, literally a machine that services requests that are made of it. What that machine actually is, and what services it actually offers, is up to the system administrator to define, deploy, and maintain. This book takes a practical approach to configuring servers from their Operating System up to the applications running atop them, and goes in-depth on numerous popular programs like the Nginx HTTP server that provide services such as Web site publishing that almost every organization needs.
2. Ops School - Comprehensive curriculum designed to help you learn to be an operations engineer (a newer term for "system administrator").
3. Ansible for DevOps - Once a server is running ("provisioned"), it must be monitored to ensure that it keeps running. It must be protected from security vulnerabilities. Its data must be backed up to guard against disaster scenarios in which you (and your comrades) lose all your work. This is a lot of work when performed manually, especially as the number of servers you need to maintain increases. With Ansible, however, you can describe your digital infrastructure and the procedures you use for managing it as a set of text files ("playbooks") that can be automatically run through at your command, massively simplifying the process of provisioning, maintaining, patching, and monitoring large server fleets.
4. Kubernetes in Action

General programming

In general, programming is the art of describing something about how the world is, or how you would like to see the world be in the future. Much like writing a book, this is a creative, generative process that requires as much imagination as it does logical and objective reasoning. This is why we (all used to) say that programs are "written," not "built." There is immense power in the ability to write computer programs, but be careful not to mistake this ability for an understanding of the environment in which those programs run. The latter is system administration, and our collective believes it is both more immediately useful and politically impactful to gain sysadmin skills than to join the ever-increasing ranks of computer programmers. That said, sysadmins benefit greatly from being able to act within a programmer's mindset and paradigm, so here we present a heavily curated list of resources useful for growing—but not starting out—as a programmer.

1. Exercises in Programming Style - A companion code repository is on GitHub.

Web development

Web development ("WebDev") is a general term that describes the process of creating a Web site or Web application for publication on the Internet or for private use within an organization's intranet. Be careful not to confuse Web development with architecting digital infrastructure more generally; Web development can result in the creation of tools such as event calendars (like Google Calendar), contact lists (like Facebook friend lists), group chats (like Slack), or media streaming sites (like Spotify), but each of these capabilities can be accomplished without Web sites. For this reason (among others), we intentionally avoid focusing on Web development as a core skill.

Nevertheless, the ubiquity of Web technologies such as HTML, CSS, and JavaScript means that a working knowledge of WebDev foundations can be very useful. Here, we present a heavily curated ordered list of suggested reading material to jumpstart your capabilities in this area.

1. Foundation Website Creation - Before you read any other Web development resource, read chapters 4, 5, and 6 of this book. Ignore the other chapters (as they focus primarily with business considerations and general programming information). These chapters will lay a foundation that is almost always missing from other reosurces on the topic.
2. AdvancED CSS
3. The New CSS Layout

Information security

Information security ("InfoSec") is the practice of protecting (possibly very sensitive) information from unauthorized or unintentional access, modification, or outright destruction. Our collective's work is atypical in that we make every attempt to discuss security-related concepts and considerations inline at every opportunity, which supports our Train the Trainers project. Nevertheless, we also offer a learning path and study guide for those interested in developing their InfoSec skills, specifically.

See Getting started on InfoSec for InfoSec learning path recommendations.