So you want to become a security researcher? It’s an exciting field, with many different directions to take. This post aims to outline the different aspects of security research and how to get started!
What is a Security Researcher?
At a basic level, a security researcher is an individual who studies and analyzes cyber security threats. They aim to mitigate potential issues these threats could cause.
There are many different aspects to security research, and therefore, many different types of security researchers. Activities such as reverse engineering malware, testing applications for security vulnerabilities, and threat hunting are all considered security research. Additionally, some researchers may investigate botnets and try to map out control servers or run honeypots to analyze the actions of attackers.
Some researchers focus on addressing Internet-of-Things (IoT) security concerns. A commonly used tool for identifying these systems is Shodan, which can index internet connected equipment. Researchers have found and reported on vulnerabilities related to internet-connected systems with weak or no security, including industrial control systems. Recently, security researchers discovered smart irrigation systems connected and controllable from the Internet. A previous article on this blog addressed IoT security concerns back in 2018, and the number of connected devices has only grown since then.
Many researchers are also involving themselves in bug bounty hunting programs, where they are rewarded for finding and disclosing vulnerabilities to an organization.
Did You Just Say Bounty Hunting?
Yes! A growing trend in the realm of security research today is bug bounty programs. Bug bounty programs exist to provide researchers a way to report discovered vulnerabilities to the vendor safely. In exchange, the bounty program protects them from legal action if they act within the program rules. Additionally, many bug bounty programs provide financial or swag incentives to researchers to report vulnerabilities.
Platforms like BugCrowd, HackerOne, and Intigriti are used by organizations to manage individual bounty programs. Researchers can then report vulnerabilities to the organization via the platform. Researchers can compete amongst themselves for reputation points while also helping participating organizations ensure their security.
Okay, So How Do I Start?
Start and keep learning! There is always something new to learn in the realm of security research. Don’t be afraid to dive in as you learn, I know I’m not the only person that learns best by practicing hands-on. Websites such as HackTheBox and Hacker101 provide simulated targets to practice on, so you can put what you’re learning into practice. If you discover that you enjoy web application hacking, make an account on one of the bug bounty platforms and start researching real-life targets. Just be mindful of the program’s scope, and know what is or isn’t allowed before beginning!
If analyzing malware is more up your alley, start learning about assembly language, debugging tools, and reverse engineering. Also, learn how to set up a virtual machine to test in, you don’t want to load malware on your main computer and network! A great resource for setting this up is this YouTube video from Colin Hardy, a malware analyst who posts excellent malware analysis content.
If you’d rather set up a honeypot and watch the attackers in real-time as they come to you, there are plenty of materials available for that as well. This excellent Medium post by “Heading” details how they created a honeypot to monitor WannaCry attacks. Another reference is this article by Justin Soenke. Both posts are great primers in how honeypots work, and how to implement one.
Finally, network with other researchers! I’ve found the security research community to be very welcoming. HackerOne, HackTheBox, and BugCrowd both have active Discord servers. Twitter can be a great place to meet other researchers as well. Be sure to follow hashtags like #cybersecurity, #securityresearch, and #bugbounty.