It's really hard to figure out where to start in information security. There are hundreds, even thousands of starting points, blogs, classes, and more explaining how to start a career. But how do you get involved in the actual technical part of information security? For those of us just getting started, "Pick something and start hacking on it" isn't the most useful advice. Perhaps you're not sure who owns it, or if you have permission to play in someone else's sandbox. That's why we created the Nerdlist. You're welcome here, and you can't screw anything up for anyone else! :-) Let's get started.
-
When we start to teach people in information security, one thing we often do is talk about credential stuffing attacks. This is Infosec 101; this is the most basic attack possible. You encounter a password-protected site, computer, or resource, and you try some passwords on it. Does one work? Cool. You're in. You can automate this process by using a script to try lots of passwords instead of laboriously typing them in one by one. That's a credential stuffing attack, and it's the most basic hack there is.
-
But why is the Nerdlist different than the other password lists out there? It's because we as nerds tend to share a lot of cultural references in common. If you've ever seen the movie "Hackers", then you know the line "the four most common passwords are Love, Secret, Sex, and God." That's because people tend to think alike. The real irony here is that many of us who are now in information security saw that movie, and many of us started using a password like "HackThePlanet!" as our passwords. A sort of in-joke, as it were. But that itself is now a commonly-used password, and you'll find it on the list of passwords here. The passwords on this list are ones that come from nerd culture. Remember Trinity typing in a password in the Matrix? It's in here too.
-
So, what can you add to the Nerdlist? You can add passwords from comic books, movies, novels, and more - any time you remember using a password that came from a book or is a reference to some part of nerd culture, the chances are far higher than normal that someone else used that same password - and because you're interested in information security, they might have been as well. We get screenshots that show that lots of tech workers use these kinds of passwords to secure assets.
-
Have you ever done a single pull request before? That means to propose a change to the codebase of a project. There are lots of good guides online, but if you don't know what to do here, and you can remember a password that you and other people used to use (especially if it references some kind of nerd culture), you can add that password to the list here. Create a branch, open the main nerdlist.txt file for editing, add your password, commit the changes to the branch, and open a Pull Request here. That is an overly-elaborate way to say that you're asking for someone to check your work and merge your changes with the main codebase. It's the same thing you'll be doing when you have more complicated code or improvements you want to add to other projects as you continue in information security, but this is welcoming and NO ONE will yell at you or make fun of you if you do something 'wrong' or simply.
-
You're genuinely welcome here, and you can't make any mistakes; the pull request process means that you won't push a button and destroy other people's work. We'd love to have you!
the maintainers: Ean Meyer, Tabatha DiDomenico, and Tarah Wheeler