The Mind Of A Hacker- A Students Perspective
December 18, 2011
The next module, “The Mind Of A Hacker”, was another great module. This time we were focused on the mindset of being a hacker. The video included in this module was short and sweet, but contained some pretty powerful lessons. The difference in Convergent Intelligence versus Divergent Intelligence, and the three types of Reasoning used in Problem Solving: Deductive, Inductive, and Abductive. Convergent Intelligence is basically what we have learned in western schools of thought: Taking multiple pieces of evidence and forming a fact. Whereas Divergent Intelligence is taking a fact, and coming up with multiple ideas and solutions. Divergent Intelligence needs to be developed in order to be a great penetration tester.
When it comes to Problem Solving, there was a focus on Inductive and Abductive reasoning. Inductive reasoning is taking evidence and then forming a rule with the evidence, and Abductive reasoning is looking at a set of evidence and forming a “best guess” answer to it.
Recursion was also brought up, which was interesting. I really had only heard this term thrown around in terms of programming, but taking that next step and applying it as a method of analysis was definitely intriguing. Lead Instructor, Mike Murray mentioned that this would come up again in future modules, so I’m looking forward to what role this will play.
These are simple lessons but they are definitely challenging to put into practice. The lab with this module was also pretty interesting, just some short multiple answer quizzes with immediate feedback. This was a huge eye opener for me. I actually got a headache from the questions being asked, even though they were pretty simple. But it challenged me to think in ways that I hadn’t in a long time and it felt great. I have a lot of work to do in these areas to say the least.
My biggest takeaway from this module is to always think outside of the box and to question everything. Just because something is assumed to be secure, don’t make the same assumption. Case in point: SSL. Look at how the fabric of the SSL system has crumbled in recent months due to all of the recent hacks. These flaws surfaced due to those who continued to question and not to just simply accept that something was impossible.
-Kevin
Security Fundamentals- A Students Perspective
December 5, 2011
This weeks module, “Security Fundamentals”, was a great starting point in explaining the very important fundamentals that all security professionals need to know and understand thoroughly. What is a vulnerability? What is a threat? What is an attack? What are security controls? When is it appropriate to use X control over Y control? These questions may seem easy, but you would be surprised how often you have to explain this in the real world. A couple more great topics were CIA++ and STRIDE. As you can guess, CIA++ builds upon the classic CIA definition, and STRIDE maps perfectly to CIA++ in terms of possible attack vectors. Great way to discuss and map out security.
Moore’s law was also discussed, and it’s impact on the security community. As technology is rapidly progressing, so is the attack vectors available to malicious hackers. Security always needs to be forward thinking, and paying attention to the industry and what new technologies are being introduced. As part of this discussion, the vulnerability cycle was brought up. This cycle discusses the trend that attack vectors take, and I really thought this was profound when researching the next possible hack, or trying to keep yourself bleeding edge. Staying “in the know”, I feel, is a HUGE part of security because how can you secure something you know nothing about?
The basics of qualitative risk assessment was also big in this module and made clear during the lab. I was expecting the lab to be me doing my own research, but to my surprise it actually included interaction with the instructors. Being able to explain basic security concepts clearly, explaining risk, and then being graded on the answers submitted. I can’t wait to hear the feedback.
-Kevin
