(Hacking-Kung Fu: Aims and Objectives Part 1 Here)
- He who hacks for blood soon finds it dripping from his own terminal.
- He who hacks for fame and glory never stays free long enough to hear his songs of victory sung.
- He who hacks for gold is already blinded by the glitter and glare of his own greed, all too soon led astray by all things shiny.
- He who hacks for sport seldom finds the network administrators in a sporting mood.
- He who hacks for the love of it must leave what he loves the most behind so he can dance with the one he hates the most.— The Federal Correctional System
- But he who hacks for security cannot be led astray.
( The above is what I call “ The Hackers Six Movers ” )
First of all, it must be borne in mind that training for Kung-Fu Hacking is very demanding, calling for great discipline; and discipline in this field is defined more by what you do not do rather than what you do. This art calls for great endurance, perseverance, determination, as well as time and effort.
Patience must be your greatest effort. Master Kung-Fu Hackers are not borne over night. As a matter of fact, some of the greatest hackers to date have been quoted as saying that it takes at least a minimum of 10 years before one becomes adept in the art.
But the result is very rewarding, and the extent of your reward depends mainly on how much “ purposeful practice and training ” you have put in. Aimless training and practice, as was stated in part one of Kung-Fu Hacking, is a huge waste of time. It is therefore helpful to have some idea of your aims and objectives.
Aims are general in nature and long-term in perspective, whereas objectives are specific and immediate. How well we have achieved our aims calls for some subjective judgement, whereas the attainment of our objectives can be determined categorically.
A major aim of Kung-Fu Hacking training, for instance, is System Security- or more so being able to secure your own systems. This ability to defend ourselves is a general asset, and has long-term benefits as more and more vulnerabilities become exploitable to the general public. Generally we do not set a specific time frame for acquiring this aim; we adopt the attitude that as long as we keep on learning, practicing, and training, we will enhance our ability to defend ourselves.
As the old adage goes: “ before one can protect others he must first be able to protect himself ”. We are clear that if we fail to defend ourselves effectively in cyber-warfare, it means that we failed in our aim. Sometimes we may set a time frame for our aim, but the period is usually reckoned in years rather than months.... all the while waiting for someone to try to successfully attack our systems. ( Unless of course we hire a professional penetration team to exploit our systems in order to see where we really stand overall in the realm of security. )
Otherwise it may not be easy for us to measure objectively how well we have achieved our aim. For example, we can say that we have achieved our aim of self-defense if we can effectively defend ourselves against a single attacker; but when we are faced with a group of attackers, let's say, a Hactivist Group that targets our organization for “ whatever reason ” , we may falter.
Or from an offensive security point of view we set the objective to acquire the skills to launch successful attacks against web applications in a six month time frame.
Hence, our objective is specific: for the time being we limit ourselves to defending against these types of attacks or learning how to carry out these types of attacks.. .leaving other types of attacks to be covered by later objectives.
We can go a step further and be more specific by deciding on the types of web application attacks we want to defend against or learn to carry out. As we have set a time frame of six months, our objective is also immediate: we are not pursuing this objective indefinitely. We can easily decide whether we have achieved our objective within our set time.
For example, after six months of training we can ask a few fellow hacking buddies to try to exploit our web applications using the types of attacks we have defined; or we can conversely set up a vulnerable system of our own in a virtual lab and try out these attacks ourselves.
Above all, even though aims and objectives are closely related, an appreciation of the distinction contributes to our monitoring of our Kung-Fu Hacking practice and training. Aims and objectives provide us with direction and purpose in our Kung-Fu Hacking training, thus enabling us to achieve better results more quickly.
“ Test your systems with fire and ice, sand and sea, bile and blood....before your attackers do! ”
Related articles and previously posted:
Cross-posted from Petalocsta