module 12 developing the hacker mindset,
understanding the hacker mindset,
A learning objectives are to explain why the term hacker has been misunderstood, understand what it means to think like a hacker and explain why it is important to try smarter.
So I where the badge of hacker proudly. I think the news gets it wrong, I think dictionary definitions get it wrong.
Hackers were originally people who were just curious about technology and try to figure things out. The term cracker though has been the in essence the bad people who try to break things and cause destruction. So hacker at the very inception of the term
was never supposed to be pejorative or negative, it was supposed to be kind of a badge of honor.
You'll see here at M. I. T. Uh hacker was someone who's just interested in technology and creative, so that wasn't a positive thing from the inception of the term hacker. So
I'm part of a group called hacking is not a crime and we basically try to spread the word that, you know, a hacker is not a bad person when the news says
a hacker broke into this and then they show people, you know, with with the hood on and gloves because you know, you gotta wear gloves and your type
that that's definitely the wrong image, people, hackers were all different types of people will come from all different walks of life
and you know, we're trying to spread the word that being a hacker is a good thing and and there's a whole bunch of us who do really great things for companies.
So the hacker, the hacker mindset is learning to think, I say think laterally it's if you keep running into the same problem, you know, you have to think how to get around it, you know, if there's a giant wall there, you're not running and hitting your head against the wall every single time, maybe there's another way around the wall. Maybe not just laterally but underneath or or over you know, so
this is how a hacker thinks
they don't think step by step by step by step, there's no manual. I I took two classes in grad school, one was network defenses which was like a lab manual of you know how to set up a firewall um or how to, you know use Splunk uh and and then I took a hacking class and it was like
here's the lab environment, figure it out.
And I fell in love with the hacker mindset. I fell in love with the, you know this is this is your time to think how to solve this problem, this puzzle. And I really really really loved it and became addicted and that's why it's my career now.
from being a cop and being the military, you know, you learn from instructions, you learn from the law. These are the things that you have to do. I will say though that I think cops have some of the best hacker mindset because no problem that you encounter as a police officer is the same,
everything is going to be different. And you need to think quickly about a problem because people's lives on the line essentially
uh, when when you come and address the situation. So in essence, you know, I know a lot of cops become forensic people. I think cops have a great mindset for hacking because you have to think around the problem. And I think cops do that. You know military can be the same way depending on what your job is in, in the military.
Um, but yes, there are definitely jobs out there that are very line by line by line, in the instruction manual, have to follow X, y, and Z.
So that's to say when we go to school and we learn all these things in the structure,
you know, it kind of gives you a disservice when it comes to thinking strategically and and laterally around problems and becoming mentally agile.
So if you've been a hacker and you've been in the cts, and even if you've done this professionally,
you fail, you fail a lot and the people that make it are the people who fail and keep going. If you're someone that fail doesn't like failure, you're not going to be a very good hacker. I don't I don't think you'll make it in the industry, you know, that I'm not I'm not trying to be mean here, I'm just saying that if you don't like to fail, um you know, maybe find another job because
as hackers, we fail a lot and, and you know, I think people who are pan testers and hackers can relate to this because you know, you try your cross site scripting payload for the 100th time and one tweak is all it takes to make that fire.
you know, that that's to say that uh keep going. You know, failure should drive you forward.
So off *** says try harder.
Try smarter and and this is what I talk about where enumeration is so important. If you're on a web server and you're putting a s piece shell on something that has PHP is not going to work. Or if I'm trying to do remote code execution on a windows box and I'm catching etc. Password, it's not working
well, why am I doing that? I'm not, I'm not being smart about my enumeration. If I knew it was a windows box
then I would know that catting etc. Pastor is not going to work.
So think about that. You're going to be nervous and you're gonna be tired. No SCP.
So I don't blame you if you do that by accident, but if perfect practice makes perfect. So if we're practicing and we're realizing hey, off the bat, this thing has PHP in it. I know I need to use a PHP shell
and not a sp then you know when it comes time that you're stressed out, you're going to operate at the level of your training.
Some people are great hackers, some people are hackers at a very young age and and they learn and they're very curious and they're very successful.
Need an instruction manual. I, you know nothing against people who have been in the IT. industry for you know 20 years. I hear people say I've been in IT. for 20 years
and I have to give them literally step by step instructions on how to do something because they can't think outside of that. They need to look at the manual
and just don't understand it. If if you know they can't skip step two if I say here's 12 and three and something is wrong in two and I can't I can't do this instruction manual because I don't I can't figure out number two
you know you have to think outside the box.
so in summary uh I've explained why the term hacker has been misunderstood. We should understand what it means to think like a hacker and explain why it is important to try smarter