Infosec Island: What They Don't Teach You in "Thinking Like the Enemy" Classes
docrice
Member Posts: 1,706 ■■■■■■■■■■
This might be interesting to those aspiring to be pentesters:
http://www.infosecisland.com/blogview/20607-What-They-Dont-Teach-You-in-Thinking-Like-the-Enemy-Classes.html
http://www.infosecisland.com/blogview/20607-What-They-Dont-Teach-You-in-Thinking-Like-the-Enemy-Classes.html
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Comments
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Good article, though his second point I cannot totally agree with. He describes APT, but that isn't all attackers. I tend to believe that most are in for the easy score, install the malware, collect the cash, and get out. Obviously different if you are a larger company, but I feel like he generalized a little too much. I did enjoy his trust portion and have been reading a book all about it:
Amazon.com: Liars and Outliers: Enabling the Trust that Society Needs to Thrive (978111814330: Bruce Schneier: Books
Really eye opening book!WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
JDMurray Admin Posts: 13,101 AdminSo the points I get from reading this rambling, poorly-edited article are:
- "Don't bother taking a psychology-of-the-enemy course because there are too many and different enemies, "
- "you can't really think like the enemy in any realistic way, so don't try"
- "stop trying to guess what the attacker is going to do next and practice good preventative security instead"
- "Use OSSTMM 3 to determine how to practice good preventative security without knowing who your attackers are, what they want, and how they think and operate."
It just goes to show that anyone can write a blog article about anything. -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■LOL fair enough JD. But I can say that after reading Thor's Microsoft Security Bible I can see where good practice preventative security is one of the best things you could do. I suspect you are speaking to a comprehensive plan relying on preventative security along with some "enemy" thinking mixed in there. It's funny because he speaks about not bothering to get into the enemies head, but it seems he looks at it more from a motivation stand point. Why should I care why someone is attacking my network/servers? Putting your self into the enemy mindset is much more about what vectors they would use, not the reasons why. Obviously they are going to start with more commonly used vectors/attacks, cover your bases there and I feel overall you'll be fairly ok. Time is on the attackers side, given enough resources and time they will get in one way or the other.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
JDMurray Admin Posts: 13,101 AdminYou can't defend, or defend against, what you don't understand. If you don't know who your attackers are, what they want, and how they might attempt to get it, you can't possibly plan cost-effective security measures--defensive or otherwise--that are beyond the basic and generic.