What Are Your Achievements?

Haha Chris, was that *another* red bulb joke ? I'm amazed you haven't started on the Sahir versus OpenSSH one

Firstly, there is no such thing as ethical hacking -- hacking in its present definition is illegal computer activity (my respect to the old coders from MIT, but the fairer use of the term has long since died).

--I've to respectfully disagree with your thought process of ethical hacking and hacking itself. The best definition I've ever read of a hacker was somebody who if they saw something closed and it was doing something, they just wanted to open it up to see how it was working and then how to maybe play with it a bit to make it work better.

Anyway, the skills required for penetration test are a very strong practical knowledge of systems and networks. This is not stuff that you can go to a class for (as much as the millions of people running ethical hacking courses will tell you). I will step so far as to say that the only way you can learn is by actually exploiting systems. Having a large network to play with is definitely a plus point.

--Agreed.

5. Passion and willingness to learn -- This is not a skillset, but a requirement. If you do not enjoy this, you will never succeed at it. Furthermore you need to have the psychological bent of mind. It extends much further than running a few tools and interpreting their results. As it is said 'Root is a state of mind'. Exploitation is a mind-numbingly tedious and psychological task. The ultimate time spent with a tool / at the keyboard may be minimal.

--Agreed.

As far as a methodology is concerned, read our article on 'An Introduction To Network Security' [2].

--I will never confine myself to a defined process. To me it is a sure shot for failure in whatever endeavor you take. I don't like to fit the mold [however you spell it]. Methodology. . . . . . . .Fly Away.

As far as achievements are concerned, I do not understand what you mean.

--What were/are your personal achievements? Like. . . .I leave it to your imagination. Hint. . . Unique . . . .Never done before by someone else. . . etc

With regard to experiments, we are all always experimenting. I don't think a day goes by when Chris and I don't discuss some new technology or the other that we are (trying to) implement.

--/Me pat you on your back. Just Kidding.

If all you were looking for were some quick tips and not a philosophical reply, here are some real world tips:

--Where in my question did you find that I was looking for quick tips? /Me slaps you.

I hope that covered it, open to further discussion.

Cheers,

[1] encyclopedia.thefreedictionary.com/Samurai%20(hacking)
[2] www.firewall.cx/articles-network-security-intro-1.php

FallenZer0 wrote:
--I've to respectfully disagree with your thought process of ethical hacking and hacking itself. The best definition I've ever read of a hacker was somebody who if they saw something closed and it was doing something, they just wanted to open it up to see how it was working and then how to maybe play with it a bit to make it work better.

Fair enough definition. I work in a world where computer criminals are called hackers. When in Rome......

--I will never confine myself to a defined process. To me it is a sure shot for failure in whatever endeavor you take. I don't like to fit the mold [however you spell it]. Methodology. . . . . . . .Fly Away.

I disagree strongly. This is not a rigid 'process'.. this is a methodology. It lists the things that you WILL do. If you discuss a martial art, you will have various basic sequences that can be chained in different ways, yielding different results. This is exactly what I'm talking about. There is no checklist saying, 'ok now run a zone transfer, now a portscan' etc etc. That is not how it works.
Personally I find all effective hackers have very structured and logical ways of working.. obviously you will react differently to different scenarios, but the BASE ACTIVITIES will always remain the same.. there can be no argument on this.


--What were/are your personal achievements? Like. . . .I leave it to your imagination. Hint. . . Unique . . . .Never done before by someone else. . . etc

I am developing portknocking code that is tied in with crypto to do some very *interesting* things. Think remote control of a system without any connections. To my knowledge nobody has analysed the flip side of the portknocking concept. It is my current area of research. Expect the code and the implementation soon.


--Where in my question did you find that I was looking for quick tips? /Me slaps you.

/Me often finds that philosophical debates don't go anywhere and need to be brought out of the realm of conjecture and planted firmly in the ground -- hence real world tips.
I hope that covered it, open to further discussion.

Cheers,

sahirh wrote:

--I've to respectfully disagree with your thought process of ethical hacking and hacking itself. The best definition I've ever read of a hacker was somebody who if they saw something closed and it was doing something, they just wanted to open it up to see how it was working and then how to maybe play with it a bit to make it work better.

Fair enough definition. I work in a world where computer criminals are called hackers. When in Rome......

--You got that completely mixed up IMHO. They are called 'Black Hats'. Watching too many hacker movies lately huh.

--I will never confine myself to a defined process. To me it is a sure shot for failure in whatever endeavor you take. I don't like to fit the mold [however you spell it]. Methodology. . . . . . . .Fly Away.

I disagree strongly. This is not a rigid 'process'.. this is a methodology. It lists the things that you WILL do. If you discuss a martial art, you will have various basic sequences that can be chained in different ways, yielding different results. This is exactly what I'm talking about. There is no checklist saying, 'ok now run a zone transfer, now a portscan' etc etc. That is not how it works.
Personally I find all effective hackers have very structured and logical ways of working.. obviously you will react differently to different scenarios, but the BASE ACTIVITIES will always remain the same.. there can be no argument on this.

--I've listened to an interview done by Bruce Lee <Martial Arts Guru>, in which he says, Martial arts is something that can NOT be taught. He says, there is NO defined process. It's all in the Mind. That's exactly how I generally perceive things. If anyone has his/her thought process fixed on a defined process, they are Killing their Creative Thinking IMHO. OPEN. Isn't that we are all interested in?

--What were/are your personal achievements? Like. . . .I leave it to your imagination. Hint. . . Unique . . . .Never done before by someone else. . . etc

I am developing portknocking code that is tied in with crypto to do some very *interesting* things. Think remote control of a system without any connections. To my knowledge nobody has analysed the flip side of the portknocking concept. It is my current area of research. Expect the code and the implementation soon.

--Excellent SahirH. Good to know you are helping the community. Crypto is something I would like to get into. . . .

--Where in my question did you find that I was looking for quick tips? /Me slaps you.

/Me often finds that philosophical debates don't go anywhere and need to be brought out of the realm of conjecture and planted firmly in the ground -- hence real world tips.
I hope that covered it, open to further discussion.

Cheers,

Fallen0:

- I can point you to hundreds of words that are heavilly brutalized in different ways.. "hacking" may (or not) be just one of them.. It just happens to have or had had multiple meanings, so what? Now, you might be right about what the correct interpritation should be.. but I really don't think any by-your-deffinition hacker would have any interest in claiming that title, so why not let it go?

- About the open mind perception or whatever stuff.. I really wish I could understand you. Perhaps I'm just to shallow.. Still, it's not about cooking, it's about controlling access and connectivity and -as sahirh said- there are speciffic procedures available to follow. My old 386 could come up with the result of whether a system is currently penetratable or not and in what ways, given every needed data. And I assure you, it has zero "Fly Away" abilities (even though it has flied a couple of times off my desk)

PS. btw I am really curious to hear what your own "achievements" are.. I'd surelly expect to hear something impressive based on your "dark" attitude (trully, I don't mean that the bad way)

--You got that completely mixed up IMHO. They are called 'Black Hats'. Watching too many hacker movies lately huh.

Actually the black-hat usage is confined to the security community, when you go out into the real world nobody differentiates between shade of hat. The usage I personally like is 'attacker'. There is no such thing as black / white / grey / orange / pink hat. Its all the same.

--I've listened to an interview done by Bruce Lee <Martial Arts Guru>, in which he says, Martial arts is something that can NOT be taught. He says, there is NO defined process. It's all in the Mind. That's exactly how I generally perceive things. If anyone has his/her thought process fixed on a defined process, they are Killing their Creative Thinking IMHO. OPEN. Isn't that we are all interested in?

You have obviously not read my previous post well enough... I underscore that I stated : This is not a rigid 'process'. . Bruce Lee wrote an entire book on methodology (I will be happy to forward you an electronic edition of the text) the name of the book is The Bruce Lee Fighting Method. It has very firm 'methodologies' such as a slap must always follow a punch etc etc. Anyway we have taken this analogy too far IMHO.

--Excellent SahirH. Good to know you are helping the community. Crypto is something I would like to get into. . . .

If you hang around here long enough, you'll discover that I am a major proponent of open-source free software and community development, if you want to help me with the development of any projects, let me know


As nske said, it would be nice to see your contributions / experiments / achievements in the field as well as your background, since it is apparent that you have your own insight into the world of security. That said, I always love a good debate (ask tfs ) as long as it goes somewhere.

Cheers,