Part One
In this post I will be using the term “ Hacking-Kung Fu ” to point out the similarities that exist between hacking and Kung Fu. Thus, when you see the words hacking or Kung Fu, realize that I’m intending to use these two words interchangeably.
Getting Better Results in a Shorter Time
Kung Fu, like Hacking, ( or any other disciplined art for that matter ), is a practical affair and not just a question of gathering knowledge. In other words, one becomes proficient in both disciplines through hard, regular training, not just by reading about it. Nevertheless, some background information is not only useful but necessary. Otherwise the student may waste a lot of time groping about in the darkness.
While many people spend years practicing Kung Fu and achieve little, some spend only a third of the time and achieve a great deal. The main reason for this is that while the first group learn aimlessly, usually by acquiring more and more sets, without improving their force or practical Kung Fu skills, the second group know exactly what they want to get from the discipline and pursue their objectives accordingly.
To be able to set the appropriate objectives for getting the most from your training, it is necessary to have a clear understanding of the scope and depth of the art, including its history, philosophy and various styles. For example, if you are unaware of the four dimensions of Kung Fu – form, force, application and philosophy – you may carry on learning sets for many years, and perhaps also teach them, but your training will be incomplete.
Now I don’t know about you, but to me this seems very synonymous with the phases of hacking. One may go about learning exploits for many years with the end result being nothing short of an incomplete training. And since form, in both instances, hacking and Kung Fu, is the least important aspect of each respective discipline, you will at best achieve less than 28% of what you could have done had you been more informed from the outset.
A worse case still in both cases is that people with a superficial knowledge may be mistaken for Kung Fu Hacking masters. Based soley on the reason that they have taught the art for many years and now hold various certifications on the subject. (Or belts of many colors- same thing.) Even if they hide nothing from their students, there is not much the students can learn apart from ‘flowery fists and embroidery kicks ’. Translated-> A Script-Kiddies arsenal. Such masters may, wittingly or unwittingly, give the impression that they know more than what they are teaching. Students who are uninformed will continue learning from these teachers, and they in turn will succeed them and teach only flowery fists and embroidered kicks. This is in fact what has been happening for at least a decade in the Information Securities field. With the end result being that much of what is taught of hacking today has been degraded into a merely demonstrative form. Which, isn’t a bad thing in some cases considering the alternative of attacking a live system.
In sum, having a theoretical understanding of Hacking Kung-Fu enables you to realize that there is much more to it than merely learning how to use tools kits or automated assessments. Such an understanding will lead you, if you are still not able to confidently defend yourself, your system, or clients systems in real world situations to ask, why? And the answer to this question can be found in what I call the Three Requirements for Attainment. Which we will take a look at in a subsequent post.
Until then, hack on, gents!
