Hacking Advice For @Krystropolis


Today I was asked by @Krystropolis for a “Hello” and maybe some hacking advice, see tweet:


I thought about it on my entire 1 hour drive home from just turning in my badge and laptop from a big corporation to go work at a start up. I thought about talking about ethics and data handling, to Geo-politics. I mean, what kind of hacking are we talking about.

I finally ended up thinking about what would have been the best advice for me, growing up, for “how to learn hacking”, and I boiled it down right before I pulled into my drive way to two words: “Build It”. For me personally, I didn’t start to really understand attackers, attacks, or even simple defense strategies until I started to try to build it myself.

For many hackers (and mechanics, my father included) they started by taking things a part first, then putting them back together (usually with a few extra screws or parts that “didn’t matter” on the side). But for me, I learned best, by building from scratch. This went from stealing RAM for the “old junk” computer locker from my high school to upgrade my Mom’s 95 Mhz Pentium (OH YA!) - in my defense, the computer science teacher told me that I could take anything I needed to build a computer and he didn’t specify the physical location that computer had to be in - all the way to working on the sensor grid for the Marine Corps networks when I helped at the MARCERT as a level 1 tech. I even convinced a few of the Hak5 crew at the time to let me build Gentoo (Stage 3 baby!) on their laptops because it was tons faster (once everything compiled 10 years later).

Man do I ramble. Point is. If you want to learn hacking, or how to hack, you need to know a system inside and out first. System (noun) in it’s most basic sense. The best penetration testers / hackers I have ever known are the ones that have rebuilt their labs/phone/widget for the 500th time.

UPDATE: I have had a few comments, about the post already. But what I forgot to point out is that by building a system or network you not only get to know the ins and outs of how it works, and what shortcuts you had to take to get it to actually work, but also the appreciation of what it took for you to build it, the hours/research that went into it, how it connects to other systems and clients, and finally what kind of business impact it could or does have on actual corporations. These are core skills to be an effective communicator of risk and need, while keeping compassion for the requirements and business impact. Highly sought after skills in the job market.

I hope this helps.