Hacking-Kung Fu: Aims and Objectives

Sunday, April 15, 2012

Quintius Walker


“ With the right information, you can attain in six months what uninformed students would not attain in many years ”

Part One

In this post the term “Hacking-Kung Fu” is being used to point out the similarities between Hacking and Kung Fu. Thus, one should read the term Hacking-Kung Fu with the understanding that the two words, Hacking and Kung Fu  are being used interchangeably across the two respective disciplines.

Getting Better Results in a Shorter Time

Kung Fu, like Hacking, ( or any other art for that matter ), is a practical affair, not just a question of gathering knowledge.

In other words, one becomes proficient in both disciplines through hard, regular practice, not by reading about it.

Nevertheless, some background information is not only useful but necessary; otherwise the student may waste a lot of time groping about in the dark.

While many people spend years practicing Kung Fu and achieve little, some spend only a third of the time and achieve a great deal. The main reason is that while the first group learn aimlessly, usually by acquiring more and more sets or exploits without improving their force or practical Hacking-Kung Fu skills, the second group know exactly what they want to get from Hacking-Kung Fu and pursue their objectives accordingly.

To be able to set the appropriate objectives for getting the most from your training, it is necessary to have a clear understanding of the scope and depth of Hacking-Kung Fu, including its history, philosophy and various styles. See here for a historical perspective of hacking and it's philosophy:( http://www.catb.org/~esr/faqs/hacker-howto.html ).

For example, if you are unaware of the four dimensions of Kung Fu - form, force, application and philosophy - you may carry on learning sets for many years, and perhaps also teach them, but your training will be incomplete.

Likewise, if you are unaware of the phases of ethical hacking - Reconnaissance, Scanning and Enumeration, Gaining access, Maintaining access ( escalation of privileges ), and Covering your tracks - you may also carry on learning exploits for many years with the end result being an incomplete training. And since form is in many ways the least important aspect of Hacking or Kung Fu, you will at best achieve less than 28 per cent of what you could have done had you been more informed.

Worse still, people with this superficial knowledge may be mistaken for Kung Fu Hacking masters, especially if they are elderly, simply on the basis that they have taught the art for many years and now hold various certifications on the subject. Even if they hide nothing from their students, there is not much the students can learn apart from ‘ flowery fists and embroidery kicks ’. Translated-> Script-Kiddies

Such masters may, wittingly or unwittingly, give the impression that they know more than what they are teaching. If they are asked questions touching on the deeper aspects of Hacking-Kung Fu ( i.e., underground BlackHat tactics ), they would often give excuses to cover their lack of knowledge, such as that the answers are too profound or complex for “ beginning students ” to understand.

If the students suggest sparring practice or actual demonstrations of exploiting a real system, the ‘masters’ may become angry and reprimand them, warning them that Hacking-Kung Fu is too dangerous for them to fool around with, or that they should practise it for their own intellectual health.

Students who are uninformed will continue learning from these teachers, and they in turn will succeed them and teach only ‘flowery fists and embroidered kicks’. This is in fact what has been happening for at least a decade in the cyber-securities field, with the result that much of Kung Fu-Hacking today has been degraded into a merely demonstrative form.

Having a theoretical understanding of Kung Fu-Hacking enables you to realize that there is much more to it than merely learning form or exploits. Such an understanding will lead you, if you are still not able to confidently defend yourself in real world situations or compromise systems outside of lab environments, to ask why. The reasons can be traced to three factors, called the Three Requirements for Attainment, which will be explained in the next section.

The Three Requirements for Attainment

A shaolin student doing a kung fu moves. Shaol...There are countless reasons why students fail to achieve their objectives in their Kung Fu-Hacking training, but to help us understand the factors that contribute to success, great masters have from their long years of study and experience, summarized them into what are called the Three Requirements for Attainment.

If you have these three requirements, you will succeed in whatever you set out to do, in Kung Fu, Hacking , or any other field.

These three requirements are:

  1. The Method
  2. The Teacher
  3. The Student

Obviously if you do not have the method you cannot even start training towards your objective.

For example, you may like to acquire the art of Iron Palm or attacking Web Applications, but without the method you cannot practice. If you ever acquire Iron Palm or the art of attacking Web Applications on your own, it will be by sheer luck and will take a very long time. Moreover, the result is unlikely to be as good as that developed from the proper method, and you may have harmful side effects.

But more important than the method is the teacher. Nowadays one can read up on many Kung Fu-Hacking training methods from books, web sites, and blogs, but without the instruction of a competent teacher it is difficult - though not impossible - to get good results, especially in the more advanced inner arts. There are at least two reasons why a teacher is necessary.

First the teacher can explain the finer points and overcome individual problems, both of which cannot be done adequately in books or blogs. The second reason is , more important, although it is less obvious. The teacher provides the confidence students need, so that they are assured that whatever happens the teacher is around to help, sometimes even save, them.

Taking time choosing a good teacher is highly recommended. Even if you have to pay a higher training fee, learning from a good teacher is always more cost - and time - effective. But what are the qualities we should look for in good teachers?

Here are five guidelines:

  1. They must have achieved a reasonably high standard in the art they are teaching.
  2. They must be knowledgeable. If you ask how you can achieve your objectives or any other relevant questions, they should provide satisfactory answers.
  3. They should preferably be systematic and methodical, and have the means to help you accomplish your objectives.
  4. Even if they have all the other qualities, they must also be generous and willing to teach you, otherwise you must seek another teacher or try to overcome the obstacles that prevent them from teaching you.
  5. The most important quality, however , the quality that distinguishes true Kung Fu-Hacking masters, is that they teach and practice high moral values. http://www.hackerhighschool.org/ Also see: http://hackingdojo.com/   And especially see: http://www.elearnsecurity.com/

The most important requirement for attainment in any art, however, is not the teacher but the student. You may have the best method and the best teacher, but if you are unwilling or not ready, you will not achieve the objectives of your training.

When you have the right method and a competent teacher, what you need to do is in theory is very simple: you merely have to practice regularly and persistently according to the method and teaching. But in reality, regular and persistent practice can be very difficult.

Lack of practice, probably more than anything else, is the reason why many students fail in their objectives.

Stay tuned for Part 2....

My so humble bows go out to Master Wong Kiew Kit. I'm honored and grateful for the wisdom that you  bestow upon the Sangha.

Cross posted from Petalocsta

Possibly Related Articles:
Security Training
Information Security
Methodologies Hacking Training Penetration Testing Exploits Network Security Information Security Education Kung Fu-Hacking Techniques
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.