April 21, 2010, 6:06 AM — I just returned to work following a two-week hacking class. Called "The Art of Exploitation: Bootcamp Edition", this class has pushed me through to the "aha" (I really got it) stage of what hacking really is and how it works. Definitely in the "red team" (attack) camp, this high intensity, short time frame "bootcamp" class went from basics to realistic, seriously complicated hacking within its modest two week time frame.
The two weeks started with a class intro and an overview of the hacking methodology -- getting to know your target, fleshing out the target's network and resources, collecting version information, identifying exploits etc. We began our extensive series of simulated labs with open source collection, proceeded through various forms of target "discovery", began identifying and exploiting vulnerabilities and tracking down the goods -- all the while focussed on the kind of discipline that would keep us stealthy and likely enable us to come back more easily to the target a second or third time.
One of the key strengths of the class is its focus on the basic techniques of exploitation. After all, known vulnerabilities will come and go, but the basic techniques (e.g., identifying targets, weaknesses and exploits, etc.) will remain the same for some time to come. So, better to learn the art than master a single tool.
We also learned that the difference between a low class hacker -- one that acts like a bull in a china shop -- and a professional is that the latter knows how to be stealthy, remain constantly vigilant about the conditions on the system on which he is working (lest they change) and causes no peripheral damage to the system. He gets in, gets out, gets what he needs and leaves quietly. He cleans up after himself and only leaves himself an easy way back in if he might need to return.
We did our share of cracking passwords, noticing the startling differences in the time required to perform basic cracks, use "rainbow tables" and attempt "brute force" methods. We tried some known exploits and found ourselves, almost in shock at the simplicity of it, sitting at root prompts. We drew diagrams to annotate how much we had discovered about each system we uncovered and/or compromised and to ensure that we didn't get confused about the mosre complicated connections we were using in our exploits.
New for me were many of the windows commands -- the nbstat, attrib, cacls and net view type commands that I might have never used.