featured.png
Categories: Cybersecurity
Tags: , , ,

The cyber defender hacker

Intro

The idea is simple, to be a better cyber defender, one must be able to step into the mindset of a hacker. Without taking offensive training, how does one defend against hackers? It is a common thought process to think that to be a better cyber defender, you just need to take cyber defense training. And although defensive training is important and it does help, there’s not a single defensive training I have taken that teaches you to defend from an offensive perspective. This type of training does exist, but is not common. You may receive training where you’re told, these are the ways that hackers get in, and this is how you should think about defending against that. That however, just tells you what to look for. It’s just a memorization game of what someone told you to look for. It doens’t teach you how to think like a hacker, so that you can think for yourself on how to defend or how to predict future moves that weren’t exactly defines as x set of TTP for x threat actor.

Perspective

Perspective is everything. When is the last time you thought about how you would compromise your own organization, if you were to launch an offensive campaign? Sadly, for most, the answer to that question is hardly, if ever. As cyber defenders, we’re stuck in this bubble of expectation where every SOC is inundated with false positive alerts and for the most part only see malicious activity from EDR alerts and phishing emails. We all have “analyst” in our title but are largely following standard flows that don’t allow for much outside the box thinking. I think that the a great way to break out of that bubble, is to change your perspective, to that of a hacker. Try and particpate more if you can into threat hunting exercises. Formulate your own hypothesis and test against them within your environment.

Consistency

Just like anything, if you don’t practice it, you lose it. Well, not really entirely but it’s certainly a distant memory and not a fresh skill. It is important to do your best to continue learning offensive practices, even after you’ve completed training and acquired certifications. If you are comfortable in network offensive practices, maybe look at red team operations. If you’re done with that, maybe look at malware development or exploitation development. The point being, offensive practices are everywhere. Choose an area of offensive practices that is of interest to you or is of higher priority to you.

Am I 1337 Hacker Now?

No amount of courses and certifications can replace years of experience as a pen-tester, as a red team operator, as a exploit developer, etc. However, it can be enough to help make you a much better positioned defender. Now get to hacking!!