[Dailydave] The Threshold of Hackiness

Paul Johnston paul.johnston at pentest.co.uk
Wed Jan 2 15:42:35 EST 2013


> I can agree to some extent, but I find difficult to set the threshold
> of cluelessness one can accept from a supposedly "good hacker".

I had a go at this recently and came up with a three tier definition:

1) Script kiddie - Uses public tools and exploits, but does not
understand them, and cannot fix problems
2) Proficient hacker - Uses public tools and exploits, with full
understanding; can tweak tools for unusual scenarios
3) Advanced persistent threat - Has a collection of zero day exploits,
and is able to develop new exploits

Now this gets interesting from a defensive point of view. You can stop 1
and 2 using standard security best practices. But the standard defences
break down when faced by an attacker with zero day exploits.


Pentest - The Application Security Specialists

Paul Johnston - IT Security Consultant / Tiger SST
PenTest Limited - ISO 9001 (44/100/107029) / ISO 27001 (IS 558982)

Office: +44 (0) 161 233 0100
Mobile: +44 (0) 7817 219 072

Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy
Registered Number: 4217114 England & Wales
Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK

More information about the Dailydave mailing list