[Dailydave] The Threshold of Hackiness
Paul Johnston
paul.johnston at pentest.co.uk
Wed Jan 2 15:42:35 EST 2013
Hi,
> I can agree to some extent, but I find difficult to set the threshold
> of cluelessness one can accept from a supposedly "good hacker".
>
I had a go at this recently and came up with a three tier definition:
1) Script kiddie - Uses public tools and exploits, but does not
understand them, and cannot fix problems
2) Proficient hacker - Uses public tools and exploits, with full
understanding; can tweak tools for unusual scenarios
3) Advanced persistent threat - Has a collection of zero day exploits,
and is able to develop new exploits
Now this gets interesting from a defensive point of view. You can stop 1
and 2 using standard security best practices. But the standard defences
break down when faced by an attacker with zero day exploits.
Paul
--
Pentest - The Application Security Specialists
Paul Johnston - IT Security Consultant / Tiger SST
PenTest Limited - ISO 9001 (44/100/107029) / ISO 27001 (IS 558982)
Office: +44 (0) 161 233 0100
Mobile: +44 (0) 7817 219 072
Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy
Registered Number: 4217114 England & Wales
Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK
More information about the Dailydave
mailing list