1.) With a decent amount of previous exposure to a lot of the concepts in the course, I had initial insight into a lot of the general ideas of some of the major topics learned, but taking a deeper dive into some of them was useful and nice to see. In particular, all of the discussions around web application hacking were the most relevant for me, as that is of major importance lately, with most major companies having web apps that need to be protected to a higher degree lately after the effects of the COVID-19 pandemic.
2.) It was interesting to hear of some different examples and debate what one might classify as hacking. The difference between a modern view of the term and a historic perception of hacking is quite varied; I think that many people often reduce the term to only a technical level, which is definitely a major part of it at the higher level which major companies have to prepare for by higher ethical hackers and penetration testers, but at the same time, the simple principles of hacking still cannot be overlooked, which include things as simple tricking people via impersonation tactics / social engineering. The scope of how I view hacking has definitely grown to include these types of items, and the course definition of exploring “how things are supposed to work versus how they actually work” still remains an intriguing focal point for me.
I had thought that hacking was very complicated (and it is), but there are tools like Kali Linux (and its tools) that can help make hacking and penetration testing much easier, as well as tools like Security Shepherd to help you learn and practice as well.
Overall, I learned that there is a lot more to hacking that I had anticipated, but I am much more comfortable and aware of existing tools that can help me learn more.
I want to echo your sentiment regarding the availability of the hacking tools. In addition to these programs, there are scripts that can be purchased by “kiddies” which can then be used to target organizations. This all highlights the fact that the required level of technical knowledge is significantly lower than it once was necessary to have.
Hacking tools were a new concept to me, gaining exposure to the tools available in Kali from social engineering to wireless was beneficial as it provided a practical view. My view of hacking has become more simplified, a lot of it was a blur as to how hacking was performed, and this course provided a great overview of how hacking can be done and how even when you think your system is secure there will always be vulnerabilities.
What is the most significant concept you learned during the semester?
In addition to a chest full of technical and practical knowledge that I gained this semester, the most significant concept that I learned was the importance of having a working home lab that can be used to experience in person the tools that exist in the wild.
How has your view of “hacking” changed during the semester?
My view has not changed, but was further reinforced that the weakest link is always the human element. With all of the available tools, the most direct route is through the employees.
How has your view of “hacking” changed during the semester?
I definitely enjoyed exploring this class’s definition of hacking as “exploring the difference between how something should work, and how it does work.” As a result, I feel that rather than going into an exploit with a rigid process and end goal in mind, I now just explore different signs and see where they lead.
I also agree with Tal that the weakest link is definitely the human element. It was very interesting to see how much information and possible vulnerabilities could be found just by reconnaissance, and how many exploits start with social engineering or phishing attacks.
Antonio Cozza says
1.) With a decent amount of previous exposure to a lot of the concepts in the course, I had initial insight into a lot of the general ideas of some of the major topics learned, but taking a deeper dive into some of them was useful and nice to see. In particular, all of the discussions around web application hacking were the most relevant for me, as that is of major importance lately, with most major companies having web apps that need to be protected to a higher degree lately after the effects of the COVID-19 pandemic.
2.) It was interesting to hear of some different examples and debate what one might classify as hacking. The difference between a modern view of the term and a historic perception of hacking is quite varied; I think that many people often reduce the term to only a technical level, which is definitely a major part of it at the higher level which major companies have to prepare for by higher ethical hackers and penetration testers, but at the same time, the simple principles of hacking still cannot be overlooked, which include things as simple tricking people via impersonation tactics / social engineering. The scope of how I view hacking has definitely grown to include these types of items, and the course definition of exploring “how things are supposed to work versus how they actually work” still remains an intriguing focal point for me.
Andrew Nguyen says
My view of ‘hacking’ has changed this semester.
I had thought that hacking was very complicated (and it is), but there are tools like Kali Linux (and its tools) that can help make hacking and penetration testing much easier, as well as tools like Security Shepherd to help you learn and practice as well.
Overall, I learned that there is a lot more to hacking that I had anticipated, but I am much more comfortable and aware of existing tools that can help me learn more.
Tal Eidenzon says
Hi Andrew,
I want to echo your sentiment regarding the availability of the hacking tools. In addition to these programs, there are scripts that can be purchased by “kiddies” which can then be used to target organizations. This all highlights the fact that the required level of technical knowledge is significantly lower than it once was necessary to have.
Dhaval Patel says
Hacking tools were a new concept to me, gaining exposure to the tools available in Kali from social engineering to wireless was beneficial as it provided a practical view. My view of hacking has become more simplified, a lot of it was a blur as to how hacking was performed, and this course provided a great overview of how hacking can be done and how even when you think your system is secure there will always be vulnerabilities.
Tal Eidenzon says
What is the most significant concept you learned during the semester?
In addition to a chest full of technical and practical knowledge that I gained this semester, the most significant concept that I learned was the importance of having a working home lab that can be used to experience in person the tools that exist in the wild.
How has your view of “hacking” changed during the semester?
My view has not changed, but was further reinforced that the weakest link is always the human element. With all of the available tools, the most direct route is through the employees.
Patrick Jurgelewicz says
How has your view of “hacking” changed during the semester?
I definitely enjoyed exploring this class’s definition of hacking as “exploring the difference between how something should work, and how it does work.” As a result, I feel that rather than going into an exploit with a rigid process and end goal in mind, I now just explore different signs and see where they lead.
I also agree with Tal that the weakest link is definitely the human element. It was very interesting to see how much information and possible vulnerabilities could be found just by reconnaissance, and how many exploits start with social engineering or phishing attacks.