Читать книгу The Art of Attack - Maxie Reynolds - Страница 11

It's silly to argue about the “true” meaning of a word—a word means whatever people believe it to mean—but for me, “hacking” information through AMs means using information in ways unanticipated by the original source. Just as a hacker uses something in a way it was not intended to be used, an attacker uses information in a way it was not intended. This gives AMs a sense of neutrality on the surface, but delving a little deeper into it, it encompasses the art of the mindset seamlessly: information exists, and we are free to process it and apply it however we want. A great attacker will always apply information for the good of the attack; they will always bend and twist the information in a way that furthers the mission or gains the objective.

In the most traditional sense, an attacker is an individual, or a group of individuals, who seeks to destroy, expose, alter, disable, and steal information or to gain unauthorized access to or make unauthorized use of an asset or person. Attackers are often portrayed as ruthless individuals with almost otherworldly skills and the means to win against their victims. They will try to find the path of least resistance for the biggest gain. To an extent this is true, but as we have already covered in part, an attacker's main ammo is the leveraging and weaponization of information—without this, they are powerless. The world runs on data now, so information is abundantly available. Malicious attackers will use information to gain information from their targets; ethical attackers will do the same but will teach the targets how their own information can be used against them, how to recognize when that is happening, and how to prevent it.

There are two main states of attacker mindset: there's before the vulnerable information has been carved out and there's after. One commonality exists between them: every step you take as an attacker must go in the direction of the objective. The nature of AMs means it boils down to forming information around the objective, inferring in cases, leveraging information where possible, and concealing other information where needed. These are the core competencies that make up AMs, and we are about to start untangling them. But it is prudent to note that you do not need the skills to understand the laws of AMs, and you do not need the laws to use the skills. It's the application of the skills against the laws that makes the mindset:

 The first law of AMs states that you start with the end in mind, knowing your objective. This will allow you to use laws 2, 3, and 4 most effectively.

 Law 2 states that you gather, weaponize, and leverage information for the good of the objective. This is how you serve law 1.

 Law 3 says that you never break pretext. You must remain disguised as a threat at all times.

 Law 4 tells you that everything you do is for the benefit of the objective. The objective is the central point from which all moves an attacker makes hinge. You cannot diverge from the objective set out because of law 1.

It is the interwoven use of five cognitive skills that form the backbone of the attacker mindset:

1 You cannot become a good ethical attacker without a healthy dose of curiosity.

2 Your curiosity will not pay off without persistence.

3 You will have nothing to persist in if you cannot take in information and leverage the most mundane of it correctly.

4 You will need to have mental agility enough to actively adapt information in the moment.

5 If you have all of these skills, you will still only succeed if you have a high level of self-awareness, because you must always know what you bring and how to leverage it. Self-awareness will allow you a higher level of influence over someone else. These five things play a role in every job you will get as an ethical attacker looking to succeed.