Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Hacker Skills – How do you see yourself?

Recently Thomas Holt and Max Kliger from the Honeynet Project released a paper on the “The Social Dynamics of Hacking” in which they talk about “insight into current security threats”. The paper (PDF) is well worth a read, but in particular one diagram made me think a little.

The paper goes into more detail about the skill level of hackers defining the various grades in the pyramid (Figure 1). The paper goes on to discuss the global distribution of skills, and I won’t reiterate what they, said… you can all read for yourselves after all.

This got me thinking though. The paper takes an external viewpoint, rating and discussing the level of hackers from a 3rd party view. However, we in the hacker community (or I guess more correctly for this blog, the InfoSec community) are a strange bunch. We range from the socially inept and quiet type, through to the loud-mouth media whores that usually end up on the TOP lists, partially through talent, and partially through incessant whining that we weren’t on the last one.

Given that a range of people read this blog (at least a dozen I hope), how do we see ourselves on this scale? It’s easy to say to others that you’re a skilled hacker, or to be self-deprecating and say unskilled… but when you sit for a moment and think, where do you really rate yourself?

Skilled Hacker Substantive abilities to identify new vulnerabilities, create exploits, and implement new programs that can be used for various attacks

Semi-skilled Hacker Can recognize and use various tools and exploits, though they often do not have the technical proficiency or interest to generate these tools on their own

Unskilled Hacker Little understanding of the mechanics of an attack or compromise, and depend entirely upon the ingenuity of other hackers in order to engage in attacks

based on descriptions from the “Know Your Enemy: The Social Dynamics of Hacking” paper

Be honest… as there’s  little point in everybody saying they’re the king of the hacker world! All poll entries are anonymous, and only statistics will be used.

Links:

  • Know Your Enemy: The Social Dynamics of Hacking (PDF)
Advertisements

2 responses to “Hacker Skills – How do you see yourself?

  1. Captainhooligan June 6, 2012 at 14:31

    What’s funny about this is that the most skilled individuals won’t say they are the most skilled. The great thing about this community is that information is usually shared pretty openly. The knowledge is shared more specifically. People don’t share 0-days too often lol.

  2. ChrisJohnRiley June 8, 2012 at 15:31

    It depends on the 0day… there’s a lot of low quality stuff flying about (CXX, CSRF, DoS in X product). There’s not much good RCE going for free though!

%d bloggers like this: