Mindset Versus Tools
Hi Everyone,
It has been a while I wrote stuff about anything...blame my employers...:D. Anyway, I just want to put down a short note on why pentesters are not performing well in Nigeria.
The Nigerian Cyber Environment is filled with low-hanging fruits - poorly designed system and application infrastructures are all around the corner. Thus, a regular pentester can WooooW his/her client by just running few commercial tools. In a more difficult terrain, the same pentester will issue a certificate of no risk to the client.
Ok, moving ahead of myself, back to the matter - most uses I have seen of hacking tools in the real world in this part of the globe is so limited, a bit script-kiddish I might say. Even the commercial ones that come with graphical tutorials are even not fully utilised. I dont really know the reason for this, but i think we are less inquisitive about what we see or observe, we still think that some things are really hard to understand, when in actual fact, they are pretty easy.
Another reason is the lack of the hacker's mindset - true hacking is borne out of a midset, not from running tools. Malicious hackers are driven and desparate, this is what makes them successful most times. One must think "evil" in order to achieve "evil", but most people get limited by the tabs and menu they see on their tools. This is because they have allowed their tools to do the thinking for them, thus, at that time, they cannot think out of the box. They allow their thinking to be limited to the results of their automated scanner, I have seen situations that a Pentesting company issued a certificate of no risk to a company based on the fact that their scanner did not detect any vulnerability. They just rubbished the human element (mentality) in Pentesting - the major part of pentesting. A hacker's mindset is not one you learn from someone, it's 99 percent innate.
It is the mindset that produces the excellent results from Nigeria's No 1 Pentesters...shhhhhh..;)
It has been a while I wrote stuff about anything...blame my employers...:D. Anyway, I just want to put down a short note on why pentesters are not performing well in Nigeria.
The Nigerian Cyber Environment is filled with low-hanging fruits - poorly designed system and application infrastructures are all around the corner. Thus, a regular pentester can WooooW his/her client by just running few commercial tools. In a more difficult terrain, the same pentester will issue a certificate of no risk to the client.
Ok, moving ahead of myself, back to the matter - most uses I have seen of hacking tools in the real world in this part of the globe is so limited, a bit script-kiddish I might say. Even the commercial ones that come with graphical tutorials are even not fully utilised. I dont really know the reason for this, but i think we are less inquisitive about what we see or observe, we still think that some things are really hard to understand, when in actual fact, they are pretty easy.
Another reason is the lack of the hacker's mindset - true hacking is borne out of a midset, not from running tools. Malicious hackers are driven and desparate, this is what makes them successful most times. One must think "evil" in order to achieve "evil", but most people get limited by the tabs and menu they see on their tools. This is because they have allowed their tools to do the thinking for them, thus, at that time, they cannot think out of the box. They allow their thinking to be limited to the results of their automated scanner, I have seen situations that a Pentesting company issued a certificate of no risk to a company based on the fact that their scanner did not detect any vulnerability. They just rubbished the human element (mentality) in Pentesting - the major part of pentesting. A hacker's mindset is not one you learn from someone, it's 99 percent innate.
It is the mindset that produces the excellent results from Nigeria's No 1 Pentesters...shhhhhh..;)
Comments
Post a Comment