To succeed as a cybersecurity analyst, you need to understand the traits, values, and thought processes of hackers, along with the tools they use to launch their attacks.
During a webinar called The Hacker Mindset, a Red Team Researcher shared how you can use some of these tools for your own detection and prevention of breaches. He also demonstrated how an attack takes place using the Follina exploit as an example.
So, what does "the hacker mindset" mean?
The hacker mindset can be characterized by three core values: a strong sense of curiosity, an adversarial attitude, and persistence.
3 core values of a hacker's mindset
1 — "Curiosity might have killed the cat, but it had nine lives."
Curiosity drives hackers to explore and understand systems, networks, and software in order to identify vulnerabilities. Not only are they constantly seeking new knowledge and skills to improve their abilities and stay ahead of security measures, they're constantly applying newly learned approaches, tricks, and techniques in different systems.
2 — "Move fast and break things"
Although dramatically different in context from Facebook's blitz-scaling motto, an adversarial attitude is a mindset that is always looking for ways to defeat security measures, challenge the status quo, and push the boundaries of what is possible.
Hackers are often driven by a desire to prove their own abilities and to test the limits of systems and networks. Hackers constantly ask themselves: "how can I break this?", "how can I exploit this?", "how can I bend this to my will and cause maximum damage?" Cybersecurity teams, on the flip side, are focused on protection. However, employing an adversarial mindset is an essential critical thinking tool that can help drastically improve the organization's cyber posture by preemptively detecting and remediating vulnerabilities.
3 — "Of course I struggle, I just don't quit"
Persistence is an important trait for hackers as they often need to try multiple approaches and techniques in order to find a way into a system. They may encounter roadblocks and failures, but they don't give up easily. They'll will continue to work until they have achieved their goal.
Often hackers remind themselves that cybersecurity teams need to identify and remediate all vulnerabilities while a hacker needs to find only one. The relentless pursuit of vulnerabilities is at their core.
Why understanding MITRE ATT&CK is key
MITRE ATT&CK is a systematic way of understanding and defending against cyber threats by identifying the methods and techniques that attackers use to gain access to systems and steal or damage data.
The framework describes the tactics, techniques, and procedures (TTPs) used by cyber attackers. It's used to help organizations understand and defend against cyber threats.
The framework is divided into different "matrices" which cover various types of threats like enterprise, mobile, and industrial control systems. Each matrix lists the different TTPs that attackers may use, like initial access, execution, persistence, and data exfiltration.
The goal of the MITRE ATT&CK framework is to provide a common language and understanding of the tactics and techniques used by attackers. This allows organizations to better identify and prioritize their security efforts, and to develop more effective defenses against cyber threats.
If you understand the framework, you're one step ahead in finding the right tools that will help you to gain visibility into critical assets like user data, endpoints, servers, and SaaS applications – allowing you to find the next vulnerability before it's exploited by a hacker.
Want to learn more about getting into the hacker mindset? Check out the full recording of The Hacker Mindset here.