Getting Beyond the Basics

Stuart Gentry, Alumnus

During my time in cybersecurity, I have always said that I wanted to know what happens at the level of 1's and 0's, deepening my knowledge of how the exploit actually works. Some people have a hard time understanding this, saying that if there’s an application (i.e. Metasploit) that will do the job, then why not just use it? I understand their point, but I think really digging in to understand what is going on will make you that much more educated.

When I did my thesis on penetration testing, I hacked into a Windows XP machine; but I decided I wasn't done and wanted to learn more. I thought about my mentor telling me, "Once you've hacked, it's a good feeling. However, you may want more." I decided to dive deeper before I completed the thesis and I dissected the exploit code from Metasploit to understand what happened. My mentor knew a Metasploit developer and I was able to give it to him for a vector check and he gave me the thumbs up. This was an even better feeling and I started to learn how the code actually worked.

In my mind, you can start with a script, Metasploit, or other automated program, but understanding the code and what it's doing makes you that much smarter on the hack and what is really going on. This is my mindset dealing with not only software, but firmware and hardware.

I watched a video with HackFormers and Ed Skoudis (SANS Institute). Mr. Skoudis was talking about firmware, memory, and knowing how the hacks happen at this level. Why? Hacks at this level aren't as detectable as they are at the software level. So, if you think about it, when you really start understanding the hardware, firmware, and everything at the 1's and 0's level, you truly understand how a computer works. Today, this kind of knowledge can pay well as not many people understand hacks at this level.

When it comes to Regis University, the education you receive will allow you to investigate and talk about these kinds of hacks especially doing a project or thesis on this kind of topic.

In conclusion, learning how to hack with Metasploit and other applications is one thing; understanding how the exploit works makes a person that much more educated.

Learn more about the online MS in information assurance program at Regis University. Call 877-820-0581 or request more information today!