There is an old saying that you do not send a fox to guard the hen house. That is usually true in most cases but not in all. Sometimes in real life you have to have a fox to guard the important hens. The reason why is because the fox will be able to show you the tricks of the other foxes. The old hound dog that you have is not able to guard the hen house because he is just not as sophisticated as the foxes. So you bring in this other fox to help you out.
When it comes to the computer security the same thing is true as well. You sometimes need to be able to bring in someone who used to be a bad guy. They will be able to show you some of the things that the bad guys are going to do to try and get into your system. This way you know how their minds think because you have someone who used to be just like them. Any war general will tell you that the best way to win a war is to be able to think like your enemies. It is not just enough to be able to study their moves. You have to know why they are making the moves they are. Being able to get in their heads is the first step in being able to defeat them.
But hiring a bad guy is not the only way to be able to get in the heads of the other bad guys that are out there. While it is effective is not an easy resource to get. But there are other ways to be able to see how they think. Sometimes you have to be able to sit in the bad guys shoes themselves so that you can see why they do what they do. So you need to be able to practice being the bad guy for awhile. That way when you do go up against them, you will not be confused by the battlefield.
Bad is the new good
There are several different ways that you can become the bad guy. Of course you can become the bad guy by writing exploits or trying to break into systems. But that just puts you on the other side of the law and you can really get in trouble for it. No, the best way to be able to get into the bad guys heads is to build your own system to break into. This way you are able to break into a system or deliver a virus all while staying on the right side of the law.
You are going to need to make sure that you use a lot of the same tools that the bad guys use. This means that if you have the commercial version of a tool but the bad guys mostly use a free or open source version of that same tool then you should switch. At least just for the time being. You can go back and use your normal tool later on. But while you are training you need to work with the same tools. Also, if you can get someone else to configure the server that you will be breaking into then that might be a better experience for you. If you already know how the server is set up then you will have an easier time breaking into it. You need to make this as close to real life as possible. This is supposed to be a simulation and not just something to say that you have done. If you do not know how the bad guys are breaking into your system then you will not be able to protect it properly. Sure you might be able to stop most of the script kiddies and new hackers that are out there. But if you go against someone who knows what they are doing then you might find yourself in trouble.
If you are someone who is in charge of a security team then you might want to have them follow this exercise as well. It is a good thing for all people who are trying to protect and secure a system to know how to do this. Some people who just go to school or read manuals may have a general ideal on how to protect the systems that they are in charge of but they do not fully get it. Since you are in charge it is up to you to get them ready for what they might be facing.
The point of the article is to show you that you need to try your best so that you are able to get inside of the black hat hackers head. The more you know about them and their culture the easier it will be to be able to stop what they are doing..