Has hacking become a hobby for script-kiddies?

I have been thinking about this for a while know, I went to a class at Stanford last summer to learn penetration-testing. Keep in mind that the class was supposed to be advanced as we all knew the basics already. When I got there I was aggravated by the course as the whole course was using kali linux and the applications that come with it.

After the course was done and I washed off the gross feeling of using other peoples tools, I went online to try to learn some tricks about pen-testing outside of kali-linux tools. To my chagrin, I found that almost 90% of documentation from senior pen-testers were discussing tools like "aircrack-ng" or "burp-suite".

Now I know that the really good pen-testers use their own code and tools but my question is has hacking become a script kiddie hobby or am I thinking about the tools the wrong way?

It sounds very interesting to learn https and network exploits but it takes the fun out of it if the only documentation tells me to use tools.

  • 2
    there was a course in udemy in which a dude was showing pen testing using Python scripts and there are multiple books like that. Normally, learning said tools is a good way to understand the top view of how an attack would work, and people that are more experienced in the field eventually learn how to do those things by themselves with building tools etc.

    Damn near all major tools are ooen sourced, so you can always refer to their code and documentacion, Kali Linux is very powerful at that since it comes with a lot of shit out of the box, keep using it, but look at the tools and their code themselves as well as them books and the udemy tutorial I mentioned, you can probably get it on discount for cheap at some point
  • 6
    To my mind hacking has always predominantly been the domain of script-kiddies. The majority never really advanced beyond punting, simple script exploits, phishing and canned malware. For every Charlie Miller, you have 20 Johnny Lee Miller-derivatives.

    I think it's admirable to what to do and understand things from first principles. I do think your alignment is a little off.

    Most pen testing and security work is more admin-like than engineer-like. It's a task of going on site and running the same spectrum of known holes and exploits and consulting on what clients and employers should be doing. The course seems spot on for testing practical pen testing. That's why distros like kali exist and companies like hak5 exist; roll up all the commonly used tools into an easy to leverage package.

    The tools themselves are heavily vetted and do specific workloads, the details and implementation of which are already well defined. The people implementing the tools focus on a small space they specialize in.

    Security research is the side of things that deals with discovering exploits. They're the ones that reverse engineer code, cpu instructions, etc looking for holes. They also have significantly more education on average, and it's a a competitive space that is results driven.

    Tldr; If you're expecting more than that from a pen testing career, you're likely to be disappointed.
  • 0
    @SortOfTested Thank you for your feedback I will start looking into security research!
Add Comment