I'm not a philosopher or critical thinking expert. But, being an offensive security specialist I'm very much interested in this topic, I would like to share my thoughts on adversarial mindset, philosophy, and critical thinking in the context of cyber security. I will keep updating this page as I learn and understand more.
Let's think about human history. Humanity has witnessed the rise and fall of a thousand kingdoms, along with their strugles and battles they have been through. Its also observable that how each generation enhanced their fortresses by applying knowledge gained from previous conflicts and attacks. Through the pursuit of ultimate offensive strategies, adversaries devised the next best attack plans and waged wars. At the same time, there were new kingdoms and civilizations with much better capabilities to defend and keep the invaders at bay.
History has seen a huge number of these events and the fall of empires. The adversarial mindset and tactics evolved over the generations of human history, playing an important role in either building or destroying civilizations. This shows the evolution of adversarial mindset and its impact on the progress or downfall of civilizations. We could notice the repetitions in modern day warfare as well. But in this blog post, I'm only going to talk about the significance of adversary mindset in the field of cyber security.
What is Adversary mindset? OR What is Adversarial mindset? The adversarial mindset is the ability to think like an actual adversary or an attacker. It is all about stepping into the shoes of the attacker, and malicious threat-actors to anticipate their moves, strategies, and tactics. This approach goes beyond conventional security measures by exploring security weaknesses and vulnerabilities that might be missed most of the time. By having the mindset of the enemy or thinking like the enemy, cyber security professionals, red team operators OR professional hackers will be able to think outside the box, gain a deeper insight into potential vulnerable points and measure the efficacy of existing defense systems. Being curious and having an adversarial mindset are the key traits of a true hacker!
In the offensive security industry, having an adversarial mindset is ultimate. Professional hackers and penetration testers leverage this perspective to uncover security issues, exploit vulnerabilities, and mimic attack scenarios. By adopting the mindset of a malicious threat-actor, security professionals can uncover security gaps before an actual threat actor or groups.
Similarly, red team operations simulate real-world threats to assess an organization's defense posture, detection, and response capabilities following the People-Process-Technology format. The adversarial mindset is the key motivator behind the operator to perform these exercises.
The proper assessment of an organization's cyber defense capabilities enables the security teams and management to fine-tune the security strategies, prioritize improvements, and develop incident response plans.
Richard Paul and Linda Elder define critical thinking in The Foundation for Critical Thinking, as below;
Critical thinking is that mode of thinking - about any subject, content, or problem - in which the thinker improves the quality of his or her thinking by skillfully analyzing, assessing, and reconstructing it.
In layman’s language, critical thinking is the process of actively and objectively analyzing, evaluating, and synthesizing information, arguments, or situations to make decisions or judgments. It offers a proper process and approach to help us to reach logical conclusions. But, how does it help us with cyber security? Whether its offensive or defensive security; critically examining and questioning security and defense systems, policies, assumptions, potential vulnerabilities, adversary groups or threat-actors; critical thinking enhances the ability to identify, respond proactively to cyber threats and develop effective defense systems. I'm not implying that we need to become a critical thinking and philosophy expert, but taking some time to explore these concepts with reading or research can enhance the abilities of security professionals and contribute to the professional slash personal growth.
Red team operations and development is a favorite book of mine, written by Joe Vest and James Tubberville. An inspirational, realistic collection of thoughts on adversarial mindset, methodologies and TTPs for red team professionals. The book has a dedicated exercise section for adversarial mindset challenges. I’m going to include one scenario from the book for you to think critically and come up with a logical answer.
Contemplate the following and think of areas in which common misconceptions or bias influence how security is implemented or approached in your organization. Given the red dots are areas in which combat aircraft are often hit during engagement, what does the following diagram indicate? What would be your recommendations for additional armoring of the aircraft?
I respect the authors of these challenges and I certainly dont want to reveal the solution here in this blog. I hope you have figured out the answer to this scenrio. Anyway, the solution for this critical thinking scenario was mentioned in the red team operations and development book. Also it can be found under the Adversarial Mindset Challenge section in the REDTEAM.GUIDE website hosted by the book authors.
The cover image refers to Theyyam, which is a famous ritual art form that originated in the southern part of India. Image credits goes to unsplash.com The mindset challenge image credit belongs to redteam.guide
Last updated on 25 Jan 2024
Go back to Blog and Random Thoughts