Hacking is a different discipline compared to other things that you learn because there is a long feedback loop. In a traditional educational setting, we are used to receiving specific and timely feedback about our performance. From there, we adjust our actions accordingly. In the discipline of hacking, the feedback loop is not as apparent.
If you have a machine with seven possible attack vectors, and only one of them is vulnerable, there is no immediate feedback loop to tell you what type of machine you’re exploiting.
On one hand, we’re trying to teach technical information like what it means to attack web applications.
On the other, there is this whole concept of mindset, adversarial thinking, and how we’re going about the process.
We have to prepare students for situations that we cannot necessarily show them. In some cases, students have to find vulnerabilities in software that hasn’t been written yet.
Traditional education relies on a banking model, by depositing information into a student's head. We see if what we deposited earlier is still there. For instance, the format of some multiple-choice tests asks a student to recall information. Because the student is merely being asked to deposit facts, multiple-choice items can be poor indicators of a student's ability to apply knowledge to solve complex problems.
Our students need and deserve more than that. Thus, we challenge students to go far beyond the series of steps that we have shown them.
Know how you learn.
With virtual learning, the sense of momentum that's created when a teacher is walking around a room isn't there anymore. The sense of comradery isn't the same as in a physical classroom setting.
This is when self-awareness about how you learn is critical. Ask yourself: do I learn better by reading? By doing, or seeing? What sort of help do I need? When should I ask a Student Admin for help?
Watch the webinar to learn more about how we teach hacking. Harbinger and Johnny further discuss:
- OffSec’s take on learning security and pentesting skills
- Tips for getting the most out of your OffSec Course
- Why and how we teach the “Try Harder” mindset