Penetration Testing with Kali Linux OffSec
|
|
Contextual Learning
. 141 Although we can’t explore all of its details in this Module, this concept suggests that even on an intuitive level, we know that it’s easier to learn how to build a house on a construction site. In other words, when the training material is presented in the same context as the skill that we’re trying to learn, our brain has to do less translation work and can accept the new information more 139 (Szalavitz, 2012), https://healthland.time.com/2012/03/14/do-e-books-impair-memory/ 140 (Oxford Learning, 2021), https://www.oxfordlearning.com/reading-online-vs-offline-whats-best-for-learning/ 141 (Imel, 2000), https://files.eric.ed.gov/fulltext/ED448304.pdf Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 64 readily. This doesn’t mean that books about computers are worthless - it just means that our brains have to do more work to assimilate information from the page and think about it in the context of the computer screen. 4.2.2 Expecting the Unexpected There is another unique challenge that we will face in learning cyber security. This field is consistently focused on trying to prepare for situations we can’t possibly predict. Let’s consider a couple of simple examples. We might learn about Enterprise Network Architecture , which examines the way a business organizes servers, workstations, and devices on a network. Unfortunately, as in-depth as that Module might go, it’s unlikely to cover the exact network architecture that we’ll encounter in some future scenario. In another Module, we might thoroughly and perfectly understand a specific attack vector, and we might even be able to execute it in the lab environment, but that doesn’t mean we will encounter that exact vector in all future environments. We also must take into account that the entire field of cyber security is constantly evolving. New vulnerabilities are discovered all the time. A network that is secure today may not be secure in six months. A student needs to be able to exceed their initial training in order to remain effective in the field. In this way, learning about cyber security is similar to learning transversal skills 142 like leadership, communication, and teamwork. As with these skills, we cannot afford to focus on memorizing a series of steps to take. There is no simple, straightforward standard operating procedure for building better teamwork just as there is no simple, straightforward standard operating procedure for exploit development. Instead, we need to focus on understanding methods, techniques, and the purpose behind certain actions. Let’s return briefly to our example of learning how to secure a network. We mentioned that “A network that is secure today may not be secure in six months.” The best approach to this problem is not to learn a series of steps we can follow to make that network secure today, then learn a new set of steps in six months. The solution is to learn the methodology and the purpose behind each security step. When new risks arise, we’ll apply the same methodology, adapting and evolving along with the changing threat landscape. Later in this Module we will discuss some potential approaches that can help us do this. 4.2.3 The Challenges of Remote and Asynchronous Learning There is one more aspect of this particular type of learning that we will want to take into consideration--the fact that this is a remote learning environment. During the global COVID-19 pandemic, many schools adopted distance learning for the first time, and students of all ages faced the new challenges 143 presented by trying to learn via a computer monitor at home. We must also consider that some online learning is asynchronous , meaning the instructor may not be present in a Zoom call or classroom to deliver a lecture, instruction, or to answer 142 (Lopez and Rodriguez-Lopez, 2020), https://ervet-journal.springeropen.com/articles/10.1186/s40461-020-00100-0 143 (Minnesota State, 2022), https://careerwise.minnstate.edu/education/successonline.html Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 65 questions. Instead, the student can participate in the class at whatever hour or pace works best for them. There are some definite advantages and disadvantages to this type of learning. Students in a remote, asynchronous learning environment should be aware of two things: 1. The advantages that come from the peer support, community, and camaraderie of other students in a traditional classroom setting is no longer a guarantee. 2. The pace and timing of the course is largely the student’s responsibility. We will discuss some practical solutions to the second item shortly, but in order to connect with a wider community of learners, OffSec students have a community of co-learners available on the OffSec Discord Server. 144 There may also be local meetups or other communities available to a student. Seeking out support and help (as well as helping and supporting others in turn) has benefits far beyond the classroom as well. 4.3 OffSec Training Methodology Now that we’ve examined some of the challenges we’ll face as students, let’s explore how the structure and design of OffSec training materials will help us. We won’t be able to go into detail on everything that goes into creating meaningful and useful training. 145 Instead, we’ll focus on a few of the more noticeable strategies that we, as students, will be able to take advantage of. This Learning Unit covers the following Learning Objectives: 1. Understand what is meant by a Demonstrative Methodology 2. Understand the challenge of preparing for unknown scenarios 3. Understand the potential challenges of remote or asynchronous learning While each student will learn at their own pace, this Learning Unit should take about 15 minutes to complete. 4.3.1 The Demonstration Method As one might infer from the name, using the Demonstration Method means showing (or acting out) what one hopes the student will be able to accomplish. To illustrate this, let’s return briefly to our example of learning to rename a file in Linux. One way to provide this information is to be very direct. Use the "mv" command. Listing 10 - Not using the demonstration method. Although this is technically correct, a student might still not fully understand how to use this information. An instructor using the demonstration method will follow the exact steps that a student should follow, including the resulting output of running the command. The relevant information might be better presented with a code block. 144 (OffSec, 2023), https://offs.ec/discord 145 (Hackathorn, Solomon, Blankmeyer, et al., 2011), https://eric.ed.gov/?id=EJ1092139 Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 66 Before showing the code block, we would first lay out our plan and detail any new or interesting commands we’re planning on running. Here we might discuss that we’ll use ls *.txt to list any .txt files in the directory. Next, we will run our renaming command, mv oldfilename.txt newfilename.txt . Finally, we’ll use ls *.txt to check if our command worked. kali@kali:~$ Yüklə Dostları ilə paylaş:
|