Penetration Testing with Kali Linux OffSec
ls *.txt oldfilename.txt kali@kali:~$ mv oldfilename.txt newfilename.txt
|
|
ls *.txt
oldfilename.txt kali@kali:~$ mv oldfilename.txt newfilename.txt kali@kali:~$ ls *.txt newfilename.txt Listing 11 - Renaming a file and checking our results. After the code listing, we would explain our results. In this case, we listed the .txt files and only had one, named oldfilename.txt. We then ran our renaming command and received no output, as expected. Finally, we checked our results by running ls *.txt again. This time, the output shows the only .txt file in the directory is newfilename.txt. We could take further steps to ensure this file contains the same contents as earlier, and that only the filename has changed. While it may seem unnecessary to include these extra items, this sort of demonstration and description begins to expose the thought process that a student will need to learn. We verified our work in this case and checked that our command worked. Although that’s not necessarily part of renaming a file, getting in the habit of checking our work is an excellent habit to adopt. Sometimes the material will take what feels like a longer route in order to show both the new skill and a useful context. It may also actively expose and discuss the instructor’s “mistakes” and redirections. Demonstrating a thought process in this manner is called modeling , 146 and was developed as a way to teach critical thinking skills . 147 4.3.2 Learning by Doing Doing something helps us learn it. There is an absolute wealth of research to support learning by doing as a method that increases memory retention and improves the overall educational experience of a learner. 148,149,150,151 We know this method works well for learners, and OffSec has applied it in several ways. 1. The Training Materials 2. The Module Exercises 146 (Intel, 2012), https://www.intel.com/content/dam/www/program/education/us/en/documents/project- design/strategies/instructionalstrategies-modeling.pdf 147 (Daniel, Lafortune, Pallascio, et al., 2005), https://www.researchgate.net/profile/Marie- france_Daniel/publication/262849880_Modeling_the_Development_Process_of_Dialogical_Critical_Thinking_in_Pupils_Aged_10_to_12_ Years/links/54ee0f110cf25238f93984dd.pdf 148 (Koedinger, McLaughlin, Kim, et al., 2015), http://pact.cs.cmu.edu/pubs/koedinger,%20Kim,%20Jia,%20McLaughlin,%20Bier%202015.pdf 149 (Bates, 2015): https://opentextbc.ca/teachinginadigitalage/chapter/4-4-models-for-teaching-by-doing/ 150 (Boser, 2020): https://www.the-learning-agency-lab.com/the-learning-curve/learning-by-doing/ 151 (Djavad Mowafaghain Centre for Brain Health, 2018): https://www.centreforbrainhealth.ca/news/learning-doing-better-retention- learning-watching/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 67 3. The Challenge Labs 4. Proving Grounds The training materials themselves will always trend toward focusing on scenarios that we can follow along with. There are times when we need to discuss a bit of theory so that we have enough background to go deeper, but in general, if the material can demonstrate working through a problem, then the expectation is that the student should be able to follow along. Often a virtual machine (VM) is specifically built in order to accommodate this. The Module Exercises themselves will often involve working with a VM as well. This is the approach as often as is reasonably possible, but with some Modules (this one, for example) that are more theoretical, exercises are presented in a more standard question-and-answer format. The OffSec Library also contains Challenge Labs , which take the exercises one step further. A Challenge Lab is, essentially, an environment of additional practice exercises specifically created to help learners prepare for an exam (which, perhaps as expected, is also hands-on). We highly recommend that students take advantage of this additional opportunity. Finally, we leverage assessments and exams. These are exercises and networked lab environments specifically for proving the skills we’ve learned. Since a real world environment will not give us a clear indication for which vulnerabilities might be present on a system, we don’t create a 1:1 link between a course module and an assessment (for example, we don’t advertise whether or not a machine is vulnerable to privilege escalation). With this in mind, the skills and methods students will learn in the courses are directly applicable in the assessment and exam environments. 4.3.3 Facing Difficulty There is a common expression that “practice makes perfect”. That may be true, but it begs the question, what makes for ideal practice? Let’s consider the following experiment that was performed in 1978. 152 A group of 8-year-old children were divided into two groups to practice a simple task: toss a small bean bag into a target hole. After being introduced to the task with the target at a distance of three feet (about 90 cm), the groups spent the next three months practicing. One group kept practicing with the target at the same distance. The other aimed at a pair of targets - practicing with distances of both two feet (60 cm) and four feet (120 cm). In the final test, the task was to toss the bean bags to a target three feet away. The group who had spent all of their practicing at that exact distance was in fact bested by the group who had practiced at two and four feet. This and other studies demonstrate that struggle is not only important to the learning experience, but it’s actually more important than mere repetition for creating the neural pathways that help us learn new skills. 152 (Kerr and Booth, 1978), https://pubmed.ncbi.nlm.nih.gov/662537/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 68 This necessity for struggle means that we won’t do much exact repetition in the OffSec learning materials. Since learning is self-directed, students seeking more repetition can return to specific Yüklə Dostları ilə paylaş:
|