Kotov, Alexander - Play Like a Grandmaster - Bellaire Chess Club
A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a...
Transcript of A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a...
![Page 1: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/1.jpg)
APraiseforHackersRodrigoRubiraBranco(BSDaemon)
rodrigo*noSPAM*kernelhacking.comh?ps://twi?er.com/bsdaemon
“Astheareaofourknowledgegrows,sotoodoestheperimeterofour
ignorance”NeildeGrasseTyson
![Page 2: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/2.jpg)
Whythisisdangerous• Thiswillbeoneofthethingswewilldiscuss:– DoestheposiJonofsomeonereallyma?ers??– Shouldwetrusteveryone?– Judgetheidea,nottheperson.Refutewhatsomeonesays,notwhoheis.
![Page 3: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/3.jpg)
CorporateDisclaimer
• Idon’tspeakformyemployer.AlltheopinionsandinformaJonherearemyresponsibility
• InterruptmeifyouhavequesJonsorimportantcommentsatanypoint.• IMPORTANT:No,I’mnotpartoftheIntelSecurityGroup(McAfee)
![Page 4: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/4.jpg)
PersonalDisclaimer• Idonotrepresentthehackingcommunity.Idonotrepresent
anyone,butmyself
• Inmyopinion,noonecanactuallyrepresentthehackingcommunity,notevenasubsetofit(likeforexample,hackersfromagivenlocaJon)
• WhatIcando,istogiveMYopinionsonit,basedonmyobservaJons.Thatmeans,averylimited,narrowedviewofwhathackingisandrepresents
• Giventhesizeoftheaudienceandvarietyofprofiles,itishardformetodefinetherightmessage(tootechnical,notechnicalatall,career,olderpeoplethanme,youngerpeoplethanme…)->ForgivemeinadvanceifyoufeelunderesJmatedornotvalued
![Page 5: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/5.jpg)
Sotrue…
• “NoChessGrandmasterisnormal;theyonlydifferintheextentoftheirmadness”– ViktorKorchnoi
• “Nohackerisnormal;theyonlydifferintheextentoftheirmadness”– BSDaemon
![Page 6: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/6.jpg)
ObjecJves
• Theworldchanged,wemustchangeaswell
• Tryanddisseminatewhat/howpeoplecandotocontributetothehackingcommunitythatIknow
• Praisetheworkofhackerschangingtheworld,theirimportanceandproposeotherareastoresearch
![Page 7: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/7.jpg)
Whyarewehere?
![Page 8: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/8.jpg)
Source:Tweetby@dotMudge
1/3ofGovernmentSystemsVulnsisintheSecuritySoaware
![Page 9: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/9.jpg)
TostarttheconversaJon
• Whenyoureceiveanidea,Jp,recommendaJonremembertoevaluateitinyourowncontexttoseeifitappliestoyou->Yourdecisions,yourimpacts(posiJveandnegaJveones)
• Behonestatleasttoyourself(trytobemorecriJcaltoyourselfthanyouaretoothers,evenifyoudon’tshareyourfindings)– Thiswillhelpyou,andonlyyou
![Page 10: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/10.jpg)
Whyakeynoteisalwaysdifficult• ShowsthatwegecngoldJAndasso,wehavelotsofhistoriestoshare
• Weneedtobalancethecontent,wecan’tbetechnical,butweareinatechnicaleventaaerall:/
• Reemphasizingthatifyoudon’tagreewithwhatIsay,justdon’tfollow.Ifyoudo,follow,changeJtheconsequencesareonyoueitherway.
![Page 11: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/11.jpg)
ThreePointstoTakeOut• CaremoreaboutwhatYOUdothanwhatothersdo(unless
theyreallydamagingpeople)– Researchersshouldhavefunandenjoywhattheydo– Eveniftheyarecapableofmore,whyassumetheywanttodomore?
• TreatinformaJonyoureceiveasdata,processandgetto
yourownconclusionsonit– Deepnessofanalysisdependsonimportance
• DisseminaJnginformaJonisdifferentthandisseminaJnggarbage(areweattheinformaJonageoratthegarbagepassage?)->Areyou*REALLY*helping?
![Page 12: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/12.jpg)
InformaJonorjustdata?
• WhenyoureceiveaninformaJon,treatisasjustdata(unprocessed),doyourownanalysisandcriJcismbeforeconsideringitaninformaJon– Deepnessoftheanalysisdependsontheimportance/impactofthatinformaJon
![Page 13: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/13.jpg)
Howtostudy?Howdoyoulearn?• Whenyouwanttostudyapaper,understandwhatareyourexpectaJonoflearn(forexample,youwanttolearnanewexploiJngtechnique)
• Startreading,andforeachitemyouknownothingabout,createaniteminatree->leamostifitaffectsthelearningofthesubjectma?er;rightifitdoesnot
• Godeep,ontopicsfirst.
Source:Adaptedfromthebook“Thinklikeagrandmaster”–AlexanderKotov
![Page 14: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/14.jpg)
StudyTreeI’mbadwithgraphics,butitisnotbinary
StarJngPaperA
B SubjectessenJaltounderstandpaper
C SubjectessenJaltounderstandB
D SubjectinteresJng,butnotessenJal,visitlater
![Page 15: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/15.jpg)
Great,butwhattoprioriJze?• MikhailBotvinnikwasathree-JmesworldchampionofchessandhadaspupilsAnatolyKarpov,GarryKasparovandVladimirKramnik
• Evenaaerthat,itwassaidthathelistenedtobasicchesslessonsintheradio.Thereason:Toalwaysremindofthefundamentals.Keepthemsharp
• NOTE:I’venotaddedareferencebecauseIcouldn’tfindone,maybeImixednamesofthegrandmasters.Ifyouhaveareferenceonthat,pleasesenditmywayJ
![Page 16: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/16.jpg)
TheFundamentals
• TheessencebehindcomputaJondidnotchange:– TheTuringMachinemodelofcomputableproblemsexistsevenbeforedigitalcomputers(1936)
– Chomskyworkonlanguagehierarchyworkisfrom1950’s
– TCP/IPisfrom1980– TheessenceofPCarchitecturetooJ
![Page 17: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/17.jpg)
LearningxMemorizing
• “Memoriza=onofvaria=onscouldbeevenworsethanplayinginatournamentwithoutlookinginthebooksatall.”
– MikhailBotvinnik
• “Nevermemorizesomethingyoucanlookupinabook”
– AlbertEinstein
![Page 18: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/18.jpg)
LearningPlan?• OnceinachesscompeJJon,grandmasterswereanalyzing
aposiJon->Theymostlyagreedagivensidehadadvantage(let’ssaywhite)
• Capablancawaspassingbyandwasaskedtogivean
opinion:hesaidblackhadaclearadvantage(!)• Whentoldtodemonstrateit,insteadofdoingmoves,he
justchangedtheenJreposiJontosomethingnew->Tothesurpriseofthegrandmasters,therewerenothingwhitecoulddotoavoidthegametogetintothatposiJon
• NOTE:I’vealsonotaddedareferencebecauseIcouldn’tfindone,maybeImixednamesofthegrandmaster.Ifyouhaveareferenceonthat,pleasesenditmywayJ
![Page 19: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/19.jpg)
Didyoureallylearntothepointthatyoucanextend?
• “Chessbooksshouldbeusedasweuseglasses:toassistthesight,althoughsomeplayersmakeuseofthemasiftheythoughttheyconferredsight”– JoseRaulCapablanca
• “Ifyoureallyknow,youcanhack”– BSDaemon
![Page 20: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/20.jpg)
“SharingisCaring”ornot
• WeareintheinformaJonage.Butmostofwhatwereceiveisactuallytrash
• Beforesharingsomethingyousaw,whataboutread,understand,think?Somehowpeoplehidebehindthe‘sharingisnotendorsementmantra’.IcanshareinteresJngthingsthatIdonotendorse(forexample,tostartdiscussions,todemonstrateanotherviewpoint)
• Peoplethatreadwhatyousharetrustyou,areyoureallyhelpingthemsharingwhateveryouseejustbecauseitisnew?Thatishowhoaxesspread.Youarealsojudgedbythat(aaerall,doyouhavetheJmetoreadeverythingyoujustforwardingornot?OrallyourJmeisspentfindingthingstoshare,butyouneveractuallystudythem?)
![Page 21: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/21.jpg)
“Publishfast”• Peoplemistakehelpingthecommunitywithpublishingwhatevercrappycomestotheirminds
• Thiscanbea?ributedtothemisunderstandingoftheopen-sourcecommunityofpublishitfast– Butyoudon’tdiscussthingswithpeoplefirst?– Beforeyoupublishsomething,thinkifyouarereallyhelpingthecommunityorifyou’remakingpeoplewastetheirJmes:Becausethatdamagesthecommunity,itdoesnothelpanybody!• SothinkaboutyourobjecJves:Doyoujustwanttoshow-offoryoureallybelieveyoucontribuJngtothecommunity?Thereisahugedifferencethere!
![Page 22: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/22.jpg)
NewgeneraJons• NewgeneraJonscomenaturallytoreplaceandbesuperiortothe
previousones(ifyoubelieveinevoluJon)• Probablyintheaudiencetherearealreadymany(ormost)people
thataremuchbe?erthanme(notthatdifficult).Andthatisnatural!
• Therewillbealwaysacollisionofideas,andtheprevious
generaJonsobviouslydon’twanttolosetheirimportance!Thedifferenceonthatnaturalcollisionisthewayyouchallenge:– Isthatthrutechnicalsuperiorityor;– Personalthings?WhichinpracJceshouldbeconsideredirrelevant(I
reallydon’tcarewhichcaryoudrive,howmuchmoneyyouhaveortowhomyoudidablo****togetallthatJ)
![Page 23: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/23.jpg)
Thenewspeed?
• “Halfthevaria=onswhicharecalculatedinatournamentgameturnouttobecompletelysuperfluous.Unfortunately,nooneknowsinadvancewhichhalf”– JanTinman
• Wesomehownowadaysexpectresultsbeforethe‘a**-workingJme’
![Page 24: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/24.jpg)
ConstrucJveCriJcism• Ithinkthisisbull****
• GeneraJonswillconflictandideaswillbechallenged:– Butchallengetheidea,nottheperson(whythepersonma?ers?Ishe
rich,tall,fat,weird…)– TransformgarbageinchocolateJ->Ifyouactuallyrefutetheidea,or
demonstrateitwrong,thanthefieldevolves
• Thereisnosuchathingasjunkhacking– Weshouldhackbecauseitiscoolandwehavefun– Anythingelseisnothacking(evenifitisagreattechnical
accomplishment)– Iprefersimple,buttruethanveryhard/complexbutmoney-moved– Andbtw,sincewhenthemediacoverageofsomethingshowsits
importance??
![Page 25: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/25.jpg)
Trust
• Trustisgiven,notdeserved
• Itisthewaythathumansare,that’swhysocialengineeringworks!
• Thisisalsowhatgeneratestheproblem,becausesecurityissomethingcounter-natural,andpeopleseehackersasparanoids– TrustshouldnotbetransiKveeither
![Page 26: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/26.jpg)
Ishackinggrowing?OristheSceneDead?
• FXforesaw“TheexJncJonofhackers”inapaperfrom2005(whichbythewaychangedmycareerandideas)
• Butishackingdead?Howcomeifweseemoreandmorehacking-relatedthings?LookintothesizeofthisconferenceJ
• Thema?erishackingusedtobeanundergroundculture(orsub-culture)andnowitismainstream– PeoplegetconfusedbetweentechnicalexperJseandhackingmentality(from
theoriginalsub-culture)– Corporateinterestsandintelligenceagenciesinfluencethehacking
communiJes,sharing,publicaJonsandothers
• InthepastEVERYcomputeruserwasaprogrammer.Don’tyoumiss“whenmenweremenandwrotetheirowndevicedrivers”?
• Quote:LinusTorvalds,1991.
![Page 27: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/27.jpg)
Thesceneisdead…?
• “Chessisnotlikelife...ithasrules!”– MarkPasternak
• “andsodoesCTFs”– BSDaemon
![Page 28: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/28.jpg)
LearningfromOthersRussiaxBrasil
• BothcountrieshaveconJnentalsizes
• Bothcountrieshavestrongwilledpeople,whichcanbedemonstratedbythemilitaryhistoryofRussiaandbytheeconomicgrowthofBrazil(ok,notthatmuchlately)
• SharecommonvocabularywordsJ
• BothseemstoberelevantinthemalwarecreaJonarena->Okthatisnotreallyimportantfortheargument
• SowhyweseemuchmoreRussianresearchers??– RussiansareproudofRussians– Theyhelpeachother,theypromoteeachother– Theysupportotherresearchers,insteadofpointfingers,insteadofsupporKngforeignones
![Page 29: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/29.jpg)
Evolvingthecommunity?
• “Somepartofamistakeisalwayscorrect”– SaviellyTartakover
• “anaccumula=onofsmalladvantagesleadstoasupremeadvantage.”– WilhelmSteinitz
![Page 30: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/30.jpg)
Hackersarechangingtheworld
• LotsofhackerscurrentlyworkforbigcorporaJonsand/orindependently
• Theyworkingonpushingdefensivetechnologiesinhardware,operaJngsystemsandmanydifferentsoaware
• TheyalsoworkingonfindingandpatchingsecurityvulnerabiliJes
![Page 31: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/31.jpg)
ArtxExploiJng• “Chessistheartwhichexpressesthescienceoflogic.”– MikhailBotvinnik
• “ExploitaKonistheartwhichexpressesthescienceoflogic”– BSDaemon
• “IfexploiKngisanart,wehavepoeKclicense”– BSDaemon
![Page 32: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/32.jpg)
Yourcareer,yourchoice(s)
• ItispossibletodointeresJngandimportantresearchindifferentscenarios,eachwithitsownchallenges:– Independently(usingpersonalJme,ormakingthatyourowncompany)
– Inasmallcompany(eitheronethatoffersprimeservicesoronethatgivesplentyoffreeJme)
– InabigcorporaJon(inresearchorproductsecurityteams)
![Page 33: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/33.jpg)
OffensiveandDefensiveResearchareImportant
• Offensiveresearchisimportanttokeepthestate-of-the-artknowledgeandunderstandingofoffensivestrategies
• Defensiveresearchisextremelyimportanttobesustainable(justfixingbugsisnotenoughasadurablestrategythatdealswithmoderndevelopmentgrowthandsoawaredependency)
![Page 34: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/34.jpg)
“Therewillbealwaysbugs”
• Engineeringprocesstriestocatchandfixthose
• Thatdonotmeanwecan’tworkonmiJgaJonsofcapabiliJesoncethosebugsexist– Andtheperformancetrade-offofcurrent/exisJngmiJgaJngtechniquesdemonstratetheyarereal/pracJcal
![Page 35: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/35.jpg)
DefensiveResearch
• Thereisaclearneedfordefensiveresearchandprojectslikegrsecurity/PaXneedtobepraised,helped,admired,learnedfrom
• Theyadvancedthefield,createdtheideasthatcamemanyyearslatertomodernhardwareandOSes
• TheyareSTILLyearsahead!
![Page 36: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/36.jpg)
Open-sourcexHackingLinusxResearchers
• Disclaimer:IhavenothingagainstLinus,IactuallyappreciatehisworkandfindhiscommunicaJonstylequitefunny(btw,whatistheproblemwiththemonkeys?Penguinsdoittoo)
• TheproblemisnotonlyLinus,buthowweseesecurityresearchingeneralaswell– Offensiveiscool– Defensiveisboring,useless
![Page 37: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/37.jpg)
CreaJveAcJvity
• “Chess,likeanycrea=veac=vity,canexistonlythroughthecombinedeffortsofthosewhohavecrea=vetalent,andthosewhohavetheabilitytoorganizetheircrea=vework.”– MikhailBotvinnik
![Page 38: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/38.jpg)
AmessagetoLinuxDevelopers• InsteadoftryingcriJcizingthelackofengineering
knowledge,whydon’tyoutrytoseeifmaybeyoudon’thavealackofunderstandingoverthecompleteproblem?(thesecurityproblems)
• WhynotgivetheopJontoyouruserstousethebest
securitypossibleatleast?• Rememberthatmostbigareamaintainersareactually
employeesofbigcorporaJonsandmaybetheyarenotreallydoingwhatisbestforthecommunitybutwhattheyaretoldto(see,everyoneactuallymighthaveahiddenagenda,socarefulwithhoaxesandwhatyoubelieve)
![Page 39: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/39.jpg)
PsychologicallyBrutal
• “Fewthingsareaspsychologicallybrutalaschess”–GarryKasparov->HeclearlynevercontributedtotheLinuxkernelJ
![Page 40: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/40.jpg)
Whatcanweimprove?
• Weresearchersareculpabletoo:– EveryJmewedemonstrateabypassofsomething,weforgettomenJonthemanyJmesthatsomethingisactuallyuseful
– WealsoforgettomenJonwhatistheactualstateoftheartforthegiventechnologywebypassing,andwhichmistakesweremadeinthespecificimplementaJonwetargeJngJ
Sources:h?p://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/h?ps://forums.grsecurity.net/viewtopic.php?f=7&t=4309
![Page 41: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/41.jpg)
Egobreakage
• “IlikethemomentwhenIbreakaman’sego”– BobbyFischer
![Page 42: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/42.jpg)
Whatthefutureholds?
• Understandwhatsecurityisreallyaboutandwhataretherealsecurityaspectsofasystem:– Complexityisbad;– AssumpJonsaredangerous;– ComposiJonofsystems!=thesecurityofeachelementofthatsystem
– Whatisformallyprovenisnotnecessarilycorrectifthepre-requirementsandsimplificaJonsofthecompuJngmodelarenotcorrectaswell(iftheylosepower)
![Page 43: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/43.jpg)
Conclusions• CaremoreaboutwhatYOUdothanwhatothersdo(unless
theyreallydamagingpeople)– Researchersshouldhavefunandenjoywhattheydo– Eveniftheyarecapableofmore,whyassumetheywanttodomore?
• TreatinformaJonyoureceiveasdata,processandgetto
yourownconclusionsonit– Deepnessofanalysisdependsonimportance
• DisseminaJnginformaJonisdifferentthandisseminaJnggarbage(areweattheinformaJonageoratthegarbagepassage?)->Areyou*REALLY*helping?
![Page 44: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/44.jpg)
Theend!!Reallyis!?RodrigoRubiraBranco(BSDaemon)
rodrigo*noSPAM*kernelhacking.comh?ps://twi?er.com/bsdaemon
“Astheareaofourknowledgegrows,sotoodoestheperimeterofour
ignorance”NeildeGrasseTyson
![Page 45: A Praise for Hackers - repo.zenk-security.com · Source: Adapted from the book “Think like a grandmaster” – Alexander Kotov Study Tree ... – Before you publish something,](https://reader034.fdocuments.us/reader034/viewer/2022051321/5b0dc2247f8b9a685a8ea31a/html5/thumbnails/45.jpg)
Conclusions• CaremoreaboutwhatYOUdothanwhatothersdo(unless
theyreallydamagingpeople)– Researchersshouldhavefunandenjoywhattheydo– Eveniftheyarecapableofmore,whyassumetheywanttodomore?
• TreatinformaJonyoureceiveasdata,processandgetto
yourownconclusionsonit– Deepnessofanalysisdependsonimportance
• DisseminaJnginformaJonisdifferentthandisseminaJnggarbage(areweattheinformaJonageoratthegarbagepassage?)->Areyou*REALLY*helping?