Time: 3 Hours
Introduction
In this path quest readers can expect to learn more about the attacker mindset.
I believe that if you give a seasoned 0-day finder a smart contract, then they will rip it to pieces and find vulnerabilities everywhere. Their way of thinking, their mindset, is what helps them find vulnerabilities even when they donβt have a grasp of solidity and itβs pitfalls.
This quest will not give you an attacker mindset. This is something you build with experience. Instead it has you familiarise yourself with it, and then it sets you on the right track for exploration.
Note
It would be wrong to think that the attacker mindset is only something applied by security researchers. You can find similar thinking applied by lawyers, mathematicians, academic researchers, etc.
Reading
- https://auth0.com/blog/the-hacker-mindset/
- http://www.catb.org/~esr/faqs/hacker-howto.html#attitude
- https://www.hackthebox.com/blog/the-hacker-mindset
- https://redteams.net/redteaming/2019/building-adversarial-profiles
- Mental Models β https://twitter.com/joranhonig/status/1483111272140972044
Homework
- Review a piece of code and take note of your thinking process, compare it to the strategies and models from the reading. Where do you have overlap, and reflect on what practices you might introduce in your thinking in the future.
- Write a short post on the technique / aspect / mental model you want to include in your workflow and post it here.