Today we'll briefly discuss the "Advanced Script Kiddie" reality.

I have to say that those high-speed infosec programs are effectively "Operator Factories", no more. They aren't trying to create high-level infosecs, they train people to follow a highly sophisticated playbook.

They can take smart kids and give them the greatest proprietary/open-source fuzzer or a lib of pre-written bypasses, but they are still using someone else's brain. These kiddies know how to execute the attack, pivot through the network and maintain persistence using the toolkit, but they have no idea why and how it works.

A 10-year veteran of the CTF usually has a much deeper understanding of why an exploit works, whereas the "6-month operator" just knows that it works. True security researchers write fuzzers, discover the logic flaw in the kernel and design the bypasses the operator is using.

Also those script kiddies are tool-dependent: they are often lost if you take away their custom C2 frameworks or automated exploit builders. In addition, they don't always have the foundational knowledge and creativity to invent a completely new way to hack a hardened system.

Compare them to cybersecurity enthusiasts or top-tier CTF veterans who have been "in the trenches" for 10–15 years. Those guys have seen every era of security.

None
ISBN: 9785941575626

I took my first steps in summer of 2007–08 (I can't quite remember the year) when I bought this book: https://isbnsearch.org/isbn/9785941575626

(Author: I. Sklyarov;

Title: Golovolomki dlya hakera/Puzzles for hackers).

A good start for teens, by the way.

Back then I managed to test various penetration testing techniques (even physical ones) on four different versions of Windows, that was also when I started programming in Pascal and BASIC. I'm not saying I know everything or know more than others, I just want to emphasize this: no matter what you do — whether you're in filmmaking, writing books or aiming to become an astronaut — if someone promises to turn you into a top-notch specialist in just one year, they're lying to you. To amount to anything, it takes years of dedicated effort fueled by enthusiasm.

A piece of advice: gain a solid foundation of knowledge at specialized universities while completing hands-on labs on Hackthebox, TryHackMe, PortSwigger, RootMe and other platforms. Don't waste your time on scoundrels.

These days, there are plenty of great universities with cybersecurity programs. Back when I was in school, my own education was limited to a choice between general programming or a theory-heavy paper security track that lacked any practical, hands-on application.

I hope you found this material useful.

Subscribe to my youtube channel @securesofar if you want to learn more about cybersecurity and cybernetics. I am going to cover a lot of conceptual things there.

See you next time!