Hacking is a different discipline compared to other things that you learn because there is a long feedback loop. In a traditional educational setting, we are used to receiving specific and timely feedback about our performance. From there, we adjust our actions accordingly. In the discipline of hacking, the feedback loop is not as apparent.
If you have a machine with seven possible attack vectors, and only one of them is vulnerable, there is no immediate feedback loop to tell you what type of machine you’re exploiting.
On one hand, we’re trying to teach technical information like what it means to attack web applications.
On the other, there is this whole concept of mindset, adversarial thinking, and how we’re going about the process.
We have to prepare students for situations that we cannot necessarily show them. In some cases, students have to find vulnerabilities in software that hasn’t been written yet.
Traditional education relies on a banking model, by depositing information into a student’s head. We see if what we deposited earlier is still there. For instance, the format of some multiple-choice tests asks a student to recall information. Because the student is merely