The Five Remembrances of Hacking
The Buddha taught what are known as The Five Remembrances to help us make friends with our fears of growing old, getting sick, being abandoned, and dying. As a practitioner of Zen, I am constantly looking for ways to apply the teachings to different aspects of my life that seem to have no spiritual bearing whatsover. After all, what good are these ancient teachings if they cannot be applied to one’s present circumstances? The Buddha himself would say that such things need to be “thrown out” into the river like the raft after it has helped us cross over to “the other shore”.
Through the contemporary wisdom of our belvoed teacher Thay (Thich Nhat Hanh may peace and blessing be upon him), in his teachings on Fear, I was able to adapt the remembrances as an aid to help me along my journey through the field of information/cybersecurity.
In this post I will share my adaptation with the intention that it may be of help to someone else along their journey also.
The Five Remembrances of Hacking are as follows:
My Zero-Day exploit or high impactful bug is of the nature to grow old, I cannot escape my Zero-Day exploit or high impactful bug growing old.
My system, my application, my organization is of the nature to have vulnerabilities, I cannot escape my system, my application, my organization having a vulnerability.
My system, my application, my organization is of the nature to be hacked, I cannot escape them being hacked.
All my favorite techniques and methodologies that I love using are of the nature to change. There is no way to escape having to change the techniques and methodologies that I love use.
I inherit the results of my acts of body, speech, and mind. The actions and contributions that I take and make as a bug-bounty hunter, threat hunter, or cybersecurity professional are all my continuation.
1. My Zero-Day exploit or high impactful bug is of the nature to grow old, I cannot escape my Zero-Day exploit or high impactful bug growing old.
In addition to getting caught up and dwelling on exploits that were discovered in the past, we often walk around in fear of what will happen if someone discovers a zero-day exploit or a high impactful bug before we do. Why? Because when and If that happens, not only will we not be credited for this, but after it’s release, the exploit or bug becomes old pretty quickly, leaving us to rush back into our labs in search of “another” zero-day exploit or high impactful bug.
This cycle then repeats and before we’re aware of it, we’re entangled in what I call the saṃsāra of hacking: hunting bugs or exploits, discovering bugs or exploits, exploiting them for P.O.C, triaging, and finally gaining awards/recognition. All of this only to be repeated in a never ending cycle similar to that of birth, death, and rebirth. Over and over again…
2. My system, my application, my organization is of the nature to have vulnerabilities, I cannot escape my system, my application, my organization having a vulnerability.
Every system, every application, and every organization is of the nature to have vulnerabilities. This cannot be escaped. If this was not so, there would be no Red, Blue, nor Purple teams. Our positions within cyber-space would be useless.
When our security posture is up to par and we are not suffering from any security events, we may think that being vulnerable is for other companies. We look down on other companies, saying, “this company is always being hacked by the simplest of exploits, they are constantly having to do incident response to the low hanging fruits”. We think we’re not like them but one day, we will also fall victim to a breach.
3. My system, my application, my organization is of the nature to be hacked, I cannot escape my system, my application, my organization from being hacked.
It’s a simple and true fact that we’re reluctant to face. That we will all be hacked. Most organizations don’t take this seriously because it’s painful to look deeply into it. Our reputation being the subject of ridicule, our budgets being extremely affected, our having to shut down operations, etc.
When we really face the fact that we will get hacked one day, and maybe sooner than we think, we won’t embarrass ourselves by doing ridiculous things. Like keeping up the illusion that we will continue doing business forever without being hacked.
4. All my favorite techniques and methodologies that I love using are of the nature to change. There is no way to escape having to change the techniques and methodologies that I love use.
With quantum computing becoming a reality and Moore’s Law being applied at warping speeds, this will potentially lead to more sophisticated attacks on critical infrastructure. Whether we’re playing on the Blue, Red, or Purple team, we oft-times get comfortable with our true and tried techniques and methodologies. If X then Y.
The threat landscape is advancing rapidly and so must our techniques and methodologies. We must remain fluid and adaptable as opposed to being stiff and rigid.
5. I inherit the results of my acts of body, speech, and mind. The actions and contributions that I take and make as a bug-bounty hunter, threat hunter, or cybersecurity professional are all my continuation.
Whether we remember or forget the above four, ultimately, our actions and our contributions will be our karma. Only we as collective or individual practitioners in our field, are the deciders of what this karma will manifest itself out to be. Our individual systems, our companies, and the security of our nation’s infrastructure, it’s all in our hands.
What we do towards evolving in the field, the words we put out into the community in the form of courses, research, videos, posts to social media platforms, and so forth, will be the evidence of our continuation. Where we are today, and what we are contributing in this field towards making a better tomorrow, all bear witness to this.
Finally, regardless of whether you are the religious type or not, my only intention as both a practitioner of Zen and a cybersecurity professional is to provide you with a gem that has extremely benefited me along my journey in the field at times when I feel overwhelmed.
If this has benefited you in any way and you’d like to receive more articles like this in the future, by all means please subscribe and follow.
Thank you for reading. Namaste!
Hack on, Ladz & Gentz!