Jiu Jitsu vs InfoSec: Attack from Defense

Tim MalcomVetter
Jul 20, 2017 · 2 min read

This is part of a series comparing Jiu Jitsu with InfoSec.

In BJJ, it’s possible and likely probable that a blue belt in a street fight can submit and subdue their attacker from a position that the attacker and any onlooker unfamiliar with BJJ may think is unfavorable. YouTube is full of videos, especially from the early days of the Gracie family competing in the U.S., that show exactly this — a trained fighter in another martial art winds up on the ground, where they are not trained, but on top of the BJJ player who then submits them. An opponent can be choked out while mounted on top of a trained BJJ practitioner in a sense of false security.

In InfoSec, defense can attack and win from what appears to be an unfavorable position. And no, this doesn’t have anything to do with the “hack back” laws (the attribution problem would take pages and pages to discuss properly). Some recent examples: researchers reverse engineered the Mirai botnet code, discovered a vulnerability, and exploited it to shut down the botnet; a malware analyst discovered that registering a DNS domain name would cause a worm to end execution; cryptanalysts found flaws in ransomware cryptography and derived decryption keys for victims so they wouldn’t have to pay the ransom; organizations have deployed subtle “canaries” (when the canary in the coalmine stopped singing it was a sign of a ventilation problem and that miners should react immediately) or “honeypots” that tip off the defenders of the presence of attackers; defenders allowed infected computers to continue to operate so that they could learn more about their attackers and ultimately trace back the main entry point. These are ways where InfoSec defense went on the offense to achieve a security outcome.

The untrained eye might perceive you are in a bad position — find a way to exploit that position to your benefit. Better still: prepare for it through training.

Read more: Jiu Jitsu vs InfoSec: Positional Sparring

)

Tim MalcomVetter

Written by

Red Team Leader at Fortune 1. I left my clever profile in my other social network: https://www.linkedin.com/in/malcomvetter

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade