Agreed. However, in a formal penetration testing engagement, the tester will usually only record and document their exact steps because they have to provide a detailed report to their client. This hacker didn't have that same obligation. I'm speculating that he is probably a habitual note taker. In this way, if he ever comes across similar challenges when attacking a new target, he has his notes to refer to.
I was curious to read this piece to see how closely the approach, techniques and tools he uses compare to how penetration testers are formally trained in the info sec industry. For what it's worth, the methodology in terms of reconnaissance, privilege escalation and lateral movement within the network are typical. Also, most of the tool set he uses (e.g. mimikatz, responder, meterpreter, powersploit, psexec) are part of any good penetration tester's arsenal.
I'm not trying to down play the achievement though. He is clearly very skilled and knowledgeable. Of particular note, it seems that the initial intrusion was only possible because 'after about two weeks of reverse engineering, I discovered a remote root exploit' in an embedded system. He doesn't provide technical details of the exploit but finding a 0-day in an embedded system is usually far from child's play.
I was curious to read this piece to see how closely the approach, techniques and tools he uses compare to how penetration testers are formally trained in the info sec industry. For what it's worth, the methodology in terms of reconnaissance, privilege escalation and lateral movement within the network are typical. Also, most of the tool set he uses (e.g. mimikatz, responder, meterpreter, powersploit, psexec) are part of any good penetration tester's arsenal.
I'm not trying to down play the achievement though. He is clearly very skilled and knowledgeable. Of particular note, it seems that the initial intrusion was only possible because 'after about two weeks of reverse engineering, I discovered a remote root exploit' in an embedded system. He doesn't provide technical details of the exploit but finding a 0-day in an embedded system is usually far from child's play.