Creativity : The only real Hacking tool

this a post from my old blog, i wanted to add it to this one because I really enjoyed writting it :)

People use hacking tools because they believe it helps them hack, but in actual fact a lot of the times all they are doing
Is helping you, convince yourself that YOU are performing a hack.

Let me elaborate, hacking is not when you fire up sqlmap and feed it a URL hoping that you'll find an injection point without knowing anything about SQL or web scripting or the architecture of web applications. In this case all you are doing Is wasting your time and exercising someone's Web application Firewall.

To truly become a hacker is to exercise something no WAF or security patch can logically be prepared for and this is Creativity.
Hack tools are not for hacking, they are designed to make hacking easier not to fully orchestrate a hack. Why I say this because penetration testers, web developers and information Security consultants already know about the tools you are using and THEY themselves are using tools to protect information in the same way. So how do you get around this? How do you catch them off guard EVERYTIME? By being something that most of them aren' bring CREATIVE!!

The only hacking tool you will ever really need is your mind!!

How do you begin?

Should you want to become proficient at hacking a given technology, say Network based hacking? What most people do is Google something like "Network based hacking" or the run over to exploit-db or or something, sure you'll find some cool techniques, but these techniques are being found by the people who you are trying to attack in the same way, probability suggests that a security consultant may even be Googling the exact same thing when you are, or using the same information sources.

What you need to do is first try to understand the technology as much as you possibly can. Read some RFCs, Manuals set up your own Hacking lab, try to understand the technology and its weaknesses better and more originally than the Security consultants or Auditors, they can only be so dedicated to understanding the technology, their training can only be so extensive, the real hack is to overcome their understanding of the technology.

Once you have done that, they will never be able to stop you because you will be relying on something that exploit-db , phrack or other hacking references will never have, your Creativity!!!
Thanks for reading,
Keep hacking!!!
And don't just learn to hack learn to hack the way you learn.