Hacking has always been a superficial concept in the mind of every beginner and in general anyone outside the infosec (information security) community. Since this is my first article in the domain of cybersecurity, I’ll try to keep things simple and introductory about what hacking really means and a slight introduction to the binary hacking which is one among many other domains in the world of information security.
Expected Audience — Absolute Beginners !
What the heck is a hack ?
Hacking is interacting with something to identify its weakness and then taking advantage of that weakness to make it do things it is not intended to do. Lets get this into more simple terms -
Consider a situation where you locked your house (which can only be opened either from a key or by a person inside the house) and went for a wonderful lonely night walk. Since you are a smart but careless person, you dropped your key somewhere and now you are locked out of your own house. You start to think about all possible solutions which may let you enter your house and have a good night sleep. You start checking for windows of the house and get lucky with one of the windows kept unlocked. You enter through that window, give yourself a treat and sleep like a baby.
You are a pirate
In the above situation, you started to think like a thief and broke into your own house. You took advantage of the weakness/loophole (keeping one of the window unlocked) which lead your home to a breach (albeit by you). You build space for windows keeping ventilation/sunlight in mind but it had an unintended use of allowing a person to enter the house without permissions (if kept unlocked).
This indeed is a hack performed by you in this situation. I hope some of it got clear (at least at the logically level) of what it means to hack something.
Mama I’m a criminal, am I?
You probably might have related hacking with criminal activities. What I personally think is, to secure anything you should have a breaking attitude. People are divided into many groups in the infosec world. Two of the most common one’s are -
- Black Hat — These are people or group of people who break into systems with an intent to steal, destroy or modify data to make the target unusable or personal benefits.
- White Hat — These are people or group of people who break into systems with an intent to make the systems more secure by letting the responsibly disclosing the weaknesses to the respective organizations.
However, according to my perspective the intentions matter more than these definitions do!
To understand the articles/papers and get started, the least you should have is a decent infosec vocabulary. I’ve tried to explain some terms which you’ll come across most frequently, in the simplest way I could think of —
- Reconnaissance — It is generally the first stage of cyber kill-chain. It simply means gathering information about a target you are planning to compromise.
- Vulnerability — It refers to the weakness/loophole in system which allows the attacker to take over the system.
- Attack Surface — To hack anything we have to interact with it. Attack surface is the total number of points (interface) allowing you to interact with the target further leading to a security breach.
- Exploit — It is the piece of code which takes advantage of a particular weakness in the software-system. It can be thought of as a hammer used to break a brick (target).
- Shellcode — It is the gift wrapped with an exploit. It is a sequence of machine instruction (hexadecimal bytes)(crafted by an attacker) which can be directly executed by the CPU after it is somehow injected into memory. All what a exploit code does is inject the shellcode into memory and somehow execute it. This is sometimes referred to as payload of the exploit.
- Post-Exploitation — It is what happens after the attacker successfully gains access/compromises to the system. It constitutes of effect caused by malwares (viruses, spywares, adwares, keyloggers etc.).
Hacking with computers ?
Mommy, this abstract understanding of general hacking is cool, but what hacking with computers really is ??
Cyber security being a diverse domain of computer science deals with many subdomains within itself —
- Web Application Pentesting
- Binary Exploitation
- Revere Engineering
- Digital Forensics
- Network Security
- Penetration Testing
… and many more
Meticulously, I spend my time in low-level security domains. So, that’s what I can talk about in detail.
I’ll try to explain in as simple language as possible. A program is executed by the CPU in a sequential manner (one instruction after another). In a typical binary exploitation scenario, the attacker is an end user who provides maliciously crafted input to the program which is not able to handle it at first and leads the program to a crash. The attacker then tries to craft the input in such a way that the crash is handled perfectly and the program’s flow of execution is transferred to the shellcode (see the vocabulary section) and it gets executed. On the execution of shellcode, the attacker may be able to get access to the system as an administrator or may leave a backdoor opened or theoretically whatever attacker wants the system to do (depends on the shellcode crafted).
Binary hacking particularly deals with bugs in softwares which leads to memory corruption. I’ll talk more about it in upcoming articles.