How the Best Security Hackers Learn Their Craft

In this article, we explore how top cybersecurity hackers acquire their skills. You will also learn how you can develop these abilities and reach their level.

How the Best Security Hackers Learn Their Craft

Intro: The Game-Changing Path To Be an Expert Security Hacker

How do the best security hackers learn their craft? I have been thinking about this for a lot of time. By hackers, I don't mean people who break others' websites commit access fraud or theft.

By hacker, I mean people who can exploit security vulnerabilities in systems, like hacking into networks or devices to uncover weaknesses and help to secure these devices through disclosure.

Generally, if we buy an iPhone or Android we are trapped in the app ecosystem. But hackers can get free from these ecosystems. They can make the phone do something that it's not supposed to do.

Looking into high-performance hackers you can figure out that there is a system using which you also can be a high-performance hacker. There is also a way to build high-performance teams and computer security hacking talent.

Here are two hackers who are real inspiration

Famous Security Hackers Who Became Experts at a Young Age

George Hotz

Georeg Hotz is the current President comma_ai. is known for developing iOS jailbreaks, and reverse engineering the PlayStation 3. He successfully managed to remove the lock that provided AT&T sole rights to the very first Apple iPhone. This was the first iPhone jailbreak.
image

This hack (although it is reported it took 4 people 500 hours to develop), enabled any SIM Card on any Carrier across the world to use and enjoy Apple’s iPhone.He also has many Zero-days in companies like Adobe, Firefox, etc.

A zero-day vulnerability is an undiscovered flaw in an application or operating system. It becomes a gap in security for which there is no defense or patch because the software developer doesn't know it exists. When software vendors and cybersecurity researchers discover a zero-day vulnerability, they act quickly to design and implement a security patch.

Richard Zhu

Pwn2Own is a worldwide hacking contest. The rules are that you will be given a laptop with an up-to-date operating system. There are no known vulnerabilities in this. Your goal is to break into this laptop and find new Zero days. Then you need to demonstrate how you can maintain persistence.

Richard Zhu is one of the youngest pwn2Own winners. He teamed up with Amat Cama to find exploits in many systems. They have been crowned the Master of Pwn for 2019. Their research earned them $375,000 over the contest.

image

When the zero day is found it is passed on to vendors. They patch these products and make the product safe.

What we are all curious to know is how these people get to that level.

How Expert Hackers Use Games To Master Skills.

One of the many ways to learn these skills is through hacking contests where teams of hackers battle. These are games built by hackers for hackers.

Defcon is one such event where hackers like George and Richard compete over their skills, to break into others and defend themselves.

Gamified Security Challenges or CTFs

These hacking competitions are called CTFs (Capture the Flags). These challenges gamify learning about computer safety and add a lot of fun.

The person will be given a challenge and their goal is to solve the challenge. For solving they are needed to avail a flag that is a text token that shows they know the solution. You can use external tools and google for help. There are no other major restrictions. But you are not allowed to hack the CTF infrastructure.

There are many types of CTF challenges. The most basic ones are the Jeopardy-style CTFs.

Jeopardy-Style CTFs: Learning the Essential

It starts with a set of categories that come under basic hacking skills. They are Cryptography, Forensics, exploration, and Reverse engineering. As the game starts you will be presented with more and more difficult challenges.

You will be given a problem that is a little bit out of your reach. Then you need to research, google, trial and error, and get to the flag.

After that challenge, you will be presented with a little more difficult challenge, and then as you go up the challenges become incrementally more difficult. This is how Jeopardy's style works.

This is also similar to how you take a mathematics course for example. You will be introduced to more and more complex topics and you learn them one by one.

There are many CTF that run annually every year. Some of them are :

Some of the best CTF platforms for practicing your skills are :

Here are some ideas to set up your own CTFs.

Designing CTFs: How to Grow Hacking Talent Around You

There are 3 principles you have to take care of if you want to build good hacker talent within your organization.

1. Applied Deliberate Practice

We need to give the students ample time to practice and get to know the basics. In CTFs, we give the student challenge after challenge. This gives them familiarity and insight. They will get to understand a feel for computer security.

image

2. Autodidactic Learning

We need to set up the challenge so that we allow the students to research themselves and solve it. They should be in the mindset that they don't know everything, but they can figure it out.

3. Creative Problem Solving

Hacking is about thinking outside the box and doing things that no one has done before. In CTFs, students are presented with problems that require innovative solutions. There are often more than ways to solve the problem.

Let's see some of the examples of how these ctf challenges look, what to expect, and how to approach them.

Getting the Taste of CTF: Creative Problem Solving

Let's try out a basic buffer-overflow CTF challenge.

A buffer overflow happens when more data is written to a buffer, such as a string or an array, than it can hold, causing the excess data to overwrite adjacent memory. These are often found in c language. Many c functions are vulnerable to buffer overflows. Let's try out such a binary exploitation problem from the PicoCTF platform to get us started.

Let's see what the challenge is up to:

image

Let's see what happens when we do the netcat command:

image

It gives us a demo program to buy stocks. Let's look into the source code provided for the challenge vuln.c. Looking at the main function we find there are two functions called buy_stonks and view_portfolio

int main(int argc, char *argv[])
{
	setbuf(stdout, NULL);
	srand(time(NULL));
	Portfolio *p = initialize_portfolio();
	if (!p) {
		printf("Memory failure\n");
		exit(1);
	}
	int resp = 0;
	printf("Welcome back to the trading app!\n\n");
	printf("What would you like to do?\n");
	printf("1) Buy some stonks!\n");
	printf("2) View my portfolio\n");
	scanf("%d", &resp);
	if (resp == 1) {
		buy_stonks(p);
	} else if (resp == 2) {
		view_portfolio(p);
	}
	free_portfolio(p);
	printf("Goodbye!\n");
	exit(0);
}

Here if we provide the input as 1 the program will execute buy_stonks(). If the input is 2 it will execute view_portfolio().

Let's dig deeper into these functions, especially the buy_stonks():

int buy_stonks(Portfolio *p) {
	if (!p) {
		return 1;
	}
	char api_buf[FLAG_BUFFER];
	FILE *f = fopen("api","r");
	if (!f) {
		printf("Flag file not found. Contact an admin.\n");
		exit(1);
	}
	fgets(api_buf, FLAG_BUFFER, f);

Here we see that the flag is getting read each time we run the buy_stoncks function. It's getting stored in a stack.

	int money = p->money;
	int shares = 0;
	Stonk *temp = NULL;
	printf("Using patented AI algorithms to buy stonks\n");
	while (money > 0) {
		shares = (rand() % money) + 1;
		temp = pick_symbol_with_AI(shares);
		temp->next = p->head;
		p->head = temp;
		money -= shares;
	}
	printf("Stonks chosen\n");

Then we have some random shares generation code.

	char *user_buf = malloc(300 + 1);
	printf("What is your API token?\n");
	scanf("%300s", user_buf);
	printf("Buying stonks with token:\n");
	printf(user_buf);
	view_portfolio(p);

	return 0;
}

At last, we have and dialogue to provide an API key into the function. There are some common printf statements to show what API key we gave to the program.

We need to find a weak spot to attack this system to give us the flag information. We need to find a vulnerable function. The vulnerable function that we need is the printf(user_buffer).

Since it's not in a quotation mark printf() is prone to format string vulnerability. We can inject format string values that will return values in the memory. We can try giving a lot of %x which will return values in the stack. (You can give %p a try)

image

Several inbuilt functions in C are vulnerable to Buffer Overflow attacks such as gets(), strcpy(), and gets().

Let's try to convert the hex back to a string using cyberchef:

image

We find that the flag is in reverse order. We can use swap endians to fix that by reordering the bytes.

image

That's the flag for the problem. We first found that the buy stocks had a stack-based format string vulnerability in the printf() function. We added lots of %x to overflow the stack which returned hexadecimal values.

On converting the hexadecimal to string we found that there is a flag token that was rearranged. After some rearrangement of the hexadecimal values, we got the actual flag. On the way, we learned about format string vulnerabilities, and how to find and exploit them.

1 powerful reason a day nudging you to read
so that you can read more, and level up in life.

Sent throughout the year. Absolutely FREE.

Hack or Get-Hacked: Attack Defence Style CTFs

Everyone starts with the knowledge of basic awareness. If you want to raise awareness then jeopardy-style CTFs are the best to use. We ask the people to solve small micro problems.

It gives them room to learn the fundamentals. When you get to the top level you move beyond the Jeopardy-style to Attack-defence style CTFs

Here you work in teams. the goal is to exploit all the other teams in the network. You have to defend yourself at the same time. Here you need to apply a good strategy to find the weakest links and exploit them.

The task is to find the vulnerabilities, then protect your services, attack the services of other teams, and steal some secret information (flags).

image

If you are starting out you should not go for attack-defense because you have very little room to grow and learn. It's more competitive than Jeopardy style.

Here is an attack defense ctf you can try https://tryhackme.com/games/koth

Conclusion: How To Find Next Upcoming CTFs

You can find CTFs from the official website for global CTFs called ctftime https://ctftime.org/

You can find and make teams with fellow hackers joining the discord channels of ctfs. Hope to see you around. Thanks for the read.

FeedZap: Read 2X Books This Year

FeedZap helps you consume your books through a healthy, snackable feed, so that you can read more with less time, effort and energy.