This essay was written by me, Brandon Nolet, in the context that the general public just has absolutely no fucking idea what hacking actually is.
What is Hacking Not?
Hacking is not downloading a bunch of software that exploits other systems. Hacking is certainly not just pressing a few buttons. Hacking most definitely not just knowing the exploits of a given system.
You can hack this way but you’re not the one doing the hacking here. The actual work has mostly been done by someone else. I won’t go too far into “you’re not the one hacking” because that’s not the point here.
Nothing and Nobody is Perfect
Not even the people who make software distributed by multi-billion dollar companies. One could argue that the potential for hacking is even greater in these pieces of software simply because there’s a greater surface area available for attack. A greater surface area means more chances for the developers to fuck up the security in their code.
The hacks that “hackers” use are made to exploit these types of flaws in the system. Usually they’re weird bugs with a certain way a function exits or some type of input wasn’t properly validate to not include “illegal characters”. Oftentimes they’ll just be buffer overflows where data is written to a part of RAM that it wasn’t supposed to write to.
The exploits that exist are not something that’s mentioned in first-party documentation and nor are they part of any educational course that you might find on mooc websites. The exploits are hidden. Most of the time you won’t find them by accident or because of some random occurrence. Accidents and random occurrences are usually glitches or minor bugs that don’t largely affect the function of the program (at least not in a way that we’re looking for).
Most hacking comes from knowing the fundamentals about how a system is designed and how a system behaves under certain circumstances. From there you would try and play outside the boundaries of those designs. By knowing how a system functions you can skip wasting your time actually using the program how it was designed enough to happen upon a mistake.
For example, a person who wants to hack Facebook (as if you can really do such a thing) would have much more luck doing so having developed applications and extensions to Facebook’s api rather than just looking up (probably expired) exploits for the platform. Besides, you’d be more likely to hack the people on Facebook through social engineering than going with actual code.
If you want to learn how to be a hacker, it’s not about picking up a book or two on hacking and much more about knowing how systems/software function at a fundamental level.