Ready to squash some bugs?
In this development tutorial, John Rigneyco-founder and CTO of Locust Point, a Baltimore-based cybersecurity talent training company Dot3 Securityexplains how to get into cybersecurity using an in-company training and screening module CLIMBING Talent Screening Platform. It also shows how a cybersecurity professional can reverse engineer a hacking exploit with the NSA– developed an open source tool GHIDRA.
We start with the “Hello, World!” cybersecurity: stack buffer overflow. The idea is that you send too much information in a buffer and it causes a crash. Too much information can be a long string of uppercase A’s or too many zeros. Either input causes a crash that a hacker can exploit.
The following excerpt, taken from the longer video at the end of the article, provides an explanation of the code error that breaks the text adventure that ESCALATE uses in its test module, which may lead to issues stack buffer overflow.
Rigney uses GHIDRA in the excerpt above. binary ninja is another tool used to reverse exploits used by hackers.
Rigney participated in the NSA Cooperative Education program during his stay at University of Kentucky. This experience, during which he put into practice the theory learned at school, inspired his love for cybersecurity. This same appreciation of practical knowledge and application is the basis upon which ESCALATE talent selection is based.
If you’re less inclined to go the college and co-op route, there are “bug bounty” programs that pay out a financial reward when a vulnerability is discovered in a company’s software. Most major technology companies, from Meta for Microsoft for google, use such programs. Finding these vulnerabilities themselves can be profitable; they can also help with a CV through the Common Vulnerabilities and Exposures (CVE) system, which provides a CVE number whenever a bug is found. Think of a CVE number like a patent number or a benchmark list of resolved cybersecurity issues.
Below, watch the full video of Rigney using the company’s ESCALATE Talent Screening software to demonstrate and teach how a cybersecurity professional would reverse engineer a stack buffer overflow issue in code.
Donte Kirby is a 2020-2022 corps member of Report for America, an initiative of The Groundtruth Project that pairs young journalists with local newsrooms. This position is supported by the Robert W. Deutsch Foundation. -30-