Ready to squash some bugs?
In this development tutorial, John Rigney, cofounder and CTO of Locust Point, Baltimore-based cybersecurity talent training company Point3 Security, explains how to get into cybersecurity using a training and screening module in the company’s ESCALATE Talent Screening platform. He also shows how a cybersecurity professional can reverse engineer a hacking exploit with the NSA-developed opens source tool GHIDRA.
We’re starting off with the “Hello, World!” of cybersecurity: stack buffer overflow. The idea is that you send too much information into a buffer and it causes a crash. Too much information could be a long string of capital As or too many zeroes. Whatever the input, it causes a crash that a hacker can exploit.
The following excerpt, from the longer video at the article’s end, features an explanation of the code error that breaks the text adventure ESCALATE uses in its testing module, which can lead to stack buffer overflow issues.
Rigney is using GHIDRA in the excerpt above. Binary Ninja is another tool used to reverse engineer exploits hackers use.
Rigney participated in the NSA Cooperative Education program during his time at the University of Kentucky. That experience, in which he saw the theory he learned at school in practice, inspired his love for cybersecurity. That same appreciation for practical knowledge and application is the foundation upon which the ESCALATE Talent Screening is built.
If you’re less inclined to take the university and co-op route, there are “bug bounty” programs that pay a financial reward when a vulnerability is found in a company’s software. Most major tech corporations, from Meta to Microsoft to Google, use such programs. Finding these vulnerabilities themselves can be profitable; they can also help a resume through the Common Vulnerabilities and Exposures (CVE) system, which provides a CVE number whenever a bug is found. Think of a CVE number as a patent number or a reference list of cybersecurity problems solved.
Below, check out the full video of Rigney using the company’s ESCALATE Talent Screening software to demonstrate and teach how a cybersecurity professional would reverse engineer a stack buffer overflow issue in code.
Donte Kirby is a 2020-2022 corps member for Report for America, an initiative of The Groundtruth Project that pairs young journalists with local newsrooms. This position is supported by the Robert W. Deutsch Foundation.Before you go...
Please consider supporting Technical.ly to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.
3 ways to support our work:- Contribute to the Journalism Fund. Charitable giving ensures our information remains free and accessible for residents to discover workforce programs and entrepreneurship pathways. This includes philanthropic grants and individual tax-deductible donations from readers like you.
- Use our Preferred Partners. Our directory of vetted providers offers high-quality recommendations for services our readers need, and each referral supports our journalism.
- Use our services. If you need entrepreneurs and tech leaders to buy your services, are seeking technologists to hire or want more professionals to know about your ecosystem, Technical.ly has the biggest and most engaged audience in the mid-Atlantic. We help companies tell their stories and answer big questions to meet and serve our community.
Join our growing Slack community
Join 5,000 tech professionals and entrepreneurs in our community Slack today!