Ready to squash some bugs?
In this development tutorial, John Rigney, cofounder and CTO of Locust Point, Baltimore-based cybersecurity talent training company Point3 Security, explains how to get into cybersecurity using a training and screening module in the company’s ESCALATE Talent Screening platform. He also shows how a cybersecurity professional can reverse engineer a hacking exploit with the NSA-developed opens source tool GHIDRA.
We’re starting off with the “Hello, World!” of cybersecurity: stack buffer overflow. The idea is that you send too much information into a buffer and it causes a crash. Too much information could be a long string of capital As or too many zeroes. Whatever the input, it causes a crash that a hacker can exploit.
The following excerpt, from the longer video at the article’s end, features an explanation of the code error that breaks the text adventure ESCALATE uses in its testing module, which can lead to stack buffer overflow issues.
Rigney is using GHIDRA in the excerpt above. Binary Ninja is another tool used to reverse engineer exploits hackers use.
Rigney participated in the NSA Cooperative Education program during his time at the University of Kentucky. That experience, in which he saw the theory he learned at school in practice, inspired his love for cybersecurity. That same appreciation for practical knowledge and application is the foundation upon which the ESCALATE Talent Screening is built.
If you’re less inclined to take the university and co-op route, there are “bug bounty” programs that pay a financial reward when a vulnerability is found in a company’s software. Most major tech corporations, from Meta to Microsoft to Google, use such programs. Finding these vulnerabilities themselves can be profitable; they can also help a resume through the Common Vulnerabilities and Exposures (CVE) system, which provides a CVE number whenever a bug is found. Think of a CVE number as a patent number or a reference list of cybersecurity problems solved.
Below, check out the full video of Rigney using the company’s ESCALATE Talent Screening software to demonstrate and teach how a cybersecurity professional would reverse engineer a stack buffer overflow issue in code.
Donte Kirby is a 2020-2022 corps member for Report for America, an initiative of The Groundtruth Project that pairs young journalists with local newsrooms. This position is supported by the Robert W. Deutsch Foundation.