Is learning Games Hacking useful?
#1
Hey,

This is my first thread(but I've been lurking for a couple of weeks lol), hope this is the right place to post.

Overall I am interested in learning Network Hacking and Exploit/Malware Development. I'm still a noob though.

I came across a book called "Game Hacking: Developing Autonomous Bots for Online Games" seems to cover a lot of cool stuff like WinApi - Read/WriteProcessMemory, DLL Injection, x86, OllyDbg etc...

My question is - Can I transfer the skills from games hacking over to exploiting/writing malware for Windows environments and software?

I am aware of the the Corelan tutorials(Which I plan on doing) but also looking for some more up to date sources on Windows exploitation.

Currently reading - Windows 10 Systems Programming and Windows Internals 7 Pt 1.

In the spirit of giving and not only taking, here is a link to the pdf for the book - https://b-ok.cc/book/2873372/c1768e

Thanks
Reply
#2
(06-08-2020, 12:53 PM)Bass_R33v3s Wrote: Hey,

This is my first thread(but I've been lurking for a couple of weeks lol), hope this is the right place to post.

Overall I am interested in learning Network Hacking and Exploit/Malware Development. I'm still a noob though.

I came across a book called "Game Hacking: Developing Autonomous Bots for Online Games" seems to cover a lot of cool stuff like WinApi - Read/WriteProcessMemory, DLL Injection, x86, OllyDbg etc...

My question is - Can I transfer the skills from games hacking over to exploiting/writing malware for Windows environments and software?

I am aware of the the Corelan tutorials(Which I plan on doing) but also looking for some more up to date sources on Windows exploitation.

Currently reading - Windows 10 Systems Programming and Windows Internals 7 Pt 1.

In the spirit of giving and not only taking, here is a link to the pdf for the book - https://b-ok.cc/book/2873372/c1768e

Thanks
 
Can you transfer game hacking over to exploit devving/malware devving? Well yes and no. The broader concepts you could probably transfer over. But there's a few ways that the two areas differ. First, your objectives in game hacking and exploit dev/malware dev are pretty different. In game hacking you're trying to make the game or system do something specific. In game hacking it's about making the game do something that affects the game or gives you more access to the game's host system. In exploit development you're trying to get access to the system, make the system leak information, or make a DoS condition (in general). Malware dev depends on your intent but you're probably trying to either have covert control over the system itself, get information, or get money (ransomware and adware). The three require different but possibly overlapping skill sets. My opinion is that they're just too different. I might be wrong of course.
 
I'm interested in network hacking and malware dev as well. Keep in mind that programming knowledge alone won't make you a malware dev. Programmers could make a program that enabled remote access for instance, but to stay hidden and evade defenses you need to also know how the OS works in order to use it and hide in it and how defenses are evaded so you don't get caught by software or a user.
Reply
#3
Although dismal is right, I think that a lot of the contents applied in game hacking are useful in malware dev/reverse engineering. Specially if you got for more interesting pieces of malware.

Understanding memory, using DDLs to stick to processes, reversing pieces of software to use exploits and evading control mechanisms are some examples of things that are common in both worlds.

Most of the malware you find out there are based on basic RATs and crypto miners, you can "make" your malware based on those tools, but more serious pieces of malware really take into account evasion, persistence and ways to be silent.

One of the cool pieces of malware I really like is FinFisher, basically a RAT for the governments. It uses a VM and reversing it is a bit different than common scripts you find out there.
You can see a reverse engineer done by ESET in this link, pretty cool stuff.
https://www.welivesecurity.com/wp-conten...Fisher.pdf

In a nut shell, I would totally encourage you to follow that path, in my opinion a lot of concepts apply to malware.
Reply
#4
(06-08-2020, 05:54 PM)Dismal_0x8 Wrote:  
Can you transfer game hacking over to exploit devving/malware devving? Well yes and no. The broader concepts you could probably transfer over. But there's a few ways that the two areas differ. First, your objectives in game hacking and exploit dev/malware dev are pretty different. In game hacking you're trying to make the game or system do something specific. In game hacking it's about making the game do something that affects the game or gives you more access to the game's host system. In exploit development you're trying to get access to the system, make the system leak information, or make a DoS condition (in general). Malware dev depends on your intent but you're probably trying to either have covert control over the system itself, get information, or get money (ransomware and adware). The three require different but possibly overlapping skill sets. My opinion is that they're just too different. I might be wrong of course.
 
I'm interested in network hacking and malware dev as well. Keep in mind that programming knowledge alone won't make you a malware dev. Programmers could make a program that enabled remote access for instance, but to stay hidden and evade defenses you need to also know how the OS works in order to use it and hide in it and how defenses are evaded so you don't get caught by software or a user.

Thanks for the indepth reply, exactly the type of perspective I needed. Maybe I'm better off reading something like Rootkit Arsenal (2nd edition) instead. It covers it covers evasion etc, although the material is quite dated I've heard. I'm sure the fundamental concepts are the same.

(06-08-2020, 06:39 PM)enmafia2 Wrote: Although dismal is right, I think that a lot of the contents applied in game hacking are useful in malware dev/reverse engineering. Specially if you got for more interesting pieces of malware.

Understanding memory, using DDLs to stick to processes, reversing pieces of software to use exploits and evading control mechanisms are some examples of things that are common in both worlds.

Most of the malware you find out there are based on basic RATs and crypto miners, you can "make" your malware based on those tools, but more serious pieces of malware really take into account evasion, persistence and ways to be silent.

One of the cool pieces of malware I really like is FinFisher, basically a RAT for the governments. It uses a VM and reversing it is a bit different than common scripts you find out there.
You can see a reverse engineer done by ESET in this link, pretty cool stuff.
https://www.welivesecurity.com/wp-conten...Fisher.pdf

In a nut shell, I would totally encourage you to follow that path, in my opinion a lot of concepts apply to malware.

Thanks for this reply, great to have an opposing opinion. I reckon I'll look for some something more Windows Exploit Dev related for now but will definitely go back to the book as game hacking has always been something of interest to me.

Thanks for the pdf, will definitely give it a read!
Reply
#5
(06-08-2020, 12:53 PM)Bass_R33v3s Wrote: Hey,

This is my first thread(but I've been lurking for a couple of weeks lol), hope this is the right place to post.

Overall I am interested in learning Network Hacking and Exploit/Malware Development. I'm still a noob though.

I came across a book called "Game Hacking: Developing Autonomous Bots for Online Games" seems to cover a lot of cool stuff like WinApi - Read/WriteProcessMemory, DLL Injection, x86, OllyDbg etc...

My question is - Can I transfer the skills from games hacking over to exploiting/writing malware for Windows environments and software?

Welcome to GreySec Smile Glad you decided to post! I don't have any big experiences of exploit development; although I'm in the progress of learning this. Be sure to check out exploit dev section: https://greysec.net/forumdisplay.php?fid=46 I'll probably put up a section for malware dev soon as well.

But for malware dev: Yes I think functions like WinAPI and Read/WriteProcessMemory and DLL Injection will be useful for Malware dev. We have many threads for this.
x86 is definitely useful for exploit development, learning some basic assembly will do you good there.
Not sure about OllyDbg but this one is good if you ever decided to try reverse engineering.

I reckon some of our more knowledgeable people on this will have more to say like @Dropzone but I recommend you to check out his thread and podcast which covers a lot of great things on how to get into exploit development and which pre--requestive knowledge which will be good to pick up first. See: https://greysec.net/showthread.php?tid=6700

(06-08-2020, 12:53 PM)Bass_R33v3s Wrote: I am aware of the the Corelan tutorials(Which I plan on doing) but also looking for some more up to date sources on Windows exploitation.

You need to know the basics and foundations before going after the more complex areas. But for more update exploitation you could look into on bypassing overflow protection like DEP. Using ROP - Return oriented programming and other things. I have a thread on this, although @Dropzone pretty much cover it: https://greysec.net/showthread.php?tid=6721

(06-08-2020, 12:53 PM)Bass_R33v3s Wrote: Currently reading - Windows 10 Systems Programming and Windows Internals 7 Pt 1.

I have this book as well, also waiting for preorder on Windows internals Pt 2 (7th edition). Just from experience and talking with others. It isn't exactly the book to go back to back with. But rather a very good reference book, use it for skimming through when I'm in a bind in Windows API. But yeah, good books for learning windows internals! Smile
Reply
#6
Also. Here's a bunch of good threads for learning Malware dev! Really no right or wrong ways to approach it.

General Malware threads
Malware Megathread: https://greysec.net/showthread.php?tid=2451
How do I learn malware coding (reiterating my point though, I'm currrently learning malware dev. But I'm in no way a master of C or assembly. Just playing around with Python): https://greysec.net/showthread.php?tid=6825
CIA Vault7 Leak - Development Tradecraft DOs and DON'Ts: https://greysec.net/showthread.php?tid=6806

Bypassing AV
Bypassing antivirus mechanics - https://greysec.net/showthread.php?tid=6805
Basics on Crypters and Binders - https://greysec.net/showthread.php?tid=6814
A Cookbook To Your Very Own Crypter - https://greysec.net/showthread.php?tid=6981
Reply
#7
(06-09-2020, 01:07 AM)Insider Wrote: Also. Here's a bunch of good threads for learning Malware dev! Really no right or wrong ways to approach it.

General Malware threads
Malware Megathread: https://greysec.net/showthread.php?tid=2451
How do I learn malware coding (reiterating my point though, I'm currrently learning malware dev. But I'm in no way a master of C or assembly. Just playing around with Python): https://greysec.net/showthread.php?tid=6825
CIA Vault7 Leak - Development Tradecraft DOs and DON'Ts: https://greysec.net/showthread.php?tid=6806

Bypassing AV
Bypassing antivirus mechanics - https://greysec.net/showthread.php?tid=6805
Basics on Crypters and Binders - https://greysec.net/showthread.php?tid=6814
A Cookbook To Your Very Own Crypter - https://greysec.net/showthread.php?tid=6981

Thanks for all the info!  Big Grin
Reply
#8
At a high level there is some overlap. A lot of reverse engineers and exploit devs actually start out in game hacking and RE. Its not a bad way to learn some of the foundational knowledge you'd need for those fields. Its less relevant for malware which is largely just an endevor in software development, still some overlap though and similar required knowledge if you get into anti-reversing/debugging/detection stuff.

One of the foundational things you need to understand before getting good at exploit dev or RE is how software works as a fairly low level, understanding how things work at a CPU level (or atleast the interface the CPU exposes, microcode knowledge isn't really necessary in the general sense). You're absolutely going to start gaining a sense of this as you work on reverse engineering the game to hack on it, finding where things are in memory and all that fun stuff.

Its also a natural motivator, choose a game you're interested in and just have at it, you'll struggle at first but you've got a clear goal and motivation to do something. Its a hard skill to just pick up without any motivating project I think thats a big reason why game hacking has been such an entry point to more technical areas.

Quote:I am aware of the the Corelan tutorials(Which I plan on doing) but also looking for some more up to date sources on Windows exploitation.

Two things, first, don't worry about findings up-to-date content until you've already got the foundational stuff down. the history of exploit dev techniques is basically a tower. You're still doing that same fundamental thing of getting control of the IP/PC register through the ability to write some piece of memory. As time has progressed, mitigations have been added that make the task more complicated, maybe limiting access to some easily overwritten pieces of memory, like stack canaries, or make it difficult to know where useful code to reuse is located with ASLR, or limited hte number of code blocks you can reuse with CFI. Each mitigation is generally tackled on its own and adds something to the final exploit rather than completely nullifying older techniques.

You start by learning the basic techniques, then you learn the techniques to dealing with whatever mitigation you're faced with.

Second, and it kinda follows, but don't worry about winows or linux at first. The foundation is the same, once you've reached the stage of understanding ROP style code-reuse attacks, and dealing with ASLR, then start focusing on your target. You'll generally find that the basics are usually taught on Linux, don't let that push you away from the resources t. Though there are plenty of good basic resources on windows too, I'm just saying don't avoid one because its linux. Ignoring the different mitigations (which you should tackle as you come across them directly) the differences between windows and linux exploits are not too hard to wrap your head around

Once you hit ROP and code-reuse attacks there basically are no centralized resources to learn from. What you do then is you start reading and working through existing writeups. You'll probably need to start a bit older but most writeups will atleast be accessible with some extra research. So choose an exploit someone has written up, and try to develop your own exploit for it, using the writeup for reference where needed. If you want to learn a particular mitigation defeat, you find an exploit that tackles it (sometimes harder than it seems since a POC often stops at ip/pc control and many mitigations make going from ip control to full code execution more difficult).
Reply
#9
(06-15-2020, 11:27 AM)dropzone Wrote: At a high level there is some overlap. A lot of reverse engineers and exploit devs actually start out in game hacking and RE. Its not a bad way to learn some of the foundational knowledge you'd need for those fields. Its less relevant for malware which is largely just an endevor in software development, still some overlap though and similar required knowledge if you get into anti-reversing/debugging/detection stuff.

Quote:I am aware of the the Corelan tutorials(Which I plan on doing) but also looking for some more up to date sources on Windows exploitation.

Two things, first, don't worry about findings up-to-date content until you've already got the foundational stuff down. the history of exploit dev techniques is basically a tower. You're still doing that same fundamental thing of getting control of the IP/PC register through the ability to write some piece of memory. As time has progressed, mitigations have been added that make the task more complicated, maybe limiting access to some easily overwritten pieces of memory, like stack canaries, or make it difficult to know where useful code to reuse is located with ASLR, or limited hte number of code blocks you can reuse with CFI. Each mitigation is generally tackled on its own and adds something to the final exploit rather than completely nullifying older techniques.

You start by learning the basic techniques, then you learn the techniques to dealing with whatever mitigation you're faced with.

Second, and it kinda follows, but don't worry about winows or linux at first. The foundation is the same, once you've reached the stage of understanding ROP style code-reuse attacks, and dealing with ASLR, then start focusing on your target. You'll generally find that the basics are usually taught on Linux, don't let that push you away from the resources t. Though there are plenty of good basic resources on windows too, I'm just saying don't avoid one because its linux. Ignoring the different mitigations (which you should tackle as you come across them directly) the differences between windows and linux exploits are not too hard to wrap your head around

Once you hit ROP and code-reuse attacks there basically are no centralized resources to learn from. What you do then is you start reading and working through existing writeups.  You'll probably need to start a bit older but most writeups will atleast be accessible with some extra research. So choose an exploit someone has written up, and try to develop your own exploit for it, using the writeup for reference where needed. If you want to learn a particular mitigation defeat, you find an exploit that tackles it (sometimes harder than it seems since a POC often stops at ip/pc control and many mitigations make going from ip control to full code execution more difficult).

Thanks for the quality feedback Dropzone, read your exploit dev thread and will take a look at those Open Security courses. Thanks Big Grin
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Vigilante Hacking - Heroes or Menaces DeepLogic 10 1,495 07-08-2020, 11:26 PM
Last Post: rob13
  Security/Hacking Ebook Collection Insider 124 185,569 07-02-2020, 07:49 AM
Last Post: pdd0702
  Is releasing hacking tools a bad idea? DeepLogic 1 590 06-16-2020, 04:40 PM
Last Post: poppopret
  Detailed Account of Hacking a Spyware Company DeepLogic 0 522 06-05-2020, 06:02 PM
Last Post: DeepLogic