Looking for the weakest link and going from there. Whether that link be fooling a naive person or a poor decision made when creating the security system.

Usually they aren’t complicated.

Think of a house. It has 2 formal doors to get in or out. There are windows. There might be a secret basement that you get to from the backyard. But how do you get into the house? You could just be invited in. You could falsify a profession that gets you in. You could observe, notice they throw huge parties where no one can possibly know everyone, and you act like you’re someone’s friend in there.

Now for the seemingly more complicated stuff: imagine someone has a huge house that they keep building and improving. They probably use blueprints for different parts of it. Now there are soooooo many doors and windows you could get in through. You could probably buy or even just find out common weakpoints in such a cookie cutter house online. At that point you’d just need to research all of them and try all of them.

…Or just go the easy route and have someone invite you in.

Time. Speaking from personal experience all you need is time and will, Russian, Chinese etc. hackers have plenty of both. The digital world is a complicated place and there are a lot of potential exploits – the whitehat has to cover them all, whereas the blackhat only needs to find one. But honestly most hacks are not actually that difficult, people just leave doors open either out of laziness or ignorance. I can’t even count the times I have been at major companies and I asked “Are you really doing this? You know it can be exploited by a semi intelligent teenager.” Yet it didn’t change. They always close the barn door after the horse gets out.

In short: Weaponized Autism..

In some cases it is aided by specialized computer programs that look for flaws, but in nearly all cases it is smart people who are maddingly focused on things that aren’t right – and computer programs and logic aren’t ever ‘right’ (in truth 95% of all exploits are just variations on a common flawed concepts in how developers code and how people actually apply logic). There is also a dash of just wanting to know how things really work.

Source: my prior life running exploit development teams.

ELI5: While bad guys are often highly skilled in their target technology, it’s also a team effort supported by everyone else on the planet (both good and bad).

Researchers and vendors announce their vulnerabilities so they can be understood and fixed by good guys, though that often means they’re also understood and exploited by bad guys.

These records are public too: https://nvd.nist.gov/

They are often extremely intelligent and have worked on or chosen to learn at a very deep level how certain systems work. No system is perfect, a lot of programming focuses more on getting things to work rather than being fool proof. Foolproof is a goal, but not a requirement. If you know the system you can understand how to exploit it.

Everything starts with a single exploit discovery, like a null-byte exception, buffer overflow, or unsanitized inputs. Then, you look for more. Once you have enough to formulate a full-blown attack, you can either wait, sell the information, or develop attacks based on those vulnerabilities. Once they get good enough, they’ll already have attacks ready for most common vulnerabilities allowing them to quickly cripple or download all information from the compromised systems.

Hacking things is like looking at a wall of various well built-ness, you’re objective is to get a needle from one side of the wall, to the other (by going through it). You scan the wall and search for a week point, a common one being people themselves, and you try and exploit it and break that part of the wall. There’s no one way to hack into things. You could (And I would never condone this without someone’s explicit and written prior consent):

Brute force admin credentials to try and gain access to the system.

If you’re resources are big and the target is big enough, you could go for bribery or even break in to the physical location where the computers are held, stick a usb into a computer and leave a lovely little virus which’ll give you what you want.

Best one is probably by people, email claiming to be IT or some other fake identity, state that you’ll need their email and password for xyz bs reason. Whilst most people probably won’t fall for it, all you need is one high up person who’s not tech savvy enough to spot the scam and then you have access to a whole bunch of information. If you can trick someone high up at twtiter for instance, to click on a scam link or open a nasty virus file, that can be you hacking in and finding what you need.

Generally speaking, the better the security, the more complicated the exploit, whilst I’m not a hacker, I imagine they’d start off with the lower level simple stuff, and then work their way up to the increasingly complicated exploits as their attempts fail

You try all the doors and ground floor windows. If that doesn’t work you lock for the hide-a-key rock that the local Home Depot sells. If that doesn’t work you look for easily climbed parts of the house and unlocked second story windows. If that doesn’t work you start getting creative and seeing if maybe you can impersonate a meter reader or some other ruse to get in.

It’s just a matter of trying different things (using known exploits, vulnerbilites, default passwords, security holes like strong networks (but some jackass has a web enabled coffee pot that you can get onto the network through using “admin” and “password”). Are they running old code on their websites that has known vulns? Do you know their employee email addresses and can you send them off-the self viruses to let you in?

The first thing you might try (checking doors) is simply looking for their employee login and trying known default accounts, and employee names and common passwords. Then you might start checking their publicly facing websites for known vulnerabilities. Then maybe (using automated software) you start scanning their home network for open or easily entered connections. Maybe their home network is great, but a branch is weaker.

Once something cracks, either an IoT device isn’t properly secured, you get an employee login, you get on their network another way (maybe it was as easy as sitting in the parking lot and looking for free wifi or running wifi password cracking software on a poorly secured wifi) what you do would depend on what you’re after.

A program that runs in a computer for example can be broken down into instructions. There are other programs out there called disassemblers that can show these instructions and in some cases provide a human readable description such as: here are the instructions that are followed when a user copies and pastes. By analysing the code a hacker might see that there is no check done on the amount of information that is copied. The hacker may then see or deduce what happens when they exploit this oversight. In some particular case it might be that copying a specific set of symbols that appear to make no sense can actually change the outcome of the perviously mentioned instructions by overwriting the programs instructions with the information copied. These new “hacked” instructions may then do malicious things like download nadsty programs