You can think of it like a labyrinth, where you know that there is an exit but you don’t know if there are more than 1 connections to that exit, with the one known route leading through a password authentication which you don’t wanna go through.

You basically play with the system forwards and backwards, meaning you also try to find a way from exit to start. If you do both you get an instinct for when you get close to the other end, sometimes by surprise after you took a weird turn that didn’t look like the right one at all when you took it.

My favourite example of a complicated shortest route that is not the intended one is the Windows 95 domain authentication bypass

Lots of ways… But the juicy ones are mistakes in code that can be boiled down to something like this.

Lets say you have a bowl of lego on the table, someone can put lego in and you can take lego out one brick at a time and you can’t see inside the bowl because you’re not tall enough, each brick colour corresponds to doing something… Let’s say red means brush your teeth, and blue means go play xbox.

Now say you dump an entire bag of lego into the bowl when no one is looking so that the bowl is now full, if someone adds more lego to the bowl it just falls on the table… You can see the table though so you just pick up the blue lego and go play xbox.

A zero-day is a computer-software vulnerability that is unexploited. That is the explanation for its name. Once it is first used by the exploiter it has a limited time available to maximize its usefulness. These exploits are often written in to programs by coders and sold to other people.

Zero day vulnerabilities can be bought on the dark web.

Zero day exploits are either unknown to those who should be interested in its removal or known but a patch has not been developed.

Until the vulnerability is removed, hackers can exploit it to adversely affect programs, data, additional computers or a network.

Info sec engineer here – the best way to hack a system is via social engineering. Convince someone to open an email with a backdoor in it or click on a site which grabs your info. Hands down the cheapest and most effective way to compromise a system.