There are two types of hacks that usually happen. With one type of hack, an attacker is usually able to take existing technology and make it do something that is not supposed to. They do not change any of the inner workings of the technology itself; they just use it for purposes that are not pure. For example, when an attacker uses something like a HTML link to send a person a piece of malware. They are not changing the internals of the technology; they are just using it for a malicious purpose.
The other type of hacker is someone who has the technical knowledge to actually change the fundamental way that either the software or the hardware works. These are skills that are very hard to come by and are something that is considered hard to do. We can take our HTML link example and change it so that when the person clicks the link sent, it sends a request that exposes the database of the web site that it is on. The link has been crafted to be a SQL query and it is now doing a data dump. This is a true technical hack and is something that happens all of the time.
Some very skilled black hat hackers are able to go into the heart of the computer and change the fundamentals of how it works. One of the ways they are able to do this is by manipulating how the computer is able to read the instruction sets that are in the memory of the computer.
When the program loads into the memory of the computer off of the hard drive, it is allowing the CPU to read its instruction set. The CPU is able to see what the next data step is by using instruction pointers. Black hat hackers have found ways to be able to manipulate the way that a computer sees these instructions. They have found ways to make the computer read instructions from parts of the memory it is not supposed to go to.
One of the ways it does this is by ROP. ROP means Return Orientated Programming. This means that you are able to manipulate the stack pointer. JOP, Jump Orientated Programming, is similar to ROP except that you do not have to use the stack pointer in memory. Instead it uses the dispatch table and the program counter in memory. This can get really technical so we will just say that it is a different way for a black hat hacker to control the execution of a program. And these new executions lead to serious problems.