What is an Exploit?

What is an Exploit?

Table of contents

  1. How do exploits work?
  2. What are the different types of exploits?
  3. How do exploits occur?
  4. What is an exploit kit?
  5. How can I mitigate the risk of exploits?
  6. What are examples of exploits?
  7. How UpGuard can protect your organization from exploits

1. How do exploits work?

2. What are the different types of exploits?

  1. Hardware:Poor encryption, lack of configuration management or firmware vulnerability.
  2. Software:Memory safety violations (buffer overflows, over-reads, dangling pointers), input validation errors (code injection, cross-site scripting (XSS), directory traversal, email injection, format string attacks, HTTP header injection, HTTP response splitting, SQL injection), privilege-confusion bugs (clickjacking, cross-site request forgery, FTP bounce attack), race conditions (symlink races, time-of-check-to-time-of-use bugs), side channel attacks, timing attacks and user interface failures (blaming the victim, race conditions, warning fatigue).
  3. Network:Unencrypted communication lines,man-in-the-middle attacks,domain hijacking,typosquatting, poor network security, lack of authentication or default passwords.
  4. Personnel:Poor recruiting policy and process, lack of security awareness training, poor adherence to information security policy, poor password management or falling for common social engineering attacks like phishing, spear phishing, pretexting, honey trapping, smishing, waterholing or whaling.
  5. Physical site: Poor physical security, tailgating and lack of keycard access control.
  • Known vulnerabilities:Exploits security researchers know about and have documented. Exploits that target known vulnerabilities are often already patched but still remain a viable threat because of slow patching.
  • Zero-day exploits:Vulnerabilities that have not been reported to the public or listed on CVE. This means cybercriminals have found the exploit before developers have been able to issue a patch, in some cases the developer may not even know of the vulnerability.

3. How do exploits occur?

  • Remote exploits: Works over a network and exploits the vulnerability without prior access to the vulnerable system.
  • Local exploits: Requires prior access to the vulnerable system and increases the privilege of the attacker past those granted by the security administrator.
  • Client exploits: Exploits against client applications exist and usually consist of modified servers that send an exploit when accessed with a client application. They may also require interaction from the user and rely on social engineering techniques like phishing or spear phishing to spread or adware.

4. What is an exploit kit?

5. How can I mitigate the risk of exploits?

6. What are examples of exploits?

7. How UpGuard can protect your organization from exploits

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
UpGuard

UpGuard

https://www.upguard.com — UpGuard combines third-party security ratings, vendor questionnaires, and threat intelligence in a single cyber risk solution.