Ethical hacking: What are exploits?

Introduction

The very soul of ethical hacking consists of searching for vulnerabilities and weaknesses within an organization’s system, using methods and tools that attackers would use (with permission, of course). Taking this path will lead you to exploits — kind of like a twisted pot of gold at the end of the rainbow. This article will detail exploits in the context of ethical hacking, including: 

  • What exploits are
  • How exploits work
  • Their greatest target
  • Types of exploits
  • Types of exploit kits
  • Where to find information about known exploits 

Expect a solid overview of exploits that will get even the greenest newcomer introduced to this fascinating subject matter. 

What are exploits?

Simply put, exploits are a way of gaining access to a system through a security flaw and taking advantage of the flaw for their benefit — in other words, to exploit it. Exploits normally come by way of a piece of programmed software, piece of code or a script. They are often delivered as a part of a kit, which is a collection of exploits. 

You can think of exploits as the proverbial battering ram in a medieval battle, where the organization’s security is the castle wall. The enemy will use a battering ram (or an exploit) to deliver their attack at a weakness in the castle wall, or in this case, a security flaw. 

Just as there are different battering rams and methods to breach castle walls, there are different exploits for different situations because not all flaws and weaknesses are the same. 

How do exploits work?

Not all exploits work the same way. However, I will provide a general explanation for kit-delivered exploits. 

The most common method of making contact with exploits is by visiting websites that have been booby-trapped by attackers. The (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/oDSv4_Pgdkg/