Difference between revisions of "Exploit"

From MgmtWiki
Jump to: navigation, search
(Context)
 
Line 5: Line 5:
 
# Exploits are, as a rule, reported to the CVE
 
# Exploits are, as a rule, reported to the CVE
 
# As a general rule [[Attacks]] are directed at known exploits, but can include simple exploration of the [[Ecosystem]] looking for an unknown [[Vulnerability]].
 
# As a general rule [[Attacks]] are directed at known exploits, but can include simple exploration of the [[Ecosystem]] looking for an unknown [[Vulnerability]].
 +
 +
==Types==
 +
===Social Engineering===
 +
 +
* [https://blog.knowbe4.com/uber-security-breach-looks-bad-caused-by-social-engineering Uber security breach 'looks bad', caused by social engineering] reported on 2022-09-15
  
 
==Solutions==
 
==Solutions==

Latest revision as of 11:27, 16 September 2022

Full Title

An Exploit is a malicious implementation of code that takes advantage of a Vulnerability in the design or implementation of a solution.

Context

  1. Exploits are part of the standard Threat Model
  2. Exploits are, as a rule, reported to the CVE
  3. As a general rule Attacks are directed at known exploits, but can include simple exploration of the Ecosystem looking for an unknown Vulnerability.

Types

Social Engineering

Solutions

  • See the wiki page on Indicators of Compromise for definitions of discovery when an Exploit has succeeded against a target.

References