Difference between revisions of "Exploit"
From MgmtWiki
(→Context) |
|||
Line 5: | Line 5: | ||
# Exploits are, as a rule, reported to the CVE | # Exploits are, as a rule, reported to the CVE | ||
# As a general rule [[Attacks]] are directed at known exploits, but can include simple exploration of the [[Ecosystem]] looking for an unknown [[Vulnerability]]. | # As a general rule [[Attacks]] are directed at known exploits, but can include simple exploration of the [[Ecosystem]] looking for an unknown [[Vulnerability]]. | ||
+ | |||
+ | ==Types== | ||
+ | ===Social Engineering=== | ||
+ | |||
+ | * [https://blog.knowbe4.com/uber-security-breach-looks-bad-caused-by-social-engineering Uber security breach 'looks bad', caused by social engineering] reported on 2022-09-15 | ||
==Solutions== | ==Solutions== |
Latest revision as of 11:27, 16 September 2022
Full Title
An Exploit is a malicious implementation of code that takes advantage of a Vulnerability in the design or implementation of a solution.
Context
- Exploits are part of the standard Threat Model
- Exploits are, as a rule, reported to the CVE
- As a general rule Attacks are directed at known exploits, but can include simple exploration of the Ecosystem looking for an unknown Vulnerability.
Types
Social Engineering
- Uber security breach 'looks bad', caused by social engineering reported on 2022-09-15
Solutions
- See the wiki page on Indicators of Compromise for definitions of discovery when an Exploit has succeeded against a target.