Little holes in the system, when exploited, can ruin the whole network, exposing sensitive information, crashing and shutting down the machines. This is all because of one tiny insufficiency in a network, software, or a device—vulnerabilities.
In this chapter, you're going to:
- Learn what vulnerabilities are and how are they found
- Understand the basics of reverse engineering and their role in network security
- Learn how a vulnerability can be detected using zANTI2
- Learn how vulnerabilities are exploited using all possible tools
Generally speaking, a vulnerability represents a certain kind of weakness, which, when exploited, allows an attacker to discover more about a system. This could mean reducing information assurance or exposing sensitive data. It is the same when it comes to computer security. Vulnerability is typically the intersection of three essential elements: a system susceptibility, an attacker with access to this susceptibility, and finally a skill required to be able to exploit this flaw.
Vulnerability can be described as:
"A weakness of an asset or group of assets that can be exploited by one or more threats."
- https://en.wikipedia.org/wiki/Vulnerability_%28computing%29
A vulnerability is thus defined as a weak link that provides at least one way of exploitation.
It is obvious that vulnerabilities are one of the biggest problems of today's network security worldwide. Without a doubt, they will be a huge problem in the future too. You may ask yourself, how is a vulnerability created, why can't there be systems and software with no vulnerabilities at all?
This is obviously what all the software manufacturers are trying to do—building the most resilient and vulnerability-free software for all. However, it is not that easy. There are plenty of ways to discover a remote vulnerability and often even easier ways to find a functional way to exploit it. Although it is definitely not an easy thing to do, tons of new vulnerabilities are found every year.