An exploit is a term used to describe access to a security vulnerability in a system, which results either from the theoretical description of the vulnerability or from a deployable program code. The exploit then in turn contains a payload that is supposed to carry out activities that are determined by the attacker – for example, Trojans, Kryptotrojaner, or the establishment of a backdoor.
Examples of known exploits include WannaCry, EternalBlue and Emotet.
EternalBlue (Vulnerability: CVE-2017-0144), for example, describes an exploit that exploits programming errors in the SMB implementation of Windows. The NSA’s special unit, Tailored Access Operations, is responsible for developing the exploit.
IDS / IPS systems can be used to detect and prevent such attacks. These should be properly configured and checked regularly in order to identify new attacks more quickly and put a stop to them. In IT security consulting, we support companies in developing their own IPS and IDS signatures, especially if it is self-developed software.
Furthermore, companies should have regular penetration tests carried out, in which the organizations, networks, and systems are checked for potential security gaps and weak points.
Vulnerabilities and security loopholes that are still unknown and discovered before the software manufacturers are known as zero-days. The problem involves the fact that no patch or correction can be made by the developers with regard to the discovered vulnerabilities.
After a program code or instructions have been completed on how such a found zero-day can be exploited, a zero-day exploit occurs.
A zero-day exploit starts from a mistake made by the application developer. This person accidentally programs a faulty code, which contains vulnerabilities or security holes.
White and grey hat hackers immediately inform the manufacturer to proactively take action against black hat hackers. Ideally, the developers would now provide a security patch to fix the vulnerability and avoid further fatal consequences.
ProSec GmbH has published a vulnerability disclosure guideline called Vulnerability Disclosure Guideline.
As part of vulnerability analysis, penetration testers check, for example, whether the existing security measures have been configured and implemented correctly. In addition, we regularly find zero-days in our customers’ software ourselves and can then support you with workarounds until the manufacturer takes remedial action.
Software, as always and everywhere advertised, does not protect you. There is no such thing as “zero-day protection”, don’t let other companies’ marketing blind you.