Posts

Showing posts from April, 2019

Vulnerability Research Dictionary

Image
Refer to this page any time there's a vulnerability related term you want to better understand.
ASLR Address Space Layout Randomization. An exploit mitigation that randomizes the loading address of modules in memory to harden the system against exploits that depend on known memory addresses.
In Linux, the address of the heap, stack and external libraries is randomized.
In Windows the address of the code, heap, and stack is randomized. External libraries (DLLs) are randomized once when loaded, but their address is the same between separate processes.

Authentication Bypass A vulnerability that permits unauthorized users to bypass authentication and reach a protected resource or interface that would otherwise require authentication. Occasionally used as part of an exploit chain.

Brute-Force A methodology used to solve for an unknown value by exhausting all the possible options. Most commonly used as a password guessing technique, but can also be used to break ALSR by guessing the ra…

What Is A Software Vulnerability?

Image
tl;dr In the broadest sense, a software vulnerability is a flaw that allows the vulnerable system to perform unplanned actions. Examples of the results of these unplanned actions include, sensitive information disclosure (example), denial of service (DOS) (example), authentication bypass (example), and most dangerously, full takeover of a system (aka RCE) (example) by a malicious attacker.
Formal Definitions According to ENISA (European Union Agency for Network and Information Security) a vulnerability is, "The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event" (reference).

According to  NICCS (National Initiative for Cybersecurity Careers & Studies) a vulnerability is, "Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur" (reference).

The definition I use defines a vulnerab…