Vulnerability Research Dictionary

Cyber vulnerability research buzzwords word cloud

Refer to this page any time there's a vulnerability related term you want to better understand.

ASLR

Address Space Layout Randomization. An exploit mitigation that randomizes the loading address of modules in memory to harden the system against exploits that depend on known memory addresses.
In Linux, the address of the heap, stack and external libraries is randomized.
In Windows the address of the code, heap, and stack is randomized. External libraries (DLLs) are randomized once when loaded, but their address is the same between separate processes.

Authentication Bypass

A vulnerability that permits unauthorized users to bypass authentication and reach a protected resource or interface that would otherwise require authentication. Occasionally used as part of an exploit chain.

Brute-Force

A methodology used to solve for an unknown value by exhausting all the possible options. Most commonly used as a password guessing technique, but can also be used to break ALSR by guessing the random loading address.

Buffer Overflow

A memory vulnerability where data is written past the bounds of a certain sized allocation (buffer), overwriting the following data in memory. When a buffer in the stack is overflown, it is called a stack overflow and when a buffer in the heap is overflown it is called a heap overflow.

Bit

The smallest unit of memory in a computer. Can be either 0 or 1.

Byte

Most commonly 8 bits allowing for numbers from 0 - 255, but ultimately the number of bits in a byte is architecture dependent

Command Injection

A type of vulnerability where an attacker can enter unsanitized commands into a shell or interface that executes these commands.

CLI

Command Line Interface. A textual interface used for input and output.

CMS

Content Management System. A framework for websites to manage their content. The most popular CMSs are Wordpress and Drupal.

CSRF

Cross-Site Request Forgery. A web vulnerability that permits the execution of a malicious request on behalf of an unsuspecting user. Commonly defended by websites by attaching a "CSRF Token" to every request to permit wanted requests only.

CVE

Common Vulnerabilities and Exposures. A CVE is a string in the form of CVE-YYYY-XXXX where YYYY is a year (2019 for example) and XXXX is an incremental number that is tagged to a specific vulnerability for tracking and reference purposes.

DDOS

Distributed DOS. When multiple entities perform a DOS on a common target, the DOS become a DDOS.

DEP

Data Execution Prevention. An exploit mitigation. DEP labels block of memory as either executable or not. This prevents an attacker from executing data they supplied which will probably be stored on a non-executable memory block. This mitigation is present by default on all Windows, Linux and Mac operating systems.

DOS

Denial Of Service. When regarding websites, DOS is usually achieved by exhausting server resources. However, DOS can also be achieved by memory corruption or vulnerabilities triggering infinite loops in the code.

Directory Traversal

A vulnerability that allows relative directory referencing where it would otherwise be permitted. This vulnerability is usually achieved by injecting "/../" into file paths. On Linux and Windows, the string "../" refers to the parent directory.

DLL/EXE

The shared library file extension and executable file extension respectivaly on windows. Both are in the PE (Portable Executable) format.

ELF/SO

ELF is the executable file format on linux. SO is the file exetension for ELFs that are share libraries.

Exploit

A program that triggers a vulnerability.

Exploit Chain

An exploit chain is a set of exploits used together in such a way that the exploit chain's effect is greater than any individual exploit in the chain. An exploit chain for a web-server can for example consist of an RCE exploit, and an LPE exploit. Each exploit used alone won't result in full takeover of a remote server. However, when used together, a full server takeover is possible: first the exploit chain will execute the RCE to run code on the remote server. Next, from the code now running on the remote server, the LPE exploit will be used to escape the web-server's sandbox, thus fully taking over the server.

Heap

Where dynamically allocated objects are stored

Hexadecimal

Base 16. Commonly used when working with memory since its more compact than decimal (base 10, the "normal number base") and is easy to converet to binary which is the real way data is saved on a computer.

Information Disclosure

A vulnerability that permits otherwise protected information to be disclosed

Injection

A vulnerability that permits unwanted data to enter a data stream. For example Directory Traversal is usually a vulnerability stemming from allowing "../" (the parent directory notation) to reach parsed file paths.

KASLR

ALSR for the Kernel to protect mitigate kernel exploits

Kernel

The privilleged part of an operating system in charge of handling the user mode and providing abstractions to user mode.

LPE

Local Privilege Escalation. See PE.

Memory Disclosure

A vulnerability that permits exposing internal memory of the program. For example by passing uninitialized data to the user. This can be used to discolose memory locations, bypassing ASLR.

Memory Safe Language

A language where there is by default no low level memory handeling, thus, preventing buffer overflows.

System (User)

The default privilleged user in windows

OOB

Out of Bounds. OOB is usually used in the context of OOB read or OOB Write. An OOB read is usually a memory disclosure, and an OOB Write is a buffer overflow.

PE (Privilege Escalation)

An exploit that increases the Privilege of the user. Usually from a normal user to an administrative user such as root or ntsystem.

PE (Portable Executable)

The windows format for executable binaries

RCE

Remote Code Execution. Also commonly called arbitrary code execution. This is considered the ultimate exploit since it allows you to run code on the exploited machine. After you run code, you are only limited by the privellages you have but can otherwise do anything.

ROP Chain

Return Oriented Programming. A method to exploit stack overflows where the code to be executed is jumped to with assembly return statements ("ret").

Root

The default privilleged user in linux

Shell

A CLI to interact with the operating system.

Spoofing

A vulnerabilty that allows "lying" about something. For example IP spoofing "lies" about who said what in the network.

Stack

Memory that grows downward and holds stack variables and return addresses of its program

Stack Canary

An exploit mitigation that inserts a value before the return address, and checks it wasn't changed to prevent stack overflows.

SUID/GUID executable

Stands for Set User ID or Set Group ID. In Linux, when files are SUID or GUID it means they have a special flag lit that sets their context to run with the file owners user id or group id respectably, thus giving the process the owner's or group's privileges. This is useful for programs that are meant to be started by anyone but require special permissions when running. For example the ping executable is set as SUID so it can do low level socket operations.

Underflow (Buffer Underflow)

Very Similar to a buffer overflow except an underflow happens when data is written before the buffer starts instead of after it ends.

Vulnerability

A bug in a program (see this post)

XSS

Cross Site Scripting. An Injection Vulnerability that permits injection scripts into otherwise safe browser content.

XXE

XML eXternal Entity. A vulnerability that processes remote resources from an XML file. Can be used to scan inner networks from the perspective of the computer parsing the XML.

1337

Leet speak for "Leet". 1 = L, 3 = E, 7= T


Let me know if I missed anything 👾

Comments

Popular posts from this blog

Attacking The Network's Security Core - Hunting For Vulnerabilities In A Network Security Tool

Stack Overflow CVE-2019-17424 Vulnerability Write-Up and RCE Exploit Walk Through

CVE-2019-12181 Serv-U Exploit Writeup