👾
Malware Development Guide
  • 🚀Introduction
  • 🐤Baby Steps
    • 📔Pre-requisite Knowledge
    • What is Malware?
    • Programming Guide
    • Vulnerability Analysis
  • 👾Basic Malware
    • Fork Bombs
    • Logical Bombs
    • Zip Bombs
    • Keyloggers
    • Wipers
    • ScreenJackers
    • Prependers and Postpenders
    • What's Next?
  • 💀Intermediate Malware
    • Browser Extensions
    • Worms
    • RATs
  • ☠️Advanced Malware
    • Botnets w/ C2 Servers
    • Rootkits and Bootkits
    • Polymorphic Malware
  • Appendix
    • Pivoting
      • Windows: Effing Drivers
      • Windows: Abusing LSASS
    • Elementary Concepts and Stuff
      • Memory Representation
      • Expressions
    • Being Stealthy
      • UAC Evasion
      • OPSEC
      • Code Obfuscation
      • Signing Code and Binary Properties
      • Punycodes
    • Backdoors
    • Windows Process Injection
    • SIM Swapping
    • Quishing
    • RunPE
    • Malware Packers
    • Learning Resources
  • Updates n Stuff
  • Scratchpad
Powered by GitBook
On this page
  1. Baby Steps

Vulnerability Analysis

PreviousProgramming GuideNextFork Bombs

Last updated 1 year ago

Let's first get a general idea of what a vulnerability is

A vulnerability in cybersecurity is defined as a weakness or flaw in the design, implementation or behaviours of a system or application

This definition isn't a perfect one, in fact, the definition varies from source to source. NIST defines a vulnerability as a “weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source”. However, the general idea remains the same.

Vulnerabilities in general can be categorized into 5 broad types with respect to their sources/causes:

Type
Description

Operating System

Found within Operating Systems (OSs) and often result in privilege escalation.

Configuration/Misconfiguration

Stem from an incorrectly configured application or service. Examples include a website exposing customer details, and even left-out default credentials that should've been changed

Application Logic

Stem from poor application design. For example, a website with shitty encryption for authentication

Human-Factor

Vulnerabilities that leverage human behaviour. For example, phishing emails are designed to trick humans into believing they are legitimate.

Yes, I ripped this table straight from , and I recommend you visit that room since it's a literal treasure trove. I'll be using certain sections from it to explain many things, but it'll be a short explanation rather than a verbose one like the one in said room.

On the big shiny public forums and "vulnerability scoring" websites, each vulnerability has a quantitative qualifier attached to it. There are several methods of going about this "scoring" business but here are some popular ones:

  • Common Vulnerability Scoring System (CVSS)

  • Vulnerability Priority Rating (VPR)

  • Tripwire Vulnerability Scoring System

  • IP360 Scoring

The last two are a bit uncommon, but it's good to know them. Here's a dumb way to refer to each of these system's scoring:

Score/Rating
Reaction/Inference/IDK just understand what you will :P

Low-Medium

"Meh"; Low-money bounties; "Meh, Let's just fix this when we feel like it"

High

"Nice!"; Medium money bounties; "Okay, better fix this quick"

Critical

"OOOOO"; Money's rainin' boys; "AAAAAA, FIX THIS ASAP!!"

There are a lot of vendors that enlist/sell exploits online so it's a good idea to be familiar with them if you can:

TODO: add more on this...

ExploitDB:

0day.today:

Packet Storm Security:

CIRCL:

VulnDB:

🐤
TryHackMe's Vulnerabilities 101 room
https://www.exploit-db.com/
https://0day.today/
https://packetstormsecurity.com/about/
https://circl.lu/mission/
https://vuldb.com/