Vulnerability Analysis

Let's first get a general idea of what a vulnerability is

A vulnerability in cybersecurity is defined as a weakness or flaw in the design, implementation or behaviours of a system or application

This definition isn't a perfect one, in fact, the definition varies from source to source. NIST defines a vulnerability as a “weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source”. However, the general idea remains the same.

Vulnerabilities in general can be categorized into 5 broad types with respect to their sources/causes:

Type	Description
Operating System	Found within Operating Systems (OSs) and often result in privilege escalation.
Configuration/Misconfiguration	Stem from an incorrectly configured application or service. Examples include a website exposing customer details, and even left-out default credentials that should've been changed
Application Logic	Stem from poor application design. For example, a website with shitty encryption for authentication
Human-Factor	Vulnerabilities that leverage human behaviour. For example, phishing emails are designed to trick humans into believing they are legitimate.

Type

Description

Operating System

Found within Operating Systems (OSs) and often result in privilege escalation.

Configuration/Misconfiguration

Stem from an incorrectly configured application or service. Examples include a website exposing customer details, and even left-out default credentials that should've been changed

Application Logic

Stem from poor application design. For example, a website with shitty encryption for authentication

Human-Factor

Vulnerabilities that leverage human behaviour. For example, phishing emails are designed to trick humans into believing they are legitimate.

Yes, I ripped this table straight from TryHackMe's Vulnerabilities 101 room, and I recommend you visit that room since it's a literal treasure trove. I'll be using certain sections from it to explain many things, but it'll be a short explanation rather than a verbose one like the one in said room.

On the big shiny public forums and "vulnerability scoring" websites, each vulnerability has a quantitative qualifier attached to it. There are several methods of going about this "scoring" business but here are some popular ones:

Common Vulnerability Scoring System (CVSS)
Vulnerability Priority Rating (VPR)
Tripwire Vulnerability Scoring System
IP360 Scoring

The last two are a bit uncommon, but it's good to know them. Here's a dumb way to refer to each of these system's scoring:

Score/Rating	Reaction/Inference/IDK just understand what you will :P
Low-Medium	"Meh"; Low-money bounties; "Meh, Let's just fix this when we feel like it"
High	"Nice!"; Medium money bounties; "Okay, better fix this quick"
Critical	"OOOOO"; Money's rainin' boys; "AAAAAA, FIX THIS ASAP!!"

Score/Rating

Reaction/Inference/IDK just understand what you will :P

Low-Medium

"Meh"; Low-money bounties; "Meh, Let's just fix this when we feel like it"

High

"Nice!"; Medium money bounties; "Okay, better fix this quick"

Critical

"OOOOO"; Money's rainin' boys; "AAAAAA, FIX THIS ASAP!!"

There are a lot of vendors that enlist/sell exploits online so it's a good idea to be familiar with them if you can:

ExploitDB: https://www.exploit-db.com/
0day.today: https://0day.today/
Packet Storm Security: https://packetstormsecurity.com/about/
CIRCL: https://circl.lu/mission/
VulnDB: https://vuldb.com/

TODO: add more on this...

PreviousProgramming Guide NextFork Bombs

Last updated 1 year ago