Vulnerability Analysis

Let's first get a general idea of what a vulnerability is

A vulnerability in cybersecurity is defined as a weakness or flaw in the design, implementation or behaviours of a system or application

This definition isn't a perfect one, in fact, the definition varies from source to source. NIST defines a vulnerability as a “weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source”. However, the general idea remains the same.

Vulnerabilities in general can be categorized into 5 broad types with respect to their sources/causes:

Type	Description
Operating System	Found within Operating Systems (OSs) and often result in privilege escalation.
Configuration/Misconfiguration	Stem from an incorrectly configured application or service. Examples include a website exposing customer details, and even left-out default credentials that should've been changed
Application Logic	Stem from poor application design. For example, a website with shitty encryption for authentication
Human-Factor	Vulnerabilities that leverage human behaviour. For example, phishing emails are designed to trick humans into believing they are legitimate.

Yes, I ripped this table straight from TryHackMe's Vulnerabilities 101 room, and I recommend you visit that room since it's a literal treasure trove. I'll be using certain sections from it to explain many things, but it'll be a short explanation rather than a verbose one like the one in said room.

On the big shiny public forums and "vulnerability scoring" websites, each vulnerability has a quantitative qualifier attached to it. There are several methods of going about this "scoring" business but here are some popular ones:

• Common Vulnerability Scoring System (CVSS)

• Vulnerability Priority Rating (VPR)

• Tripwire Vulnerability Scoring System

• IP360 Scoring

The last two are a bit uncommon, but it's good to know them. Here's a dumb way to refer to each of these system's scoring:

Score/Rating	Reaction/Inference/IDK just understand what you will :P
Low-Medium	"Meh"; Low-money bounties; "Meh, Let's just fix this when we feel like it"
High	"Nice!"; Medium money bounties; "Okay, better fix this quick"
Critical	"OOOOO"; Money's rainin' boys; "AAAAAA, FIX THIS ASAP!!"

There are a lot of vendors that enlist/sell exploits online so it's a good idea to be familiar with them if you can:

• ExploitDB: https://www.exploit-db.com/

• 0day.today: https://0day.today/

• Packet Storm Security: https://packetstormsecurity.com/about/

• CIRCL: https://circl.lu/mission/

• VulnDB: https://vuldb.com/

TODO: add more on this...