Revision as of 20:56, 12 August 2024 edit Tikmok (talk \| contribs) Extended confirmed users 2,095 edits →top: Adding/removing wikilink(s) ← Previous edit		Revision as of 23:49, 12 August 2024 edit undo Tikmok (talk \| contribs) Extended confirmed users 2,095 edits move unrelated from "classification"; "better" short description Next edit →
Line 1: {{Short description\|~~Compromising~~ a method compromising computer ~~system~~systems}} An '''exploit''' (from the English verb ''to exploit'', meaning "to use something to one’s own advantage") is a method or piece of code that takes advantage of [[Vulnerability (computer security)\|vulnerabilities]] in [[software]], [[Application software\|applications]], [[Computer network\|networks]], [[operating systems]], or [[Computer hardware\|hardware]], typically for malicious purposes. These vulnerabilities, essentially flaws or weaknesses in the system's defenses, allow exploits to identify flaws, bypass security measures, gain unauthorized access to systems, take control of systems, install malware, or steal sensitive data. Line 5: Common targets for exploits include operating systems, [[web browsers]], and various applications, where hidden vulnerabilities can be exploited to compromise the integrity and [[Computer security\|security]] of [[computer systems]]. Exploits can cause unintended or unanticipated behavior in systems, potentially leading to severe [[security breaches]].<ref>{{cite web \| last = Latto \| first = Nica \| title = Exploits: What You Need to Know \| website = Exploits: What You Need to Know \| date = 2020-09-29 \| url = https://www.avast.com/c-exploits \| access-date = 2024-08-12 \| archiveurl = https://web.archive.org/web/20240515153218/https://www.avast.com/c-exploits \| archivedate = 2024-05-15 \| url-status = live \| quote = An exploit is any attack that takes advantage of vulnerabilities in applications, networks, operating systems, or hardware. Exploits usually take the form of software or code that aims to take control of computers or steal network data. }}</ref><ref>{{cite web \| title = Exploit Definition \| website = Malwarebytes \| date = 2024-04-15 \| url = https://www.malwarebytes.com/exploits \| access-date = 2024-08-12 \| archiveurl = https://web.archive.org/web/20240516063544/https://www.malwarebytes.com/exploits \| archivedate = 2024-05-16 \| url-status = live \| quote = A computer exploit is a type of malware that takes advantage of bugs or vulnerabilities, which cybercriminals use to gain illicit access to a system. These vulnerabilities are hidden in the code of the operating system and its applications just waiting to be discovered and put to use by cybercriminals. Commonly exploited software includes the operating system itself, browsers, Microsoft Office, and third-party applications. }}</ref><ref>{{cite web \| title = What Is an Exploit? \| website = Cisco \| date = 2023-10-06 \| url = https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-exploit.html \| access-date = 2024-08-12 \| archiveurl = https://web.archive.org/web/20240531021442/https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-exploit.html \| archivedate = 2024-05-31 \| url-status = live \| quote = An exploit is a program, or piece of code, designed to find and take advantage of a security flaw or vulnerability in an application or computer system, typically for malicious purposes such as installing malware. An exploit is not malware itself, but rather it is a method used by cybercriminals to deliver malware.}}</ref><ref>{{cite book \| last = Gonzalez \| first = Joaquin Jay III \| last2 = Kemp \| first2 = Roger L. \| title = Cybersecurity: Current Writings on Threats and Protection \| publisher = McFarland & Company \| publication-place = Jefferson, North Carolina \| date = 2019-01-25 \| isbn = 978-1-4766-3541-5 \| page = 241 \| url = https://books.google.co.th/books?id=yyqFDwAAQBAJ&pg=PA241&lpg=PA241&dq=%22A+technique+to+breach+the+security+of+a+network+or+information+system+in+violation+of+security+policy%22&ots=J6AejpcRHx&sig=ACfU3U0EoNbNEI0_wB1oBlWWLFd1TViycQ&hl=en#v=onepage&q=%22A%20technique%20to%20breach%20the%20security%20of%20a%20network%20or%20information%20system%20in%20violation%20of%20security%20policy%22&f=false \| quote = A technique to breach the security of a network or information system in violation of security policy.}}</ref><ref>{{cite web \| title = OWASP Secure Coding Practices \| website = OWASP Foundation \| url = https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/stable-en/03-appendices/05-glossary \| access-date = 2024-08-12 \| archiveurl = https://web.archive.org/web/20240106035619/https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/stable-en/03-appendices/05-glossary \| archivedate = 2024-01-06 \| url-status = live \| quote = To take advantage of a vulnerability. Typically this is an intentional action designed to compromise the software's security controls by leveraging a vulnerability.}}</ref><ref>{{cite web \| title = Obtain Capabilities: Exploits, Sub-technique T1588.005 \| website = MITRE ATT&CK® \| date = 2020-10-15 \| url = https://attack.mitre.org/techniques/T1588/005/ \| access-date = 2024-08-12 \| archiveurl = https://web.archive.org/web/20240524110426/https://attack.mitre.org/techniques/T1588/005/ \| archivedate = 2024-05-24 \| url-status = live \| quote = Adversaries may buy, steal, or download exploits that can be used during targeting. An exploit takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer hardware or software. }}</ref> ~~Exploits~~Researchers ~~are~~have ~~used~~estimated bythat ~~hackers~~malicious toexploits ~~bypass~~cost ~~security~~the ~~controls~~global ~~and manipulate system [[Vulnerability (computing)\|vulnerabilities]]. Researchers have estimated that this costs~~economy over $450 billion every year ~~from the global economy~~. In response, organizations are using [[cyber threat intelligence]] to find their vulnerabilities and preventing hacks before they happen.<ref>{{Cite journal \| last1 = Indiana University, Bloomington \| last2 = Samtani \| first2 = Sagar \| last3 = Chai \| first3 = Yidong \| last4 = Hefei University of Technology \| last5 = Chen \| first5 = Hsinchun \| last6 = University of Arizona \| date = 2022-05-24 \| title = Linking Exploits from the Dark Web to Known Vulnerabilities for Proactive Cyber Threat Intelligence: An Attention-Based Deep Structured Semantic Model \| url = https://misq.umn.edu/linking-exploits-from-the-dark-web-to-known-vulnerabilities-for-proactive-cyber-threat-intelligence-an-attention-based-deep-structured-semantic-model.html \| journal = MIS Quarterly \| volume = 46 \| issue = 2 \| pages = 911–946 \| doi = 10.25300/MISQ/2022/15392}}</ref>▼ ==Classification== Line 20 ⟶ 22: Exploits unknown to everyone except the people that found and developed them are referred to as ''[[Zero-day (computing)\|zero day]] or “0day” exploits''. ▲Exploits are used by hackers to bypass security controls and manipulate system [[Vulnerability (computing)\|vulnerabilities]]. Researchers have estimated that this costs over $450 billion every year from the global economy. In response, organizations are using cyber threat intelligence to find their vulnerabilities and preventing hacks before they happen.<ref>{{Cite journal \|last1=Indiana University, Bloomington \|last2=Samtani \|first2=Sagar \|last3=Chai \|first3=Yidong \|last4=Hefei University of Technology \|last5=Chen \|first5=Hsinchun \|last6=University of Arizona \|date=2022-05-24 \|title=Linking Exploits from the Dark Web to Known Vulnerabilities for Proactive Cyber Threat Intelligence: An Attention-Based Deep Structured Semantic Model \|url=https://misq.umn.edu/linking-exploits-from-the-dark-web-to-known-vulnerabilities-for-proactive-cyber-threat-intelligence-an-attention-based-deep-structured-semantic-model.html \|journal=MIS Quarterly \|volume=46 \|issue=2 \|pages=911–946 \|doi=10.25300/MISQ/2022/15392}}</ref> ===Types===

Exploit (computer security): Difference between revisions