Introduction

What?

Bugs are programming errors and are usually well-defined and named, in software or hardware. Vulnerabilities are bugs which can be taken advantage of to achieve an unintended or unanticipated behaviour. A Risk (Threat) may materialise, if someone decides to take advantage of a vulnerability and exploit it.

An exploit is a piece of code, a program or data which takes advantage of a vulnerability to achieve an unintended or unanticipated behaviour (materializing the risk) in the software that contains a bug. A payload is the part of transmitted data that is the actual intended message to cause the unintended or unanticipated behaviour.

Why?

  • Remote exploits are codes with purpose to exploit a vulnerability on a remote system without having any prior access to it.

  • Local exploits are codes with purpose to exploit a vulnerability locally on the system where we already have a foothold. These exploits are almost always privilege escalation exploits with the aim to increase our privileges to a higher (preferably Administrator/Domain Admin/NT Authority\System/root) level to gain complete control over the resources of the target system.

How?