Some of these tools can effectively be used during a pentest engagement to carry out vulnerability mapping across the three classes discussed above. Kali Linux comes bundled with numerous tools for the penetration tester. Organizations have come up with the following standards that have even been implemented in many tools that can be utilized while searching for vulnerabilities. Despite these efforts, it really still is not possible to account for all coding mistakes that can be made. Vulnerability taxonomyĪs the number of technologies increases daily, there have been numerous attempts to design a taxonomy that could best cater for commonly-identifiable vulnerabilities. One common example of this is the MS08-067 Windows Server Service vulnerability, which affects Windows XP systems. These could occur from the Internet or within the network on which the vulnerable system sits. Remote vulnerabilities allow for exploitation to occur without physical access to the target system. A good example of this is the CVE-2013-0232, otherwise known as GP Trap Handler nt!KiTrap0D, which would allow an attacker or tester with access to a vulnerable Windows Server 2008 machine to gain escalated privileged access. Local vulnerabilities will require the tester or attacker to have local access to the target system in order to exploit them. The classes of vulnerabilities above will either occur locally or remotely within the target environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |