Computer exploit is a software that abuses a security vulnerability. It is written by threat actors to help achieve their goals, usually gaining access to a vulnerable system.
Based on what vulnerabilities are used, we differentiate multiple types of exploits. A zero-day exploit is abusing a zero-day vulnerability – a type of vulnerability which was not known nor patched when first used.
Bug bounty programs, the evolution of fuzz testing and modern security architectures made zero-day exploits less common and much harder to develop. But even with all the security-related development, we still see reports of zero-day exploits being used against both individuals and companies. Recent examples of zero-day attacks are IE zero-days, WordPress plugin zero-day, Chrome zero-day or iPhone zero-day.
LIFARS provides in-depth Vulnerability Assessment by pragmatically assessing the External Network (perimeter) to identify risks and vulnerabilities that could be exploited. Our methodology applies multiple interactions of Vulnerability Analysis to identify and remove false-positives to bring the most value to the company.
When a vulnerability is discovered, a patch or a mitigation is usually released by the software providers. However, not all systems are updated immediately. It might take weeks to update systems across the company, with some mission critical systems taking even longer. This gives attackers a decent time period to construct an exploit and deploy it. Such exploits are called n-day exploits, leveraging already known n-day vulnerabilities.
Such attacks emphasize the need of vulnerability management. With hundreds of vulnerabilities published monthly, companies need to have an asset register and perform vulnerability assessment frequently. It is also a good practice to warn system administrators about newly discovered vulnerabilities that affect the systems they manage.
While proper vulnerability management protects against n-day exploits, defending against zero-day exploits is nearly impossible. The best tools against them are extensive logging, network isolation and sandboxing.
Terms like zero-day and n-day are commonly used in cybersecurity and their understanding is crucial for both vulnerability management and risk assessment.