An exploit is a way for a criminal or hacker to gain access to, or take advantage of, a vulnerability or flaw in a computer system. Exploits can be entered through specialized software, as manual commands, or by using data chunks and other techniques. An exploit will typically be followed up with data theft or other damage to an organization’s data and IT systems.
Terms related to Exploit: Vulnerability, Phishing, Privilege Escalation, Denial of Service (DoS) Attack, Distributed Denial of Service (DDos) Attack
Most hackers will use exploits to gain a senior level of access to a system, for example root, administrator, or superuser access. This allows them the greatest access to sensitive systems, applications, and data. Other types of exploits may allow a hacker to gain low-level access and then use a technique called “privilege escalation” to gain senior level access.
A popular type of exploit is the “pivot” (also known as a multi-layered attack or island hopping) where a hacker will gain access to one system and then use that access to compromise connected systems and data.
Typically, when a technology vendor learns of an exploit, they will develop and issue a patch that prevents the exploit being used. It is essential that organizations install and deploy these patches as quickly as possible, to minimize their attack surface.
Other defences against exploits include vulnerability scanning and assessment, and penetration testing. These can identify potential flaws in the IT ecosystem that could be exploited, and patching these gaps early will lead to less risk of an exploit attack.
IT security professionals should manage exploits and vulnerabilities as part of a high-level IT security risk management plan.