Let's first get a general idea of what a vulnerability is
A vulnerability in cybersecurity is defined as a weakness or flaw in the design, implementation or behaviours of a system or application
This definition isn't a perfect one, in fact, the definition varies from source to source. NIST defines a vulnerability as a “weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source”. However, the general idea remains the same.
Vulnerabilities in general can be categorized into 5 broad types with respect to their sources/causes:
| Type | Description |
|---|---|
| Operating System | Found within Operating Systems (OSs) and often result in privilege escalation. |
| Configuration/Misconfiguration | Stem from an incorrectly configured application or service. Examples include a website exposing customer details, and even left-out default credentials that should've been changed |
| Application Logic | Stem from poor application design. For example, a website with shitty encryption for authentication |
| Human-Factor | Vulnerabilities that leverage human behaviour. For example, phishing emails are designed to trick humans into believing they are legitimate. |
Yes, I ripped this table straight from TryHackMe's Vulnerabilities 101 room, and I recommend you visit that room since it's a literal treasure trove. I'll be using certain sections from it to explain many things, but it'll be a short explanation rather than a verbose one like the one in said room.
On the big shiny public forums and "vulnerability scoring" websites, each vulnerability has a quantitative qualifier attached to it. There are several methods of going about this "scoring" business but here are some popular ones:
- Common Vulnerability Scoring System (CVSS)
- Vulnerability Priority Rating (VPR)
- Tripwire Vulnerability Scoring System
- IP360 Scoring
The last two are a bit uncommon, but it's good to know them. Here's a dumb way to refer to each of these system's scoring:
| Score/Rating | Reaction/Inference/IDK just understand what you will :P |
|---|---|
| Low-Medium | "Meh"; Low-money bounties; "Meh, Let's just fix this when we feel like it" |
| High | "Nice!"; Medium money bounties; "Okay, better fix this quick" |
| Critical | "OOOOO"; Money's rainin' boys; "AAAAAA, FIX THIS ASAP!!" |
There are a lot of vendors that enlist/sell exploits online so it's a good idea to be familiar with them if you can:
- ExploitDB: https://www.exploit-db.com/
- 0day.today: https://0day.today/
- Packet Storm Security: https://packetstormsecurity.com/about/
- CIRCL: https://circl.lu/mission/
- VulnDB: https://vuldb.com/
TODO: add more on this...