Related Concepts

• Vulnerability: Defect or malfunction of an application

• Exploit: A program specifically created to attack a vulnerability

• Payload: The code behind a script that will be executed on the target

• PoC: Proof of Concept, technique, or tool that demonstrates the exploitation of a vulnerability

• Capabilities: A way to assign specific privileges to a running process

• NFS: Network File Sharing allows sharing of files and folders between networked devices, working under TCP ports 111 and 2049

• Risk Management: Identify, evaluate, and mitigate possible risks that could affect the integrity, availability, and confidentiality of a system

• Vulnerability assessment: A set of tests and practices that aim to identify a system's possible vulnerabilities. In comparison with Penetration Testing, it is just done with automated tools

• Pillaging: The process of collecting sensitive information locally on an already exploited host

• Post-Remediation Testing: Reaccess the target to verify that the reported vulnerabilities and vector attacks have been patched properly

• Banner Grabbing: Connect to a port hoping to get a response, which could help identify what service is running

• RCE: Remote Command Execution, a critical security vulnerability that allows an attacker to execute arbitrary code on a remote system or server without physical access

• Fingerprinting: Extract technical details about the technologies used in an application

• Pivoting: A technique used to reach other vulnerable systems on a network in which we have already compromised a system, even bypassing firewall rules

• Relaying: A technique to access resources present on other systems through an already compromised system on the same network