by Andrea Cavallini
Exploit is the goal that an attacker has in order to compromise a system, a service or an infrastructure. Finding a vulnerability and trying to exploit it in a specific context or perimeter is one of the cyber criminal’s major activities, with various methodologies used to get a breach or a leak for a compromise. Controlling a compromised system and maintaining access to it after the breach is the dream for every attacker: GUI can be affected by buffer overflow, for example, web service can be vulnerable to remote command execution or SQL/XSS injections and, in general, an attacker can use these vectors manually, by scripting or program languages, such as Python.
Python is one of the most powerful programming languages used to build hacking frameworks. In addition to the modularity, its strength is the simplicity that allows, with the use of a large set of libraries, one to run low-level actions at the operating system level (for example, a module request is used to perform TCP calls, such as HTTP or HTTPS, like the curl command is usually done), manage file or string encryption (by module cryptography or something else) or execute particular and directed operating system commands (using module subprocess). Joining these modules together and writing custom code, it can be possible to exploit vulnerabilities evidenced, for example, in specific CVE (the Common Vulnerabilities and Exposures system used to....
Author
Latest Articles
- OfficialFebruary 24, 2023ESXi - VM exploited with Python
- OfficialFebruary 24, 2023RAT: Trojan Access Remote
- BlogAugust 5, 2020Modbus Traffic Capture Analysis [FREE COURSE CONTENT]
- BlogFebruary 23, 2018Why Machine Learning is More Likely to Cure Cancer Than to Stop Malware - Webinar on Feb 27th 3 PM EST!
Thanks for reminding me of the ongoing cat and mouse game between security professionals and cyber criminals.
Bullshit