Part One: Exploits, Payloads, and Vulnerabilities.

Photo by FLY:D on Unsplash

Part One: Exploits, Payloads, and Vulnerabilities.

Offensive Cyber Security 101

Bismillah.

One of the most confusing parts of offensive cybersecurity is understanding the basics. For instance, how do you tell the difference between a white-hat hacker and a black-hat hacker? How do you know where to stop when hunting for bounties the first time? What is the difference... (That one question in your head)

In this new basics series, I'll be writing about a few things that can help both young professionals and ordinary guys learn something new about cybersecurity every week.

In this article, I'll start by sharing a brief of what offensive security entails, and then we can jump into exploits, vulnerabilities, and payloads, to get a better understanding of what these are.

Without "foda-ado", let's get started.

Offensive Security!?A Brief Intro/Description

Offensive pen-testing is a term coined by TryHackMe in their Offensive Pentesting pathway. They do this because the pathway is specifically designed to allow the learner to practically test their labs/systems offensively(quite the explanation).

It is a combination of the terms Offensive Security and Pentesting. Offensive security is the branch of cyber security that aims to depict the actions of attackers while interacting with a system(hardware or software).

Pentesting is a sub-branch of offensive security that involves the practical action of pen-testers breaching a system with the permission of the system owner, to document and showcase the flaws that the systems have.

Now that we have that out of the way, let's discuss exploits, payloads, and Vulnerabilities.

Exploits, Payloads, and Vulnerabilities: Attack...

  1. Vulnerabilities

    In the simplest terms possible, a vulnerability in a software, hardware, or human system is a flaw in the system that attackers can take advantage of the gain unauthorized access or cause unwanted behavior to the system.

  2. Exploits

    An exploit on the other hand is the action of using vulnerabilities in the system to gain unauthorized access or cause unwanted behavior to the system. The exploit involves both the writing of code and the actions taken in attacking the system.

  3. Payloads

    As for the payload, in simpler terms, it is the piece of code that an attacker will use to perform the exploit on the target system(software, hardware or human).

You may have noticed that when referring to systems I include humans in the list, the reason why I do this is to create an understanding that hacking or attacking can be directed towards either the software itself, hardware, or the humans using the system.

For instance, if someone calls or texts you, and somehow convinces you to give up sensitive information e.g. login information(username, email, passwords, or single sign-on info), then you have been officially hacked.

In Conclusion...

You don't have to worry about this part for now, we'll get into details in a coming blog post. Simply put, a vulnerability is a flaw in a system, an exploit is the collective code and steps executed to attack a system through a vulnerability, and a payload is the actual code executed in the exploit.

Have a lovely day/night, and Asalaam Aleykum.