🌟
Noel's Cyberkshetra Blogspace
LinkedIn ProfileGithub ProfilePersonal Blogspot
  • Welcome to my Gitbooks Page
  • 💽Let's Defend Blue Team Walkthroughs
    • SOC164 - Suspicious Mshta Behavior Alert
    • SOC147 - SSH Scan Activity Alert
    • SOC146  -  Phishing Mail Detected Alert
    • SOC145 - Ransomware Detected Alert
    • SOC144  -  New scheduled task created Alert
    • SOC143 - Password Stealer Detected Alert
    • SOC141  -  Phishing URL Detected Alert
    • SOC141 - Phishing URL Detected Alert
    • SOC137 — Malicious File/Script Download Attempt: A Walkthrough
    • SOC109  -  Emotet Malware Detected Alert
    • SOC104 - Malware Detected Alert
    • SOC101  -  Phishing Mail Detected Alert
    • HTTP Basic Auth: Let's Defend DFIR Challenge
    • ShellShock Attack: Let’s Defend Challenge
    • 2021’s 0-Day MSHTML: Let's Defend Lab
  • 🤺BTLO Walkthroughs
    • BTLO: Network Analysis-Web Shell Challenge
    • BTLO: Suspicious USB Stick Challenge
  • 💒WiCYS CyberStart
    • Chapter 1 - Amsterdam A Running Start
      • WiCYS CyberStart (Amsterdam) Challenge 1
      • WiCYS CyberStart (Amsterdam) Challenge 2
      • WiCYS CyberStart (Amsterdam) Challenge 3
      • WiCYS CyberStart (Amsterdam) Challenge 4
    • Chapter 2 - Tokyo Patterns of Behaviour
      • WiCYS CyberStart (Tokyo) Challenge 1
      • WiCYS CyberStart (Tokyo) Challenge 2
      • WiCYS CyberStart (Tokyo) Challenge 3
      • WiCYS CyberStart (Tokyo) Challenge 4
    • Chapter 3 - Barcelona In the thick of it
      • WiCYS CyberStart (Barcelona) Challenge 1
      • WiCYS CyberStart (Barcelona) Challenge 2
      • WiCYS Cyberstart (Barcelona) Challenge 3
      • WiCYS CyberStart (Barcelona) Challenge 4
  • 📕Technical Cyber articles
    • An in-depth analysis of an Intrusion Prevention System
    • DevSecOps-Making a difference from traditional DevOps
    • CVE - 2020–1472 (Zerologon Vulnerability)-Exploitation & Remediation
    • Computer Forensics Acquisition
    • Cyber Hygiene Tips
    • Hack your System - Linux Edition
    • Markovian Parallax Denigrate-Breaking the cipher
    • SIEM-Incorporating Incident Response into Network Security
    • Social Engineering-A leading cause for vulnerability occurrence
    • Report Writing in Digital & Multimedia Forensics
    • Zero-Day Vulnerabilities: A short overview
    • Zero Trust Network Access-A solution to Network Security
  • 🧑‍💻Hack The Box : Starting Point Machines
    • Meow
    • Fawn
    • Dancing
    • Redeemer
Powered by GitBook
On this page
  • What exactly is it?
  • Who could be at risk?
  • Umm..malware?
  • Ok, what do we do to identify this?
  • Prevention Measures
  1. Technical Cyber articles

Zero-Day Vulnerabilities: A short overview

What is a Zero-day vulnerability?

PreviousReport Writing in Digital & Multimedia ForensicsNextZero Trust Network Access-A solution to Network Security

Last updated 3 years ago

What exactly is it?

The vulnerability in question unknowingly exists within the application or software, that is released by the developers. The software is quickly probed over by the potential attacker, checking every nook and corner for a possible backdoor or exploit. Once a weak spot is found, an attack is made. Crucially, it is done before the manufacturer detects the flaw with the software and configures it.

Who could be at risk?

Everyone, ranging from the common layman to the specialized users can be affected. It depends on the malware unleashed by the attacker, on the software, hence causing the vulnerability. The miscreant can be driven. targeting financial gain, data theft, or other motives. Specifically, government-produced applications, MNC, and organizations are targeted.

Umm..malware?

To make it simple, we define it as buffer overflow and stack overflow attacks. It involves feeding more bytes of data into a buffer or stack data structure, than the required limit (ranges with the size of buffer and stack).

Ok, what do we do to identify this?

There is a rare chance of detecting the exploit. That’s what makes it a severe threat, in the first place. However, a few steps can be taken to identify it. They are: -

a)Monitoring Techniques-The activity timeline of the software is constantly on watch and detects unusual traces of activities, which raises flags of possible vulnerabilities being taken advantage of. b) Honeypot Technique-Honeypots can be implemented, catch the hacker in the act, by analyzing attack and brute force attempts.

c)Heuristic Approach-To eliminate the vulnerability, using a quick and efficient solution

Prevention Measures

  • Regular updating of OS and device drivers

  • Enforcing the use of IPSec protocol and Wi-Fi 2 protected access on networks

  • Having a Zeroday Emergency Response Team close at hand

📕