Back to all activities

Vulnerability Research


After scanning and identifying which (if any) vulnerabilities are present within the software and systems of an organization, dig deeper to understand the impact of these vulnerabilities, possible evidence that they may have been exploited, and develop recommendations to remediate and avoid future instances of unpatched vulnerabilities.


    • Treat the data and analyses of this step with the utmost security.
    • Use VPNs or Tor to search if conducting the search from a country that is highly competitive with the organization's country, or is known to surveil.

Walk Through

    After completing an automated vulnerability scan (network, system, webapp) and documenting findings, you can now move into vulnerability research:

    • Reviewing your findings by researching on public vulnerability Databases about the vulnerability that you have found.

    • Identify and enumerate risks involved for a certain vulnerability

    • Formulate a mitigation plan or recommendations Below is a list of some of the most common vulnerability databases:

      Expected Outputs

    • Lists of OVAL/CVE identifiers for each possibly vulnerable service/system.

    • Examples of live exploits for vulnerabilities where possible.

    • A short write up of each vulnerability including how it was identified.

    • The cleaned up output from any tests used to identify the vulnerability.


    • Where Windows OS is found to be consistently vulnerable and frequently targeted as an attack vector, you may recomend HardenTools, a utility designed to disable a number of "features" exposed by Windows which are generally useless to regular users and are very commonly abused by attackers to execute malicious code on a victim's computer.
    • Where the organization is using Microsoft 365 for their domain and device management, consider recommending Attack Surface Reduction
    • Consider Patch Management and Vulerability Management tools. Mainly these are commercial paid solutions, however non-profit discounts may be available. See Automox or Flexera Vulnerability Manager.
    • Organizations can receive ongoing vulnerability monitoring of publicly-exposed assets by Security Scorecard by applying to Project Escher.