Back to all activities

Vulnerability Research

Summary

After scanning and identifying which (if any) vulnerabilities are present within the software and systems of an organization, dig deeper to understand the impact of these vulnerabilities, possible evidence that they may have been exploited, and develop recommendations to remediate and avoid future instances of unpatched vulnerabilities.

Considerations

    • Treat the data and analyses of this step with the utmost security.
    • Use VPNs or Tor to search if conducting the search from a country that is highly competitive with the organization's country, or is known to surveil.

Walkthrough

    After completing an automated vulnerability scan (network, system, webapp) and documenting findings, you can now move into vulnerability research:

    • Reviewing your findings by researching on public vulnerability Databases about the vulnerability that you have found.
    • Identify and enumerate risks involved for a certain vulnerability
    • Formulate a mitigation plan or recommendations

    Below is a list of some of the most common vulnerability databases: - National Vulnerability Database - Exploit Database - Rapid 7 Vulnerability & Exploit Database - SecurityFocus BugTraq Database - WPScan Vulnerability Database - PacketStorm - CVEDetails - KB CERT - Skybox Security

    Validation: Each of your findings, once reviewed and documented will be enough for your report. However, if you and the organization agreed to verify findings and vulnerability truly exist, you may refer to Penetration Testing resources within SAFETAG framework.

    Expected Outputs

    • Lists of OVAL/CVE identifiers for each possibly vulnerable service/system.
    • Examples of live exploits for vulnerabilities where possible.
    • A short write up of each vulnerability including how it was identified.
    • The cleaned up output from any tests used to identify the vulnerability.

Recommendation

    • Where Windows OS is found to be consistently vulnerable and frequently targeted as an attack vector, you may recomend HardenTools, a utility designed to disable a number of "features" exposed by Windows which are generally useless to regular users and are very commonly abused by attackers to execute malicious code on a victim's computer.
    • Where the organization is using Microsoft 365 for their domain and device management, consider recommending Attack Surface Reduction
    • Consider Patch Management and Vulerability Management tools. Mainly these are commercial paid solutions, however non-profit discounts may be available. See Automox or Flexera Vulnerability Manager.
    • Organizations can receive ongoing vulnerability monitoring of publicly-exposed assets by Security Scorecard by applying to Project Escher.