VAPT & Exploits, along with Classification of Exploits
International Journal of Computer Science and Engineering |
© 2022 by SSRG - IJCSE Journal |
Volume 9 Issue 3 |
Year of Publication : 2022 |
Authors : Sheetakshi Shukla, Tasneem Bano Rehman |
How to Cite?
Sheetakshi Shukla, Tasneem Bano Rehman, "VAPT & Exploits, along with Classification of Exploits," SSRG International Journal of Computer Science and Engineering , vol. 9, no. 3, pp. 1-4, 2022. Crossref, https://doi.org/10.14445/23488387/IJCSE-V9I3P101
Abstract:
Vulnerability assessment and penetration testing is a process done at every level in cyber security due to regular attacks and the problems created by the attackers, either for personal or professional reasons. On the other hand, Exploits are the main asset of Vulnerabilities. This paper aims to classify the exploits based on their existence. Also, this paper tries to give a fair judgment to review Vulnerability Assessment and Penetration Testing with Exploits. Along with some awareness and prevention techniques. A study on preventive and defensive measures could be taken from the view of any Penetration Tester. Detailed Classification of Exploits and their existence is the main aspect of this paper.
Keywords:
Classification of Exploits, Exploits, Penetration Testing, Vulnerability Assessment, Zero-Day Attacks, Zero-Day Exploits.
References:
[1] Vikash Kumar, and Ditipriya Sinha, “A Robust Intelligent Zero Day Cyber Attack Detection Technique,” Complex & Intelligent Systems, vol. 7, no. 5, pp. 2211-2234, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Andrew Johnson, and Rami J.Haddad, “Evading Signature Based Antivirus Software using Reverse Exploit Shell-Code,” In IEEE Southeastcon, pp. 1-6, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[3] Ajjarapu Kusuma Priyanka, and Siddemsetty Sai Smruthi, “Web Applicationvulnerabilities: Exploitation and Prevention,” Second International Conference on Inventive Research in Computing Applications (ICIRCA), pp. 729-734, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Olufogorehan Tunde-Onadele et al., “A Study on Container Vulnerability Exploit Detection,” In IEEE International Conference of Cloud Engineering, pp. 121-127, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Xin Zhou, and Jianmin Pang, “Expdf Exploit Detection System Based on Machine Learning,” International Journal of Computational Intelligence Systems, vol. 12, no. 2, pp. 1019 – 1028, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Yugansh Khera et al., “Analysis and Impact of Vulnerability Assessment and Penetration Testing,” International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COMITCon), pp. 525-530, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[7] Jukka Ruohonen, “Classifying Web Exploits with Topic Modelling,” In International Workshop on Database and Expert Systems Applications, IEEE, pp. 93-97, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Tiffany Bao et al., “Your Exploit is Mine-Automatic Shellcode Transplant for Remote Exploits,” In IEEE Symposium on Security and Privacy, pp. 824-839, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Richard Ciancioso, Danvers Budhwa, and Thaierhayajneh, “A Framework for Zero-Day Exploit Detection and Containment,” IEEE 3rd International Conference on Big Data Intelligence and Computing and Cyber Science and Technology Congress, pp. 663-668, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[10] Prashant S. Shinde, and Prof. Shrikant B. Ardhapurkar, “Cyber Security Analysis Using Vulnerability Assessment and Penetration Testing,” In IEEE Sponsored World Conference on Futuristic Trends in Research and Innovation for Social Welfare, pp. 1-5, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Ivan Nikolaev, Martin Grill, and Veronica Valeros, “Exploit Kit Website Detection Using HTTP Proxy Logs,” In IEEE ACM International Conference Proceeding Series, pp. 120-125, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Phongphun kijsanayothin, and Rattikorn Hewett, “Exploit Based Analysis Attack Models,” IEEE 12th International Symposium on Network Computing and Applications, pp. 1-4, 2013.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Deshen Fu, and Feiyue Shi, “Buffer Overflow Exploit and Defensive Techniques,” In IEEE 4th International Conference on Multimedia and Security, pp. 87-90. 2012.
[CrossRef] [Google Scholar] [Publisher Link]
[14] EC-COUNCIL, CEH-Ethical Hacking and Countermeasures, vol. 1.
[15] David Kennedy et al., Metasploit- A Complete Penetration Testing Guide, pp. 1-332, 2011.
[Publisher Link]
[16] The Offensive Security, 2020. [Online]. Available: https://www.offensive-security.com/metasploit-unleashed/completing-exploit/
[17] Improving Vulnerability Remediation Through Better Exploit Prediction, 2020. [Online]. Available:
https://academic.oup.com/cybersecurity/article/6/1/tyaa015/5905457
[18] 2020. [Online]. Available: https://www.avast.com/c-exploits#gref
[19] Graphology of Exploits, 2020. [Online]. Available: https://research.checkpoint.com/2020/graphology-of-an-exploit-volodya/