My cybersecurity career spans a little over 18 years with over half spent in offensive security, working as a pentester and red team operator. During my offensive security career, I have seen the use of pentesting and red teaming grow. These are no longer mysterious occupations that are virtually unknown. Organizations are seeing the value of pentests to improve their security posture. In some cases it is just used for compliance, which can impose restrictions on truly utilizing offensive security to its full potential, but I am going to get off my soapbox for now and save that discussion for another day. Today we are going to discuss exploit intelligence.
Offensive security professionals use exploits (i.e., well crafted code, commands, data, etc. that can leverage a vulnerability) during their assessments for exploitable vulnerabilities that they discover. There are popular exploit databases or repositories that are used to download the latest exploits, as well as exploitation tools such as Metasploit, that practitioners and threat actors use to compromise their targets.
Offensive security professionals also use the same techniques and tools that threat actors use to get a more holistic view of the security posture of a target, or organization as whole. The exploit databases have mainly been a tool for offensive security professionals, but the ability to understand threats goes beyond the offensive team and is needed by the defenders. Defenders are better equipped to protect against potential threats when they understand the attack vectors available to attackers. While they can educate themselves on offensive security, it already takes much of their time just staying current with defensive tools and strategies.
This mindset of defenders learning the offensive arts is evolving with resources such as MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) available to help understand TTPs (Tactics, Techniques, and Procedures) used by threat actors. Equipping defenders with exploit intelligence is a way we can help defenders level-up in a shorter period of time and learn the offensive security side of things.
As a further evolution of resources for defenders, CyCognito has introduced Exploit Intelligence as part of the CyCognito platform. This set of exploit intelligence includes information on emerging threats and the exploits that affect externally exposed assets, such as the associated CVEs, exploits, as well as the step-by-step details on how to safely exploit the vulnerable asset. This helps prioritize what to remediate first based on the real risk of the vulnerability and the security team’s validation and confidence that the organization is at risk. Exploit Intelligence and the CyCognito platform as a whole helps optimize EASM (External Attack Surface Management) efforts allowing security staff to spend more time remediating and improving your organization’s security posture.
Exploit Intelligence helps security teams operationalize remediation for critical threats. To learn more, watch the on-demand webinar “How Exploit Intelligence Identifies and Accelerates Remediation of Critical Risks to Your External Attack Surface” where Ed Amoroso, CEO of TAG Cyber, and Anne Marie Zettlemoyer, CSO of CyCognito, discuss how applied threat intelligence can map to your external attack surface, prioritize exploitable vulnerabilities, and provide clear remediation steps.
Offensive Security Evangelist, formerly at CyCognito, Phillip Wylie is a cybersecurity professional and offensive security SME with over 18 years of experience, over half of his career in offensive security. He is a former college adjunct instructor and published author. He is the concept creator and co-author of The Pentester Blueprint: Starting a Career as an Ethical Hacker and was featured in the Tribe of Hackers: Red Team.
Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.
Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.
Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.
Discover insights on application security, exposure management and other key topics below.
The definitive guide to attack surface management. Learn everything you need to know to reduce your cyber security risk with attack surface management.
Exposure management is a set of processes which allow organizations to assess the visibility, accessibility, and risk factors of their digital assets.
Vulnerability assessment is the process of identifying, quantifying, and prioritizing vulnerabilities in a system.
Explore CyCognito modules ASM, AST and EI in the resources below.
Scalable, continuous, and comprehensive testing for all external assets, all the time.
CyCognito Automated Security Testing dynamically applies payload-based testing techniques across your entire external attack surface.
CyCognito Exploit Intelligence uses threat intelligence about attackers’ behavior and exploitability for enhanced prioritization.