An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Zero-day attack and exploits in Cybersecurity.
Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.
- What is a Zero-Day Attack?
- What Is a Zero-Day Exploit and Why Is it Dangerous?
- Anatomy of a Zero-Day Attack
- Who are the Attackers?
- Targeted vs. Non-Targeted Zero-Day Attacks
- Zero-Day Vulnerability Trends
- Examples of Zero-Day Attacks
- The Zero-Day Market
- Zero Day Protection and Prevention
- Zero-Day Attack Protection with Cynet
A zero-day (also known as a 0-day) is a computer-software vulnerability previously unknown to those who should be interested in its mitigation, like the vendor of the target software.
- Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network.
- An exploit taking advantage of a zero-day is called a zero-day exploit, or zero-day attack.
Software vendors continuously search for overlooked vulnerabilities and upon discovering such, issue a code fix also known as ‘patch’. However, a zero-day vulnerability is a software weakness that is found by attackers before the vendor has discovered the flaw.
From time to time, vulnerabilities are discovered in computing systems. These vulnerabilities represent security holes that allow attackers to gain unauthorized access to, damage or compromise a system. Known vulnerabilities are documented in public repositories such as the National Vulnerability Database (NVD).
Both software vendors and independent security researchers are constantly on the lookout for new vulnerabilities in software products. When a vulnerability is discovered, it is the software vendor’s responsibility to quickly issue a patch that addresses the security issue – users of the software can then install the patch to protect themselves.
- A zero-day (or 0-day) attack is a software vulnerability exploited by attackers before the vendor has become aware of it. At that point, no patch exists, so attackers can easily exploit the vulnerability knowing that no defenses are in place. This makes zero-day vulnerabilities a severe security threat.
- Once attackers identify a zero day vulnerability, they need a delivery mechanism to reach the vulnerable system. In many cases the delivery mechanism is a socially engineered email – an email or other message that is supposedly from a known or legitimate correspondent, but is actually from an attacker. The message tries to convince a user to perform an action like opening a file or visiting a malicious website, unwittingly activating the exploit.
A zero-day exploit is when an attacker leverages a zero-day vulnerability to attack a system. These exploits are especially dangerous because they are more likely to be successful than attacks against established vulnerabilities. On day zero, when a vulnerability is made public, organizations have not yet had a chance to patch the vulnerability, making the exploit possible.
Something that makes zero-day exploits even more dangerous is that some advanced cybercriminal groups use zero-day exploits strategically. These groups reserve zero-day exploits for use with high-value targets, such as medical or financial institutions, or government organizations. This reduces the chance that a vulnerability is discovered by the victim and can increase the lifespan of the exploit.
Even after a patch is developed, users must still update their systems. If they don’t, attackers can continue to take advantage of a zero-day exploit until the system is patched
MIT License & cc license
This work is licensed under a Creative Commons Attribution 4.0 International License.
To the extent possible under law, Paul Veillard has waived all copyright and related or neighboring rights to this work.