Security News > 2020 > December > 6 Questions Attackers Ask Before Choosing an Asset to Exploit

Attackers don't have time to look at every asset in depth - the number of which can run in the tens of thousands for a large enterprise.

The attacker's perspective on how an attacker evaluates assets to go after and exploit on an attack surface begins by answering six questions.

Depending on the service and its deployment, a web-server target could report anything from no server identifier to the specific server name - "Apache" or "Apache 2.4.33." If attackers can see the exact version of a service in use and its configuration, they can run precise exploits and attacks, maximizing chances of success and minimizing odds of detection.

Attackers must consider the cost and likelihood of actually pwning an asset.

Attackers assess applicability to understand the potential to create and use an exploit beyond a single instance.

News URL

https://threatpost.com/6-questions-attackers-ask-exploit/162651/