"Finding a risk is learning, the ability to identify risk exposure is a skill, and exploiting it is merely a choice."
The goal of passive and active reconnaissance is to identify the exploitable target, and the goal of the vulnerability assessment is to find the security flaws that are most likely to support the tester's or attacker's objective (denial of service, theft, or modification of data). The vulnerability assessment during the exploit phase of the kill chain focuses on getting access to achieve the objective mapping of the vulnerabilities to line up the exploits to maintain persistent access to the target.
Thousands of exploitable vulnerabilities have been identified, and most are associated with at least one proof-of-concept code or technique to allow the system to be compromised. Nevertheless, the underlying principles that...
