Whenever an attacker identifies a security vulnerability in a software application—for example, a mail server, a web server, a DNS server, an ftp server, a firewall system, or other devices—the goal is usually to gain leveraged access into the target system. There are many types of security vulnerabilities. The most common are buffer overflow and stack overflow. Generally, overflow vulnerabilities causes the software application to do something that it is not meant to.
In order to exploit these vulnerabilities to gain leveraged privileges on the target system, a hacker is required to write a piece of source code called “an exploit”. This will take advantage of the identified security vulnerability and push the software to the limit, breaking it and, in the breaking process, gaining leveraged access to the target system with the same privileges as the given program that is being attacked.
What is the difference between launching a real attack
Doing a vulnerability scan is a harmless process that uses many ingenious techniques in order to identify vulnerable applications on a targeted system. This could be done by relying on version banners from the software, searching for the whereabouts of vulnerable files, identifying old, non-patched software, and many other techniques.
How they are doing a vulnerability scan?
Keep in mind though that you aren't a savvy hacker that's willing to break into the target system in order to gain leveraged privileges, so the above tactics aren't 100% reliable. That's the limit of a simple vulnerability scan.
Why is it important to launch a real exploit?
It is important to launch a real exploit against your system in order to determine as realistically as possible how effectively your patches are working. You'll also get to check whether or not you're running the latest versions and service packs on your system.
What are the risks of launching a real exploit?
A vulnerability scan that only relies on version banners or on the presence of known vulnerable files and/or other techniques is a very smooth process designed to not harm anything in your system and tends to not be overly aggressive at all. Even though the SecPoint Exploitation framework has been designed to minimize risks, there will always be a risk of crashing the target application when launching a real exploit.
It is therefore highly recommend for you to test all your preproduction systems by launching real exploits at them, so when they go online in a production environment, you are ensured the high security of these systems. However, it is still necessary to test your production systems continuously because new threats occur on a daily basis.