Exploit

An exploit is a piece of software or a sequence of commands that makes use of vulnerabilities or bugs in installed software to seize control of a computer. In general parlance, “exploit” may refer to the actual act of seizing control as well.

The compromised computer may then be used for personal gain or to launch a denial of service attack (DoS).

Exploits are among the most popular topics for research in the computer industry. Malicious intruders constantly seek to come up with new exploits to compromise new software and computers, and vendors and manufactures constantly strive to eliminate or patch bugs or vulnerabilities that allow the exploits.

Exploits can be categorized in various ways. One is the method in which the computer is compromised. Remote exploits work over a network, without the intruder having prior access to the machine. Local exploits require the intruder to have access to the machine. The exploit, once installed, acquires sufficient privileges to compromise the system.

Often, intruders make use of social engineering to implement the exploit.

Exploits are also discovered and published by members of the computer security industry, in order to improve the security of operating systems and software by pointing out their flaws. When these exploits are published, the software vendors will usually take corrective measures to protect against the exploit. As a result, some malicious individuals do not expose exploits they have discovered. These exploits are known as “Zero Day” exploits, a classification based on the time since the exploit has been publicly acknowledged.

Projects like Metasploit  serve as a repository of exploits against all operating systems and software. However, in the wrong hands, they can be used to launch actual attacks. Other resource, such as Security Docs , document exploits in an effort to educate users.