Offensive security
Offensive security is a company that work in information security.
They provide tools, certification and even training courses.
They are particularly behind the well know Kali Linux distribution which succeeds BackTrack.
Kali linux is at this day very used in security and is one of the best distribution for pentesting.
Offensive security's vision is that there is a huge gap between "defensive" and "offensive" security.
Their goal is to reduce this gap based on the motto that the best defense is the attack.
Indeed, the best way to protect ourself from attackers is to know how they perform their attacks.
Others offensive security's projects include Metasploit, Kali NetHunter, Google Hacking Database and Exploit-db.
It is this last project that we will discuss about in this post.
If you are into security or just curious, feel free to consult their site.
Exploit-db
Exploit-db is a database that lists various known exploits. It contains proofs of concept or sometimes just the
right way to exploit a known vulnerability.
If you are a Kali's user, the database is available with the searchsploit command. It is not a problem if you are not using
kali right now as you can consult the database on the site.
Those exploits are useful as they can be used when performing a pentest to exploit a discovered vulnerability with the ultimate aim
of obtaining administrator rights on a compromised machine.
Number of exploits in the Database
We can see on the previous graph the number of exploits entered in the database by year.
The real beginning of the use of exploit-db is around 1997. It can be seen that at this time there were not
many exploits listed. This is undoubtedly because at that time security was less present in people's mind.
We can see that this state of mind changes around 2005. Indeed, we can estimate that it is at this time
that the security information become more preoccupying and more widespread.
But then why the number of exploit drops drastically from 2011 ?
Security is no longer the taste of the day ? Of course not, it stills really preoccupying.
Are our systems more secure ?
The number of malware developed, and the number of press articles telling about large companies
that have suffered an attack show us that this is not the case.
So why does the number of listed exploits go down ?
This is because of a new type of market. This is a market of vulnerabilities and exploits.
Where a good person who has found a 0day vulnerability or designed
a PoC to exploit it will shows his work to the community and make it available so that others users can
correct the vulnerability; a less well intentioned person will sell his work.
Selling vulnerabilities and exploits can indeed be very lucrative. McAfee estimates that the cost of
cybercrime and
cyberespionage is somewhere around
$160 billion per year. From there, it is easy to say that 0day exploits are as precious as gold, sometimes even more !
So our system will never be 100% secure, it will never be possible. Security is improving, but the exploits become more complex and therefore have more value. It is very difficult to estimate how vulnerabilities market will evolve but this is a problem that shall not be underestimate. Even if we will not dig any more on the market subject on this post, we invite you to dig on your side.
Number of exploits per type and platform
Let's take a look at the number of PoC per platform and type.
As you can see the php platform has a lot of PoC on webapps. This is because php is really widespread
in webapps developments and its easiness of use increase the risk of having security faults,
by developments design. Indeed, if the php developer doesn't care about security but only about features,
he will have a less secured application. It doesn't mean that php is less "secured",
it means that it is more permissive that another language (like java for instance) and therefore
it makes it easier to introduce programming errors and then security breaches.
Now about platform, we can see that the number of PoC is proportional to the number of a given platform'users. That doesn't means that there is really a platform better than any others. That means that there will be more research on a platform because it is more used. If we look at the types of the exploits regardless of the platform, we can see that this is the same conclusion we made before. The number of exploits per type depends of the use of this one. As you can imagine, webapps are more widespread than operating systems(for local type) and so, there are more exploits on webapps than on local. It too is easier to deploy a webapp than an OS. So not every people that develop web application will be focused in security. However, we can assume that people who will develop operating system are more likely to have a better background in computer science and will take care of the security of the OS as it also contains more valuable data than some no too critical web applications.
Conclusion
As we have seen in this post, a database of known exploit is very useful. By having access to these exploits,
it is possible to test our application to ensure a good security. Although a 100% security does not exist,
exploit-db allows us to attest to a relative security at a given moment when performing pentest or
other security assessments.
Let's hope that a database like this resists to the market of vulnerabilities. Indeed, as we saw there are
fewer entries theses times in the database. This implies that some exploits already developed or even in use
are not known, or kept secret.
It is therefore harder to protect yourself. Let's hope that the "defensive" part of the information system
security evolves quickly enough to warn us of these exploits as much as possible.
Start year : End year :
Note that this short article is only an analysis on a PoC database, so it is only a very small part of computer security. Nevertheless we encourage you to join this awesome community of security enthusiasts.
Galahad and AvendoBlackSources: