icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Exploit Frameworks

by Andrew Freeborn
March 2, 2016

Organizations of all size are faced with the challenges of maintaining a successful patch management program. In many cases, vulnerability scans and software updates are only performed on a monthly basis. The lack of visibility into the network and systems in between active scans can result in an increased risk to the organization. This point-in-time method of scanning and updating can result in systems being missed if it is not on the network or available during the scan window.

One vulnerability is often times the only necessary piece needed to gain a foothold in an environment. As an example, a network could be compromised due to a vulnerability found in out of date office productivity software, PDF viewer, or a browser. Exploitation framework tools contain capabilities to detect and exploit these vulnerabilities.

The vendors of these software packages are continually adding exploits to their platform. Internal security teams and malicious actors alike can use the same tools to detect and exploit vulnerabilities. As some of the software exploitation tools are free, the bar of entry is minimal and can open up organizations to easy to perform attacks.

This report can assist analysts in identifying vulnerabilities detected within the organization. Specifically, the report detects vulnerabilities that can be exploited by exploitation frameworks. Analysts can focus on the exploitable vulnerabilities to help reduce the risk to the organization. These specific exploitable vulnerabilities can present a heightened risk depending on the vulnerability and location in the organization. Analysts using this report can be more efficient at prioritizing efforts by knowing more about the vulnerabilities present in the organization.

Within this report, analysts can find detailed information relating to the vulnerabilities exploitable by exploitation frameworks. The detailed information includes the host, vulnerability, and related information for each exploitation tool. There are also tables reporting vulnerabilities by plugin family, Microsoft bulletins, and CVE. Depending on the reporting metrics used within the organization, analysts can potentially compare the information from this report to their metrics for quick analysis.

Depending on the number of exploitable vulnerabilities in the organization, this report can be large. Detailed information of hosts with exploitable vulnerabilities by exploitation frameworks is provided. With each host and associated vulnerability, detailed information is provided to assist analysts and administrators to fix or mitigate the issue.

The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the SecurityCenter Feed under the category Threat Detection & Vulnerability Assessments. The report requirements are:

  • SecurityCenter 4.8.2
  • Nessus 6.5.4

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. Our family of products includes SecurityCenter Continuous View (CV), Nessus, Passive Vulnerability Scanner (PVS), and Log Correlation Engine (LCE). SecurityCenter CV provides the most comprehensive and integrated view of network health, and is the global standard in detecting and assessing network data.

This report contains the following chapters:

  • Executive Summary: This chapter provides an overview of the exploitable vulnerabilities in the organization
  • Bad Autoruns: This chapter is a summary of exploitable vulnerabilities with Bad Autoruns
  • Canvas: This chapter is a summary of exploitable vulnerabilities with the Canvas exploitation framework
  • Core Impact: This chapter is a summary of exploitable vulnerabilities with the Core Impact exploitation framework
  • Elliot: This chapter is a summary of exploitable vulnerabilities with the Elliot exploitation framework
  • ExploitHub: This chapter is a summary of exploitable vulnerabilities with the ExploitHub exploitation framework
  • Malware: This chapter is a summary of exploitable vulnerabilities with malware
  • MetaSploit: This chapter is a summary of exploitable vulnerabilities with the MetaSploit exploitation framework
  • Exploit Framework Details: This chapter provides detailed information of hosts affected with exploitable vulnerabilities