Exploits can be classified into five broad categories:
- Hardware: Poor encryption, lack of configuration management or firmware vulnerability.
- Software: Memory safety violations (buffer overflows, over-reads, dangling pointers), input validation errors (code injection, cross-site scripting (XSS), directory traversal, email injection, format string attacks, HTTP header injection, HTTP response splitting, [SQL injection], privilege-confusion bugs ([clickjacking], cross-site request forgery, FTP bounce attack), race conditions (symlink races, time-of-check-to-time-of-use bugs), side channel attacks, timing attacks and user interface failures (blaming the victim, race conditions, warning fatigue).
- Network: Unencrypted communication lines, [man-in-the-middle attacks], [domain hijacking], [typosquatting], poor [network security], lack of authentication or default passwords.
- Personnel: Poor recruiting policy and process, lack of security awareness training, poor adherence to [information security policy], poor password management or falling for common [social engineering] attacks like [phishing], [spear phishing], pretexting, honey trapping, smishing, waterholing or [whaling]
- Physical site: Poor physical security, tailgating and lack of keycard [access control]
In each of these categories, we can split vulnerabilities into two groups: known vulnerabilities and zero-day exploits:
- Known vulnerabilities: Exploits security researchers know about and have documented. Exploits that target known [vulnerabilities] are often already patched but still remain a viable threat because of slow patching.
- Zero-day exploits: Vulnerabilities that have not been reported to the public or listed on [CVE]. This means cybercriminals have found the exploit before developers have been able to issue a patch, in some cases the developer [may not even know of the vulnerability]