Exploitation

Definition

Exploitation is the moment in a cyber attack when an attacker takes advantage of a weakness in a system to gain access or carry out harmful actions. The weakness could be outdated software, a misconfiguration, or a weak password. When exploitation succeeds, the attacker changes from being an outsider to someone with real influence over the system.

In the Cyber Kill Chain model, exploitation occurs after reconnaissance and weaponization. The attacker prepares a method of attack, delivers it to the target, and then uses a vulnerability to make the payload execute. This step is what turns an attempted intrusion into a meaningful compromise.

Common methods of exploitation include:

* Triggering a software vulnerability with a specially crafted request
* Getting a user to open a malicious file that executes code
* Guessing or stealing login credentials to gain unauthorized access
* Abusing a server that is exposed to the internet without proper security controls

**Example**
An organization runs a web server with a known flaw. An attacker scans the server, identifies the vulnerability, and sends a request that causes the server to run code they supplied. The attacker now has remote access inside the network.

**Why it matters**
Exploitation represents a turning point in an attack. If defenders block or detect this step, they prevent the attacker from advancing further into the environment. This is why patching, strong authentication, network monitoring, and regular security reviews are critical parts of defense.

Exploitation

Definition

Explore More Terms