Exploit (computer security)

An exploit is a method or piece of code that takes advantage of vulnerabilities in software, applications, networks, operating systems, or hardware, typically for malicious purposes.

While an exploit by itself may not be a malware, it serves as a vehicle for delivering malicious software by breaching security controls.

Attackers may use multiple exploits in succession to first gain low-level access and then escalate privileges repeatedly until they reach the highest administrative level, often referred to as "root."

Exploits against client applications may also require some interaction with the user and thus may be used in combination with the social engineering method.

Another classification is by the action against the vulnerable system; unauthorized data access, arbitrary code execution, and denial of service are examples.

A zero-click attack is an exploit that requires no user interaction to operate – that is to say, no key-presses or mouse clicks.

Pivoting is usually done by infiltrating a part of a network infrastructure (as an example, a vulnerable printer or thermostat) and using a scanner to find other devices connected to attack them.