in the last video, we talked about verifying vulnerabilities against inventory.
In this video, we'll talk about classifying and Reagan risk.
So to learn the objectives, we're gonna talk about the full categories of risk.
Also, we're gonna talk about High Firmino Hacker. Thanks
get the pre assessment.
Criminal hackers do not use information gathering as a step in their process.
This is folks they actually do use information gathered as a step in the process.
So here's the full categories of risk for vulnerabilities.
important, moderate and low.
So let's jump right into it with the critical horn abilities.
which, if exploit it, would allow malicious native kowtow, execute and potentially without a use of being aware.
That's the definition
of a critical vulnerability,
so it's a dangerous exploit. It has propagation without use action.
financial standpoint, it's the most calls it cost the most.
If there was an exploited, his vulnerability
and if anything, from a reputation standpoint of the company,
it would definitely drag down the reputation
if a critical vulnerability
was successfully executed.
Now let's look at the
confidentiality, integrity and availability
and the compromise of user data as well.
So it's for it's important. It's a vulnerability, which is
which, If exploit, it would compromise data security, potentially allowing access to confidential data, or could compromise presence ING Resource is, and it uses computer.
It does look at moderate.
It exploits what they exploit a serious,
but it is easily mitigated.
Did the four configuration blocks
user action is needed and the difficulty of performing explore?
So the difficulty of performing exploit is not as extreme
but it's pretty much
to the point where it's not as dangerous, but it's dangerous enough.
So what moderate? Be careful and, if anything, be active when it comes on to remediating this vulnerability.
So the modern vulnerability is a vulnerability that is limited
to a significant degree by factors such as before configuration ordering or is difficult to exploit
that doesn't get the low vulnerability.
Exploit is extremely difficult, has minimal impact.
but is is very weak. It's a very, very low
chance that is exploit would actually work.
So not to say to put a blind eye to a little vulnerability
bridges from a infrastructure impact.
It's less than likely that it would actually happen.
the patches or the configuration of dates
that's contributed to
critical, the important or tomato vulnerabilities
most likely would cover those little vulnerabilities.
All right, so let's look at criminal hackers,
they look. They look for information gathering, scanning,
Answer. Manning tan access. Also so,
information gathering We don't directly connect to the hose.
Basically what he's a who is Look up. You can look at the who is lookups search engines. Social media searching to see products. The company uses job postings to see what software and hall, where
isn't used by the company. So as basically a back way too
check it out so you're not
directly connected to a net and in that manner,
Scanning open ports and performing thing is kind of kind of like, you know, the the banner gravity to see what operating system is in use.
We're verifying the system does have the vulnerability
gain excess were performing exploit to take over the system
We're planning a backdoor
to maintain access to the compromise system.
Says look at the post assessment.
without a user action.
Would use that action.
And without use action as well, too.
Still gonna happen both ways.
in this video went, talked about classifying and ranking risk.
we're going to talk about ashes and fix its