Forum Thread: What Do Professional Hackers Do When No Vulnerabilities Can Be Found

I was leaning methods to find vulnerabilities in a system when I realized most big companies or websites don't actually have many vulnerabilities, or for the matter of fact , none which could be identified(atleast by me). I want to know what would a professional penetration tester or hacker would do to find vulnerabilities which are more hidden or just very hard to find.

6 Responses

He'll try to pivot. It means that he'll try to find targets which have a link with the target, he'll exploit them, and with these hacked devices, he'll scan the main target again to see if this link between the main target and the hacked target can help him to have more chances to exploit the main target. Besides, he can use social engineering to hack systems. It means he'll try to exploit human vulnerabilities to hack systems. This social engineering can be seen as pivoting too.

You have to know that scanning will actually just try to find well-known vulnerabilities. If you are an expert hacker who know 0day vulnerabilities, you can try to find programs in the target's system which may be vulnerable to your 0day exploit, and use it to gain access.

People are walking exploits. When there are no exploits, simply use the systems already in place to do something unintended.

is there a way to convert my exe of jar file to .pdf .doc .rar etc in silent mode in kali linux and it will not affect the file in any way.

Ask in a separate thread for more visibility

Share Your Thoughts

  • Hot
  • Active