Development Time of Zero-Day Cyber Exploits in Support of Offensive Cyber Operations
Abstract
Zero-day vulnerabilities are those that have not previously been identified and thus are in their zeroth day of existence. These vulnerabilities are the most potentially damaging from a cyber defense perspective because the defender is unaware of their existence and a malicious attacker can exploit them to take control of a system without the owners consent or knowledge. Zero-day vulnerabilities are also highly valuable to offensive cyber operations as they may be exploited before defenders are aware of their existence or can patch their systems to adequately defend them. This comprehensive study of zero-day vulnerabilities is focused on showing them to be a vital factor in cyber operations. Offensive cyber operators can benefit from techniques that help accelerate the development time of a zero-day exploit. In contrast, defenders and vendors can reduce their response time by improving their methodology to discover and patch zero-day vulnerabilities. This research provides an extensive review of zero-day vulnerabilities and examines their overall impact on targeted system security. We present characteristics of a system that increase its susceptibility to zero-day vulnerabilities and security measures to improve the zero-day vulnerability awareness of the defender. We also propose techniques for reducing the development time of zero-day exploits to enhance offensive cyber operations.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2020
- Accession Number
- AD1126359
Entities
People
- Konstantinos Bompos
Organizations
- Naval Postgraduate School