Network intrusions and software exploits that go undetected after being discovered by a potential hacker because of a vulnerability in the network or software are known as zero-day exploits. An attack is launched after the exploit is found, and the victim organization has zero days to fix the issue, hence the name "zero-day" exploit.
The following terminology is necessary for understanding the control flow of a zero-day exploit:
The attack phase comprises the following steps:
The defense against a zero-day attack would comprise the following:
Some examples of prominent zero-day attacks are as follows::
Auditing and intrusion detection techniques can be used to identify and block the attack. Keeping logs for activities on a system makes it easier for the organization to lead back to the cause of the attack. Cyber security specialists and analysts can use data provenance graphs for this purpose. They eventually lead back to the reason that resulted in the attack. Therefore, the exploit is identified and patched.
Some other helpful prevention techniques include using