adam's notes

Vulnerable Software Vectors
Unsupported Systems and Applications
Client-Based versus Agentless

❯

❯

Vulnerable Software Vectors

Vulnerable Software Vectors

Vulnerable software contains a flaw in its code or design that can be exploited to circumvent access control or to crash the process.

commonly exploited threat vector
attack surface can be reduced by:
- consolidating to fewer products
- using the same version of products across the org

Unsupported Systems and Applications

An unsupported system is one where its vendor no longer develops updates and patches.

highly vulnerable to exploits

Info

One way to deal with unsupported apps that cannot be replaced

isolate them from other systems

idea is to reduce opportunities for a threat actor to access the vulnerable app and run exploit code

Using isolation as a substitute for patch management is an example of a compensating control

Client-Based versus Agentless

Scanning software helps organizations to automate the discovery and classification of software vulnerabilities.

can be used by threat actors as part of reconnaissance against a target
can be implemented as a client-based agent
- agent runs as a scanning process installed on each host and reports to a management server
can also use agentless techniques
- scan a host without requiring any sort of installation
- most likely to be used in threat actor reconnaissance

Graph View

Backlinks

Compare Threats Types
Threat Vectors

Created with Quartz v4.5.2 © 2026

CC BY-NC-SA
adamfurman.me