Lessons Learned

Chained Exploits

Based on real world experience, exploiting services by chaining multiple vulnerabilities is actually pretty common in the wild. During some of my penetration tests, my team was able to find multiple vulnerabilities that are not that impactful by itself. However, when we start to chain these vulnerabilities together, we were able to further exploit the service more than we expected. Therefore, besides finding for individual critical vulnerabilities, penetration testers have to also look at combining multiple known vulnerabilities to see if that creates a new and more devestating vulnerability.