This article was contributed by Check Point Research.  The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs. Their data sources includes open sources, the ThreatCloud network and dark web intelligence. Internally, the team has developed their own machine learning modules, anomaly detection, reverse engineering and campaign hunting techniques that all assist in staying ahead of hackers and the latest cyber threats. 

Are you curious but taken aback by the number of cloud terms to memorize, processes to follow and names to know? We’ve got you covered.

The discovery of a high-impact vulnerability can equal money, power, prestige or the satisfaction of averting future disaster. Hence, for every undiscovered vulnerability, there is an implicit wacky race of highly motivated freelancers, nation-state actors, security researchers at big tech, graduate students and other players, each armed with their respective tools, expertise and preponderance of free time, all vying to be first past the post. For these actors, there are few things more satisfying than finding a vulnerability with wide reach and crippling impact (in these modern days, one might add: wide enough reach and crippling enough impact to warrant a catchy name, a dedicated web page and an imposing logo). This diverse supply of vulnerabilities meets a diverse demand: actors who have actual plans of what to do with a vulnerability, including some (not all) of the actors mentioned above, will happily pay for one handsomely in lieu of doing the difficult research.

Who is this study for?

Anyone with at least a passing interest in the field of vulnerability research who’s taken aback by the immense number of cloud terms to memorize and processes to follow. No prior technical knowledge is required. This study doesn’t teach actual vulnerability research past the very basics of the basics; if you’re looking for a text that does, go read our own “A First Introduction to Systems Exploitation”.

Understand the Basics:

  • Is there a “hacker mindset”?
  • Who looks for vulnerabilities, and why?
  • How do we measure how “bad” a vulnerability is?
  • What hoops and hurdles are there until a patch is finally issued?
  • In what ways can code become vulnerable?
  • What are these “Bluekeep” and “Spectre” you’ve heard of?
  • What is it like being a vulnerability researcher, and what lies in the future for this field?


Download the full study