ABSTRACT
Successful exploitation of a vulnerability leads to multiple potential forms of impact which provide significantly greater value than the target itself. Both vulnerabilities and impact reduce the security of an organization, but there is one key differentiator. A vulnerability in a system exists in the system’s natural state. In other words, the attacker didn’t need to do anything to make the vulnerability appear – it was already there. Impact, on the other hand, is a change to the security of a system based on an attacker’s action. Persistence ultimately traces back to a loss of integrity within the system. After persistence, the attacker will likely gain the ability to access services available to their newly compromised component. Persistence can be established through authorization by modifying an authorization control mechanism, such as an access control list. Persistence through authentication occurs when an attacker gains the ability to create a backdoor account or modify an existing principal to add an additional credential.
