Chronic
Exploitable
Vulnerabilities (CEV)
Vulnerabilities that are often exploited, but are not tracked with CVEs
Chronic Exploitable Vulnerabilities (CEV):
- Are vulnerabilities that does not have a CVE ID
- Are exploitable on their own or serve as prerequisites in the exploitation of other vulnerabilities
- Are well known and exploited by adversaries, red teamers and pentesters
- Stay relevant for a long time (unlike CVEs which are only relevant only until it is patched)
- May reappear even after successful remediation
-
Who can benefit from this website?
Blue
Teamers
Can gain insights on the attacks that are typically performed by attackers and penetration testers.
This website includes:
Real-world attack techniques with a focus on clear, actionable steps to mitigate and/or prevent vulnerabilities.
Red
Teamers
Can use this for remediation guidance to be included in the assessment reports.
This website includes:
Remediation strategies for pentesters’ favorite attack techniques are outlined from remediators’ point of view.
Security Managers
Can proactively improve defense against commonly exploited (Non CVE) vulnerabilities
This website includes:
Practical impact of vulnerabilities that are not qualified for CVEs, yet exploited in the real world.