How do hackers find vulnerabilities?

With some major data breaches hitting the news recently, you might be wondering: how do hackers even find the vulnerabilities that they exploit? The movies often show people hunched in front of green-glowing text-filled monitors while they madly type code in real time – but is this really how hackers work? Are they all coding geniuses feeling their way through a system’s defences in a race against time and yelling things like, “We’re in!”?

You probably won’t be surprised to hear that the movies aren’t, in fact, very realistic. Hackers often aren’t coding geniuses at all, but they are often part of well-organised criminal organisations.

Here are some common ways that hackers actually find ways into a system.

Lapses in human defences

This is arguably the most popular hacking method of all time. Either wait for someone to make a mistake, or manoeuvre them into the action that will open up an entry point. Human defence vulnerabilities include things like:

  • Phishing attacks.
  • Password-email pairs found in other data breaches and sold online.
  • Coding or network configuration mistakes.
  • Accidental release of sensitive data.
  • Unapproved software that compromises network security.
  • Allowing physical access to unauthorised personnel or devices.

Public IP addresses

Hackers can use public-facing IP addresses to look for open or vulnerable ports on your network.

Vulnerability scanners

Vulnerability scanners are useful tools in any cybersecurity team’s toolbox – but they can also be used externally to probe a system for vulnerable areas.


Malicious software can be installed during a vulnerability exploit or as part of a human error – for example, if a person downloads and installs an executable file that they think is something else. Malicious software includes viruses, worms, trojans, spyware, adware, ransomware, and fileless malware that exists in a system’s memory.

System reverse engineering

Hackers can examine a system from the outside to understand its topology and components. Once they know how a system is put together and the hardware and software it uses, they can develop scripts to take advantage of known vulnerabilities.

Google dorking

Using custom query strings, hackers can search for websites and publicly-facing platforms with sensitive information or specific versions of software with known vulnerabilities. For example, a hacker might extract log files, look for public FTP servers, find SSH private keys, view security camera footage, or identify sites that they can hack further.

How to protect your system from these hacker techniques

Hardening your system security is an integral part of protecting it from hackers. Implementing high-quality firewalls, zero-trust architecture, endpoint security, VPNs, server management software, automated vulnerability scanning, and intrusion detection are all important pieces in the cybersecurity puzzle.

However, empowering your employees to defend against cybersecurity threats is the most important security strategy that you can use. When your staff receive high-quality, ongoing cybersecurity awareness training, they become part of the solution. They can help you to effectively defend your business from threats that depend on manual actions for access to your system. Training your staff in how to recognise intrusion attempts and what to do about them can make your business a lot less vulnerable to cybersecurity attacks.

If you’re ready to teach your staff to work together to protect your business, talk to PhishNet to find our how we can help.