{"id":4888,"date":"2022-04-18T13:56:23","date_gmt":"2022-04-18T10:56:23","guid":{"rendered":"https:\/\/www.hostixo.com\/blog\/?p=4888"},"modified":"2023-12-23T13:15:53","modified_gmt":"2023-12-23T10:15:53","slug":"exploit-nedir-korunma-yontemleri","status":"publish","type":"post","link":"https:\/\/www.hostixo.com\/blog\/exploit-nedir-korunma-yontemleri\/","title":{"rendered":"Exploit Nedir? Ne \u0130\u00e7in Kullan\u0131l\u0131r? Korunma Y\u00f6ntemleri Nelerdir?"},"content":{"rendered":"

Exploit nedir? sorusunun cevab\u0131na ilk \u00f6nce kelime anlam\u0131ndan ba\u015flayal\u0131m kelime anlam\u0131 olarak ‘faydalanmak, istismar etmek’ anlamlar\u0131nda kullan\u0131r bir yaz\u0131l\u0131m g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan veya g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanan \u00f6zel programlar veya kod par\u00e7ac\u0131klar\u0131d\u0131r. Burada, Exploit nedir? sorusuna <\/strong>cevap verece\u011fiz, Exploit’in bilgisayar g\u00fcvenli\u011findeki sonu\u00e7lar\u0131n\u0131 \u00f6\u011frenece\u011fiz ve size \u00f6zel bir siber g\u00fcvenlik \u00f6nlemi ile bilgisayar\u0131n\u0131z\u0131 veya mobil cihaz\u0131n\u0131z\u0131 bunlara kar\u015f\u0131 nas\u0131l koruyabilece\u011finizi g\u00f6sterece\u011fiz.<\/p>\n

Exploit Nedir?<\/h1>\n

Exploit Nedir? A\u00e7\u0131klardan yararlanma, bir yaz\u0131l\u0131m veya donan\u0131m par\u00e7as\u0131ndaki belirli bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 bulmak i\u00e7in olu\u015fturulan program t\u00fcr\u00fcd\u00fcr. Exploit, yaz\u0131l\u0131m uygulamalar\u0131ndan kod ve veri dizilerine ve basit komut dizilerine kadar her \u015feyi i\u00e7erir. Ba\u015fka bir deyi\u015fle,\u00a0bir Exploit, bir bilgisayar korsan\u0131n\u0131n kendi ama\u00e7lar\u0131 i\u00e7in bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanmas\u0131na izin veren bir ara\u00e7t\u0131r.<\/strong><\/p>\n

Exploit Nedir? Ne \u0130\u00e7in Kullan\u0131l\u0131r?<\/h2>\n

Exploitlerin ne i\u00e7in kullan\u0131ld\u0131\u011f\u0131n\u0131, exploit nedir sorusuna verdi\u011fimiz cevaptan yola \u00e7\u0131karak \u00e7ok rahat a\u00e7\u0131klayabiliriz kullan\u0131m ama\u00e7lar\u0131na bak\u0131ld\u0131\u011f\u0131nda teknik d\u00fczeyde, Exploitler k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m olarak kabul edilmez, \u00e7\u00fcnk\u00fc onlar hakk\u0131nda do\u011fal olarak k\u00f6t\u00fc ama\u00e7l\u0131 hi\u00e7bir \u015fey yoktur. K\u00f6t\u00fcye kullan\u0131m tehlikesi, bilgisayar korsanlar\u0131n\u0131n sisteminize s\u0131zmak i\u00e7in kulland\u0131ktan sonra yapt\u0131klar\u0131ndan kaynaklan\u0131r. exploit fidye yaz\u0131l\u0131m\u0131 veya vir\u00fcs de\u011fildir ancak a\u00e7\u0131klardan yararlanmalar, \u00e7ok a\u015famal\u0131 bir sald\u0131r\u0131da k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m sa\u011flamak i\u00e7in s\u0131kl\u0131kla kullan\u0131l\u0131r.<\/p>\n

Exploit Sald\u0131r\u0131lar\u0131 Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/h3>\n

Software Exploits(Yaz\u0131l\u0131m istismarlar\u0131) dedikleri olay, Exploit’in hedefledi\u011fi yaz\u0131l\u0131mda bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olmadan var olamaz. Bir bilgisayar korsan\u0131 bu kusuru yani g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 tespit etti\u011finde, onu kullanan bir Exploit yazabilir.<\/p>\n

Bir\u00e7ok bilgisayar korsan\u0131, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m sunmak i\u00e7in g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlan\u0131r. \u0130\u015fte b\u00f6yle bir exploit sald\u0131r\u0131s\u0131n\u0131n nas\u0131l \u00e7al\u0131\u015fabilece\u011fine dair bir \u00f6rnek: \u0130nternette geziniyorsunuz ve k\u00f6t\u00fc niyetli bir reklam i\u00e7eren bir web site<\/a>sine girdiniz. Size \u00e7ok iyi gibi g\u00f6r\u00fcnen bir reklam, asl\u0131nda bilgisayar\u0131n\u0131z\u0131 bilinen herhangi bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 i\u00e7in tarayan bir exploit\u00a0<\/strong>kiti<\/b> olabilir. Bu kit bir tane g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulursa, reklam, bilgisayar\u0131n\u0131za bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 veya g\u00fcvenlik a\u00e7\u0131\u011f\u0131 yoluyla eri\u015fmek i\u00e7in bir exploit sald\u0131r\u0131s\u0131 kullan\u0131r. Ard\u0131ndan, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n\u0131 do\u011frudan sisteminize kayd\u0131r\u0131r.\u00a0K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m y\u00fcklemek i\u00e7in exploit kullan\u0131ld\u0131\u011f\u0131nda, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m payload<\/strong> olarak bilinir. \"exploit

Yayg\u0131n Exploit t\u00fcrleri<\/h4>\n

Yaz\u0131l\u0131m a\u00e7\u0131klar\u0131 oldu\u011fu kadar \u00e7ok say\u0131da exploit de vard\u0131r ve neredeyse her g\u00fcn yeni exploit t\u00fcrleri ke\u015ffedilmektedir. Exploitler, hedeflenen g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 hen\u00fcz kimsenin d\u00fczeltip d\u00fczeltmedi\u011fine ba\u011fl\u0131 olarak iki t\u00fcre ayr\u0131labilir.<\/p>\n

Bilinen Exploitler<\/h5>\n

Bilinen Exploit nedir? Birisi bir yaz\u0131l\u0131mda g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ke\u015ffetti\u011finde, genellikle yaz\u0131l\u0131m\u0131n geli\u015ftiricisini uyar\u0131r ve bu ki\u015fi daha sonra g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 hemen d\u00fczeltebilir. Ayr\u0131ca ba\u015fkalar\u0131n\u0131 uyarmak i\u00e7in g\u00fcvenlik a\u00e7\u0131\u011f\u0131 hakk\u0131ndaki haberi internete yayabilir. Bu nedenle g\u00fcvenlik yamalar\u0131 yay\u0131nlan\u0131r bu g\u00fcvenlik yamalar\u0131 daha sonra yaz\u0131l\u0131m g\u00fcncellemeleri arac\u0131l\u0131\u011f\u0131yla kullan\u0131c\u0131lara iletilir, bu nedenle g\u00fcncellemeleri \u00f6\u011frenir \u00f6\u011frenmez her zaman y\u00fcklemeniz gerekir. Halihaz\u0131rda yama uygulanm\u0131\u015f bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 hedefleyen herhangi bir exploit, bilinen bir exploit <\/strong>olarak adland\u0131r\u0131l\u0131r, \u00e7\u00fcnk\u00fc herkes ilgili g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 zaten bilir.<\/p>\n

G\u00fcncelleme yap\u0131lmad\u0131\u011f\u0131 takdirde ne olaca\u011f\u0131na bir \u00f6rnek verecek olursak WannaCry\u00a0ve\u00a0NotPetya , EternalBlue adl\u0131 bilinen bir Windows 7 a\u00e7\u0131\u011f\u0131n\u0131 kullanan iki k\u00f6t\u00fc \u00fcne sahip fidye yaz\u0131l\u0131m\u0131d\u0131r. Her iki sald\u0131r\u0131\u00a0da Microsoft’un g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 d\u00fczeltmesinden\u00a0sonra ger\u00e7ekle\u015fti.\u00a0<\/em>Ancak bir\u00e7ok ki\u015fi yaz\u0131l\u0131mlar\u0131n\u0131 g\u00fcncelleme zahmetine girmedi\u011fi i\u00e7in WannaCry<\/a> ve NotPetya<\/a> milyarlarca dolarl\u0131k zarara neden oldu ve bu da exploit nedir sorusuna a\u00e7\u0131klay\u0131c\u0131 bir \u00f6rnektir.<\/p>\n

Zero-Day Exploits<\/strong> (bilinmeyen a\u00e7\u0131klar)<\/h6>\n

Bazen, exploitler herkesi \u015fa\u015f\u0131rt\u0131yor. Bir bilgisayar korsan\u0131 bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ke\u015ffetti\u011finde ve hemen bunun i\u00e7in bir exploit olu\u015fturdu\u011funda, buna Zero-Day Exploits denir<\/strong> \u00e7\u00fcnk\u00fc exploit sald\u0131r\u0131s\u0131, g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n bulundu\u011fu g\u00fcn ger\u00e7ekle\u015fir. Bu noktada, geli\u015ftirici a\u00e7\u0131\u011f\u0131 bilmedi\u011finden dolay\u0131 bu sald\u0131r\u0131ya Zero-day exploits denir.<\/p>\n

Zero-day exploits\u00a0 son derece tehlikelidir \u00e7\u00fcnk\u00fc g\u00fcvenlik a\u00e7\u0131\u011f\u0131na a\u00e7\u0131k veya acil bir \u00e7\u00f6z\u00fcm yoktur. Sald\u0131rgan g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 ke\u015ffetti\u011fi an yap\u0131lan bir sald\u0131r\u0131 oldu\u011fu i\u00e7in. Sald\u0131r\u0131ya yan\u0131t durdurmak i\u00e7in\u00a0 geli\u015ftirici herhangi bir yamada olu\u015ftursa sald\u0131r\u0131 \u00e7oktan ba\u015flad\u0131\u011f\u0131 i\u00e7in istediklerini koruyamaz.<\/p>\n

Exploit Sald\u0131r\u0131lar\u0131na Kar\u015f\u0131 Nas\u0131l Korunabilirsiniz?<\/h2>\n

\u0130yi haber \u015fu ki, bir\u00e7ok durumda\u00a0kendinizi exploit sald\u0131r\u0131lar\u0131na kar\u015f\u0131 koruyabilirsiniz .\u00a0<\/em>Ak\u0131ll\u0131 bilgisayar g\u00fcvenli\u011fi al\u0131\u015fkanl\u0131klar\u0131n\u0131 uygulayarak, kendinizi a\u00e7\u0131klardan exploit sald\u0131r\u0131lar\u0131ndan korumak i\u00e7in uzun bir yol kat edebilirsiniz. \u0130\u015fte en iyi exploit \u00f6nleme taktiklerinin ve tekniklerinin k\u0131sa bir listesi:<\/p>\n