Payload

So there you have it, you have found a vulnerability in your system. What are the risks? A malicious person may use an exploit (if one exists) to compromise the system. An exploit is a piece of code that opens a door to the target. Once the door is opened, the attacker will send malicious code called a payload.

Let's take an example, the Trojan horse! Greek warriors wait patiently inside the Trojan horse before taking action.

Trojans who accept the offering: this is the vulnerability
getting the Trojan horse into the compound: that's the exploit
the warriors in the Trojan horse: this is the payload

A payload is a self-executing application that can self-activate. This code provides the attacker with unauthorized remote access to the target. From that point on, anything becomes possible and here are some typical examples of damage done:

• Data theft:
  Allows extraction of sensitive data such as login credentials or bank details.
• Surveillance:
  Allows surveillance of a company for the purpose of industrial espionage or an individual to set up blackmail.
• Deleting / modifying files:
  Allows to change the behavior of a device (for a computer, disable the operating system for example or damage the boot process).
• Downloading new files:
  Allows to install a much more harmful malware.
• Running tasks in the background:
  Allows you to mine crypto-currencies for example.