Big-game hunting (BGH)

Big-Game Hunting (BGH) is an information security technique that focuses on locating and exploiting high-value targets. The term was coined by security expert Dan Geer to describe a strategy of infiltrating computer networks one step at a time by breaking down a break-in into several discreet steps. This approach analogous to how a hunter might seek out a large game animal, such as a bear, by tracking it until they can get close enough to shoot it.

When a security researcher uses the BGH approach, they first identify a target within a system or network. They then begin to map out the systems and networks around the target and find ways to gain access to the target’s systems. Once access is achieved, the BGH process begins in earnest. Researchers use a variety of security methods to discover weaknesses and exploits in the target system. Exploits include but are not limited to buffer overflows, SQL injection, and man-in-the-middle attacks.

The goal of the BGH approach is to obtain complete control over the target system, which can then be used to launch further attacks or allow the researcher to access sensitive data. To achieve this, the researcher must first identify the vulnerability or weaknesses in the system before exploiting it for access. The research must also have the necessary skill and knowledge to successfully execute the exploit without being detected.

Big-game hunting (BGH) is an important tool employed by many information security researchers. By subscribing to BGH, these practitioners can gain access to systems and networks quickly and surreptitiously. The technique is a powerful tool, providing deep insight into how systems and networks can be breached and how to protect against future attacks.