An exploit is a piece of code, technique, or sequence of commands that takes advantage of a specific vulnerability in software or hardware. Exploits can enable local privilege escalation, provide remote access, or exfiltrate data.
A distinction is made between known exploits (for which patches exist) and zero-day exploits (for which no patch is yet available). Exploit kits bundle multiple exploits and automatically test which vulnerability is present on a target system. Patch management, vulnerability scanning, and defence in depth are the most important countermeasures. In risk management, the availability of public exploits directly factors into the assessment of likelihood.