Conversation

Precisely this :). It’s like a whole bunch of people wearing Patagonia talking about how easy it is to climb this mountain vs. another when they’ve never done more than a day hike.
Quote Tweet
Twitter: “exploit mitigations are so easy to bypass” Walking by office of someone who actually writes exploits: “damn, I’m still stuck trying to work around all this annoying shit”
5
42
Replying to and
Yes, I have seen a bug be made unexploitable by a mitigation. Is it the norm? Heck no. Do professional vulndevs look for bugs that fit a pattern that makes exploitation easy? Yes. Do we have evidence that mitigations regularly push bugs into nonexploitable territory? I think not.
3
6
It depends a lot on whether you're talking about mitigations targeting exploit techniques or mitigations catching the bugs themselves. For example, Android uses a lot of automatic integer overflow checking turning many integer overflows (often heap overflows) into (mild) DoS.
1
1