Vendors have loved the term and jumped on it like a tourists at a free buffet breakfast. It sounds sexy, I mean a cyber weapon/pathogen that's mythical and unknown. My gaaawd how cool. Oh we can detect it and stop it. SIGN ME UP!!
Prikaži ovu nit
I've tried to keep this bottled up, but seeing as we've a whole wave of new people to our industry, maybe it's time to help rather than stand silent. 0hday/Zeroday/0-day exploits should be the least of your worry. Adversaries mostly wont be using them*
-
-
-
Thing is, ask any good attacker today in 2019 and they won't be burning 0hday for most things. Mostly because it has become a damn valuable asset. Zerodium (market broker leader for exploits today since our resident Bangkok dude retired) just updated their pricingpic.twitter.com/h4QJvuvl19
Prikaži ovu nit -
The rage with Middle-eastern govs is zero-click RCE's, you know, to monitor those pesky citizens who say stuff. This has driven the price sky-high, so if you do sit on such a thing, you aren't dropping it like it's hot, that's for sure. The thing is, you also don't need to.
Prikaži ovu nit -
Sadly we, as an industry, still struggle with patching. It's hard, it's our kryptonite and therefore you don't *need* 0hday when CVE-2017-0199 still works like a charm, or you use Ruler (oh
@_staaldraad that's one of the sexiest things i've seen)Prikaži ovu nit -
Now here's the ugly truth: 0hday sells. It makes vendors seem like they are solving the impossible, but in reality it's all mostly shit. Time and time again we've seen this play out, but we are a magpie industry where shiny and new trumps the basic and known.
Prikaži ovu nit -
* There will always be some targets that warrant the use. Often it boils down to a simple equation What you have + your OPSEC * CAPEX of your adversary ='s use case. If you are deemed attractive by a regime with unlimited capital, then your threat model is different to most
Prikaži ovu nit -
For most of us, it's about taking care of IT hygiene. Know what you've got under your control, plan and implement a solid patching routine as quickly as possible and use telemetry. Save the millions for hiring good people, not tech!
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
Oh no! Sad Vendor face :-(
-
this mean i dont get a pen?
- Još 2 druga odgovora
Novi razgovor -
-
-
Legacy, no asset management, no idea where all critical assets reside or what level of protection is in place. Inadequate monitoring, and I haven't even started on patching, all making it easier for an adversary... I won't even mention social engineering...oh wait I did
-
Bingo. Oh wait now I am sad
- Još 3 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.