This is an incredible resource for anyone looking into zeroday exploits and I'm happy to say that I helped with ithttp://www.rand.org/pubs/research_reports/RR1751.html …
-
-
"Offensively focused researchers employ different methods of finding bugs than defensively focused ones." Hire a red team!pic.twitter.com/E4VkYMXEnf
-
Selecting the RIGHT vulnerability appears to be the most time consuming part of exploit development.pic.twitter.com/yZ63tjrCQ8
-
As an exploit developer, you're having a GREAT year if you ship 4 exploits.pic.twitter.com/iOKN5qpT53
-
-
Bounties have little overlap w exploit development. Not in skill required, techniques developed, or bugs discovered.https://twitter.com/withzombies/status/839870870545850368 …
-
Extraordinarily few people are capable of professional exploit development, an order of magnitude less than the number of bug bounty hunterspic.twitter.com/G1rD45w0xz
-
To those dismissing this RAND report: Ignore it at your own peril. This is the best data ever released on real exploit development, period.
- 7 more replies
New conversation -
-
-
Need to shift away from thinking of nets (not just code) as secure. MTD and deliberate deception should be layed in as well.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.