I hate the phrase "raising the bar", I've noticed people use it when they're pitching some low-quality mitigation that makes the attacker do some busy work but doesn't fundamentally prevent them from achieving their original goal. 
-
-
In some circumstances though, the difference between making something a targeted attack vs something easy to write as a worm is still meaningful - in that it takes worms and automation out of the list of stuff blue teams have to deal with while working on better defenses overall.
-
If a small amount of effort "raises the bar" enough to free up a large amount of employee hours to KEEP raising the bar further and further, I can't completely see that as wasted effort.
- 21 more replies
New conversation -
-
-
Where is ASLR on the continuum? I’ve been thinking about “alien computer” transforms using runtime code generation. Arbitrary permutations of instruction text, registers, basic blocks, syscall numbers... HW X-only pages (no text leak). Anyhow C is bad.https://github.com/rv8-io/rv8/blob/master/doc/src/bintrans.md …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.