Well, re this: https://twitter.com/nicoleperlroth/status/1133578307105054720?s=20 … Reverse engineering patches to develop exploits is 100% a real thing. It’s some people’s full-time job. I don’t know who you’re talking to, but that’s reality. Different equities would change the timeline, but not the root problem.
-
-
-
Replying to @nicoleperlroth @fugueish and
Chris is right on this, finding an infoleak to make a vuln reliable is just part of exploit development. I don't always agree with Dave, but this is not a matter of opinion, he's just stating a fact.
2 replies 0 retweets 18 likes -
Replying to @taviso @nicoleperlroth and
There’s an interesting data point with MS17-010, the patch which fixed EternalBlue.exe exploit - it was released months beforehand, and basically nobody cared except zerosum.
2 replies 0 retweets 10 likes -
Replying to @GossiTheDog @nicoleperlroth and
There are professional teams who reverse engineer and bindiff every patch, they care about every patch - we've hired some of them. I guess you mean nobody blogged about it? That's not unusual, but doesn't mean very much.
1 reply 0 retweets 15 likes -
Replying to @taviso @nicoleperlroth and
Sure - but does anybody have any evidence this was reversed and exploit developed? Even when EternalBlue was released it took months to be picked apart - it contained never before seen things.
@zerosum0x03 replies 0 retweets 4 likes -
Replying to @GossiTheDog @taviso and
What evidence would there be? Is there any evidence the NSA used or even had the exploit before it was leaked?
1 reply 0 retweets 4 likes -
Replying to @MalwareTechBlog @taviso and
As in if there were teams of people who reverse every patch and make exploits, where is the exploit? As that would be the evidence.
1 reply 0 retweets 2 likes -
-
Replying to @MalwareTechBlog @taviso and
They don’t have to. It would just be evidence that there was an exploit reversed from the patch.
1 reply 0 retweets 0 likes
Right, but the point is that the people who commission exploits probably don't want to broadcast that fact. We know that is a thing people do though. We have imperfect knowledge of what our adversaries are doing and have to extrapolate 
-
-
Replying to @taviso @GossiTheDog and
This. The first question is going to be “why did you have this”.
0 replies 0 retweets 7 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Replying to @taviso @GossiTheDog and
As an aside, didn’t I just read an article suggesting that some of the ShadowBrokers tools probably got picked up before the leak by another nation state’s honeypot, and that exploits were developed in parallel?
0 replies 0 retweets 2 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.