Also interesting to note how skilled attackers can also often easily write exploits with just patch diffs. Patch gapping can be pretty easy and some venders even include POCs as regression tests even if the researcher doesn't publish it!
-
-
Sure, but it’s faster still to use an existing PoC when they’re published; it’s all about increasing the barrier of entry
2 replies 0 retweets 1 like -
Seems a shame to deprive the world of all the mitigations and value we've extracted from exploits to add a few trivial speed bumps. After all, a few speed bumps don't make a barrier.
2 replies 0 retweets 6 likes -
I’m not sure I agree that it is primarily exploits that enable us to create new mitigations, but wouldn’t it be just as beneficial for developing mitigations to release PoCs at a later date than contemporaneously with patches?
1 reply 0 retweets 1 like
A mitigation can be as simple as verifying a configuration change is effective.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.