In the debate about publishing n-day PoCs, I’m not reading anyone debating what the value of n should be for fully working PoCs. I’ve personally published vuln details when patch was released, techniques in abstract, but waited over a year for working exploits. Seemed best to me.
-
-
I mean, there are tons of relative comparisons in there to unpack. How beneficial is it for metasploit to have a reliable BlueKeep exploit soon after patch release? That's another twitter thread. FWIW, I love reading p0 blog posts on the techniques more than reading the PoC code.
-
I think this ties back to "it's not the 90s anymore", it was trivially available to anyone with modest resources, but spending that for a worm anyone with a
can detect no longer makes sense. There was demand from professionals, many of whom wrote about making their own, no? - 3 more replies
New conversation -
-
-
I don’t know how it happened, but I’m on the same side as Tavis in a disclosure debate... I fear one of us will have to re-evaluate their life choices.
-
Who ever said that Twitter can't change minds? ;)
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
