If I'm following your point, it's that anyone who wants capability can now use capital to acquire it, so release of N-day PoCs is immaterial to that? I don't think criminal groups could buy NSO's products and researchers wanting to make that kind of thing now go work for NSO/APT.
I think this ties back to "it's not the 90s anymore", it was trivially available to anyone with modest resources, but spending that for a worm anyone with a
can detect no longer makes sense. There was demand from professionals, many of whom wrote about making their own, no?
-
-
I'm pretty far from hands-on network pen-testing these days (and even farther from where Windows servers actually matter :) ), but is a demo'd shell going to convince people more than Microsoft+UK NCSC+NSA+CERT saying, "this is wormable, patch now" ? The demand side is ? to me.
-
Exploits have wide ranging benefits to defenders, see the other thread for people explaining the value they extract from them. Isn't security professionals demanding them enough evidence they're useful?
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
