So "attackers" are largely bifurcated into criminals and APTs. Part of the challenge of this debate is that different people think about either attack or defense and of APTs or criminals. Makes it hard to be precise about which group's activities they are trying to hamper.
-
-
Replying to @dinodaizovi
Aren't you doing exactly that? If you care about opportunistic criminals, nday is essentially non existent relative to malware, no?
1 reply 1 retweet 1 like -
Replying to @taviso
I wouldn't say "essential non-existent" because some published exploits seem to enabling ransomware and cryptomining these days (I don't have hard numbers, just anecdotally). Published client-sides can also help NSO-like companies. To me, the only winning move was not to play :).
2 replies 0 retweets 1 like -
Replying to @dinodaizovi
Perhaps we can agree not even 1% compared to malware. There for sure are drawbacks to open research we have to wrestle with, but the net result is undoubtedly positive. Similarly, there are drawbacks to easy availability of lots of things, pharmaceuticals, power tools, etc.
1 reply 0 retweets 1 like -
Replying to @taviso
Sorry I can't agree to a number on each of our personal perceptions w/o data :). There are ~1.34 gazillion malware samples a minute in VT, so I'd bet the number of those attempted installations via exploits is knowable and the lineage of that exploit code could be examined.
1 reply 0 retweets 0 likes -
Replying to @dinodaizovi
Hmmm. That seems odd, you can't agree that malware is more prevalent than exploitation? Even for the purpose of informal discussion?
2 replies 1 retweet 0 likes -
Replying to @taviso @dinodaizovi
To be clear, the point I'm making is that nday is small potatoes for opportunistic attacks, so actions that hugely benefit other important areas at the cost of barely moving the needle for this area seems rational.
2 replies 3 retweets 8 likes -
Replying to @taviso
I mean, there are tons of relative comparisons in there to unpack. How beneficial is it for metasploit to have a reliable BlueKeep exploit soon after patch release? That's another twitter thread. FWIW, I love reading p0 blog posts on the techniques more than reading the PoC code.
2 replies 0 retweets 2 likes -
Replying to @dinodaizovi
I think this ties back to "it's not the 90s anymore", it was trivially available to anyone with modest resources, but spending that for a worm anyone with a
can detect no longer makes sense. There was demand from professionals, many of whom wrote about making their own, no?1 reply 0 retweets 0 likes -
Replying to @taviso
I'm pretty far from hands-on network pen-testing these days (and even farther from where Windows servers actually matter :) ), but is a demo'd shell going to convince people more than Microsoft+UK NCSC+NSA+CERT saying, "this is wormable, patch now" ? The demand side is ? to me.
3 replies 0 retweets 3 likes
Exploits have wide ranging benefits to defenders, see the other thread for people explaining the value they extract from them. Isn't security professionals demanding them enough evidence they're useful?
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.