I think the proliferation of so called "red team" tools is an issue. We need to have this talk InfoSec peeps. Disclosure is not the key topic here, but providing free off-the-shelf implants to criminals is. Because that’s the reality of it.
-
-
Replying to @x0rz
I often agree with what you write but you are totally off here. The availability of public tools is the best thing that has happened to defense in the last 20 years because they now mostly know what’s going on. Before that criminals just wrote their own or paid someone to do it!
2 replies 1 retweet 16 likes -
Replying to @marver
That’s when you can afford a defense. Believe me that all these companies being crippled by ransomware these last months are not getting any of the benefit you mention.
2 replies 0 retweets 2 likes -
Replying to @x0rz
Because the so called Infoseek community or industry is failing at defense. Every medium skilled attacker can write his own tools. The low skilled ones can just buy them. The whole debate is originally spawned by people trying to protect their snake oil business.
1 reply 0 retweets 1 like -
Replying to @marver
This... doesn’t make sense. As a reminder offense works for defense - except if you’re an actual APT or LE. The end goal is to secure shit. If are directly observing tons of malicious campaign of criminals using those tools we should reassess our strategy. This is all I’m saying
2 replies 1 retweet 1 like -
Replying to @x0rz
It’s a fallacy, it’s NOT cause and effect . You are also seeing tons of criminals using the Internet. If the tools wouldn’t be public, you would see private ones being used. Or maybe you would see nothing because you would be blind to what’s actually going on.
1 reply 1 retweet 2 likes -
Replying to @marver
Criminals like many others have a limited amount of resources. Let’s say they have to spent a few days to build X in order to rob a bank. Now we’re directly feeding them tools, so they can rob 2 banks instead of one. We can’t prevent them from doing it, but we can make it harder
4 replies 0 retweets 1 like
Tavis Ormandy Retweeted Alfred Charles Hobbs
Tavis Ormandy added,
-
-
That’s one hell of a view. That is definitely assuming good outweighs bad heavily.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.