1/ [History] Last Stage of Delirium created a PoC but did not release it to the public, because they saw it was a HUGE vuln.https://twitter.com/todayininfosec/status/886798439912136704 …
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
As a pentester, I like exploits as much as the next guy. But truthfully, how is it helping customers defend better than just patch details?
The window between POC/patch and Exploit vs POC/patch and plugin to scan for it are wildly diff. I'd rather not wait to determine exposure.
I'm a rule utilitarian, so I'm open to arguments why publicizing point-and-shoot type exploits help organizations (more than they hurt them)
If you look at MS17-010, nobody reversed the patch to create a public exploit. Bad stuff started happening only after TSB released exploits.
Are you saying Microsoft should have published Eternalblue with their advisory (if they had it). Withholding the exploit hurt defenders?
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.