Ancestors

Toot

Written by Merospit on 2024-09-25 at 23:24

[#]bsidescbr2024 starting with Chompie presenting the keynote on the exploit development lifecycle #cybersecurity

=> More informations about this toot | More toots from merospit@infosec.exchange

Descendants

Written by Merospit on 2024-09-25 at 23:37

Exploitability of vulnerabilities is a cost benefit calculation because you can't work on a difficult bug forever.

[#]bsidescbr2024

=> More informations about this toot | More toots from merospit@infosec.exchange

Written by Merospit on 2024-09-25 at 23:39

Vulnerabilities can change the program state to a "weird machine", which is a Turing machine that doesn't necessarily follow the possibilities of the original state machine.

[#]bsidescbr2024

=> More informations about this toot | More toots from merospit@infosec.exchange

Written by Merospit on 2024-09-25 at 23:44

Logic bugs are more stable than memory corruption, which is important when the goal is to create a reliable exploit.

[#]bsidescbr2024

=> More informations about this toot | More toots from merospit@infosec.exchange

Written by Merospit on 2024-09-25 at 23:49

More useful for exploits to target specific versions because there are many possible differences between versions that can increase the complexity of the exploit and hence the time and cost of development.

[#]bsidescbr2024

=> More informations about this toot | More toots from merospit@infosec.exchange

Written by Merospit on 2024-09-25 at 23:54

Understanding the target environment is important to improve reliability. For example, just having other things running on targets can change behaviour of some vulnerabilities compared to a quiet development lab.

[#]bsidescbr2024

=> More informations about this toot | More toots from merospit@infosec.exchange

Written by Merospit on 2024-09-26 at 00:02

Reducing the novelty of an expolit can make attribution more difficult, at the potential cost of being detected easier.

[#]bsidescbr2024

=> More informations about this toot | More toots from merospit@infosec.exchange

Written by Merospit on 2024-09-26 at 00:08

Advanced exploit development techniques are useful for red team consultants to emulate highly resourced adversaries. For most people, a proof of concept to demonstrate a vulnerability is enough.

[#]bsidescbr2024

=> More informations about this toot | More toots from merospit@infosec.exchange

Proxy Information

Original URL: gemini://mastogem.picasoft.net/thread/113200771314917970
Status Code: Success (20)
Meta: text/gemini
Capsule Response Time: 272.293909 milliseconds
Gemini-to-HTML Time: 1.408872 milliseconds

This content has been proxied by September (ba2dc).