hngopher.com

       [HN Gopher] The tragedy of low-level exploitation
       ___________________________________________________________________
        
       The tragedy of low-level exploitation
        
       Author : abhaynayar
       Score  : 39 points
       Date   : 2024-08-05 13:16 UTC (9 hours ago)
        
 (HTM) web link (gynvael.coldwind.pl)
 (TXT) w3m dump (gynvael.coldwind.pl)
        
       | abhaynayar wrote:
       | Also, video going over the blog post by the author:
       | https://www.youtube.com/watch?v=58fwUXvhO3c
        
       | tptacek wrote:
       | This is a pretty great post. One of its subtexts is the cliche of
       | people taking jobs in offensive security and complaining that all
       | they get to work on are web apps --- web apps are where all the
       | money is, and where most new software is built. Another
       | interesting subtext: there's a whole variety of low-level targets
       | where modern exploit development techniques would come into play,
       | but since there's no market for those vulnerabilities, there
       | aren't many opportunities to get paid to develop the exploits;
       | all the action is in browsers and mobile operating systems, where
       | competition is incredibly fierce.
        
       | atemerev wrote:
       | You can sell low-level exploits quite profitably. You don't need
       | to make it, like, an official employment. If you can find gold,
       | why be employed in a gold-mining company for a salary if you can
       | just sell your findings?
        
         | layer8 wrote:
         | It depends on your motivation of why you want to work in that
         | field in the first place.
        
       | guardiangod wrote:
       | >low-level exploitation is rarely needed in cybersecurity
       | 
       | Sadly that's true. I am transferring from a low level pentester
       | to web app security engineer. That's where all the jobs are.
       | People don't really care how much you know about low level.
        
       | armitron wrote:
       | Mark Dowd's 2023 presentation "Inside The Zero Day Market" [0] is
       | extremely informative and a must read for everyone interested in
       | a low-level exploitation career.
       | 
       | [0]
       | https://github.com/mdowd79/presentations/blob/main/bluehat20...
        
       ___________________________________________________________________
       (page generated 2024-08-05 23:01 UTC)