Red Team Chief at [redacted]. Obscure security researcher. My handle flags bad AV. Attacker emulation, #PowerShell, #IoT sec, father of a bunch and Army Vet
In 15 years of red teaming a lot has changed. Something that hasn't is that there is nothing more difficult to attack than a network defended by well-trained and practiced people. People > $ecurity Budget. I suspect this trend will continue in the future.
Looks like bugtraq was just shut down. It hasn't been useful for a long time, but still an important footnote in vulnerability history. seclists.org/bugtraq/2021/Ja…
Me too :) The meta-question of "Why don't more people do it?" is something I struggle with. If it were a single reg key:
1) We'd have folks laughing that they could bypass it
2) Defenders wouldn't be any closer to solving the more dangerous problem (EXEs, DLLs)