[tmd83]

Just looking at the list of steps that needs to happen for these modern exploits is mind blowing for a layman. Can any expert comment on how easy/hard it is to find such exploits. How much of it is skill and how much luck. How does one come up with them. Is it primarily based off knowledge (which is essential ofcourse) or more some people have an intuitive knack for it.

[mcpherrinm]

There are two parts here: an exploit for Adobe Reader, and a local privilege escalation for Windows.

The Adobe one is a standard memory safety bug. This is the kind of thing you can find with fuzzers pretty easily, or by examining file formats for potential overflows. The exploitation techniques here are using ROP chains to get execution to shellcode from a JavaScript heap-sprayed shellcode. Both are widely used techniques, and there are tools to assist exploit writers in finding and using ROP gadgets.

I don't know Windows as well, so I can't speak to the second exploit.

[3pt14159]

There is an offensive security conference called Infiltrate that has videos floating around that you can find online. Finding 0days in constantly attacked stuff like Windows is getting harder, but the tools these guys are building are getting more complex / interesting. I'd say the bar is higher, but it's still not hard to do and some lesser known platforms like QNX are straight easy if you have some time.

Much like, say, JavaScript development the tooling and instruction is of a much higher quality and much more diffuse. If you're smart and you put in a couple of years you can do it too, and some of these vulns fetch millions, though they're frequently blown on pwn2own contests or otherwise responsibly disclosed. I suspect that that is going to change over the next couple years as every major government amps their cyberwarfare / int budgets.