|
|
|
|
|
|
by shellcoder
2507 days ago
|
|
|
Harder than you might think. Who gets to control the server being compromised? 1. The buyer or someone the buyer trusts, then the buyer can log all the network traffic and find the incoming attack traffic and work out the exploit from there. 2. The seller or someone the seller trusts, can backdoor the software to fake it. 3. Someone they both trust, that would require they have some mutual contacts which while possible I wouldn't count on it. 4. A random victim, more possible, but neither party would want to risk prematurely burning the exploit. And of course there are a ton of exploits that are not remote, all sorts of local privilege escalations, and there are partial exploits that are sold. Like a multistage exploits like say just the exploit to escape a sandbox, or even just an exploit that requires a memory leak could be sold without a memory leak, or just selling the memory leak. Obviously a fully weaponized exploit sells for the most, but there are buyers for stages also. |
|
|
I was thinking about phones, not servers.
> then the buyer can log all the network traffic and find the incoming attack traffic and work out the exploit from there.
Is it really that easy? I'm not a security researcher, but I imagine that most exploits aren't just a magic byte sequence you send to the victim -- so I assumed that just a single observation of a successful attack is not enough to understand it easily.