Hacker News new | ask | show | jobs
by _8j50 1154 days ago
You're guessing I think. Phishing of some sort is by far the most reliable and used method. CVEs that get exploited are rarely using memory exploits but they do happen and affect companies and people that refuse to update their stuff to the most part. There is just rarely the need to spend time to develop memory exploits because on every consumer OS there is some sort of memory-safety protection. At least DEP or ASLR unless you get lucky and and the software or shared libs have all that disabled or reliable rop gadgets are found.
1 comments
Genbox 1154 days ago
I'm not making general claims about the use of memory exploitation - only questioning the statement that they are not widely used.

With more than 500 forensics cases with my name on it, and a substantial amount of them being RCE based, I'd say it is more than just guessing.

There is no need to spend time on developing a exploit when you can find hundreds new ones every month on GitHub. DEP and ASLR are also not used in embedded devices where memory management in the firmware is atrocious.

link
_8j50 1153 days ago
Well I didn't claim that memory exploits were not used. They're just rarely used when compromising end user workstations these days. 10 years ago you had rampant exploit kits for example none these days. You still see memory exploitation if internet facing stuff or even internal devices for lateral movement.

The comment you were replying to is talking about the majority if compromises. Citing your case stats to argue against that is a bit weird.

link
FreakLegion 1153 days ago
Your experience is valid. I'm absolutely not saying memory exploitation doesn't happen, only that it's so comparatively infrequent in the 2020s that magically eliminating it wouldn't change the economics of attacks.

As a point of comparison, 10-15 years ago exploits in general were much more prevalent. Flash was still around, people read PDFs in Acrobat instead of PDF.js, Internet Explorer hadn't been displaced by Chrome, macros were just starting to make a comeback after signing restrictions from the early 2000s were lifted, crown jewels hadn't yet moved to the cloud via SaaS, and things just weren't commoditized like they are now with pentest frameworks, LOLBins, etc. In fact the most commoditized element in those days was exploit kits targeting IE memory vulnerabilities. The landscape has changed a lot since then.

I'm vendor-side research, which gives me pretty broad visibility here.

link
selfmodruntime 1153 days ago
ASLR and other hardening practices are also not used in old machines on your network everyone forgot about
link