The Current State of Exploit Development, Part 1

less than 1 minute read

CrowdStrike Blog

As you may or may not know, I work at CrowdStrike for my day job. I am also apart of the red team and do not do any official exploit development/vulnerability research. I wanted to address why binary exploits often aren’t as used anymore in typical red team toolkits and explain although the impact of a binary exploit, especially in the kernel, is far more effective than typical red team TTPs - is the return on investment worth it? I would love to see, personally, some red team research shift towards kernel exploits for local privilege escalation - which is often one of the more difficult parts of a penetration tests. But is binary exploitation even worth it at this point for red team work? Let’s find out!

Enjoy! Part 1

Share on

Twitter Facebook Google+ LinkedIn

Connor McGarr

The Current State of Exploit Development, Part 1

CrowdStrike Blog

Share on

You may also enjoy

Windows Internals: Dissecting Secure Image Objects - Part 1

Exploit Development: No Code Execution? No Problem! Living The Age of VBS, HVCI, and Kernel CFG

Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 3)

Exploit Development: Browser Exploitation on Windows - CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 2)