, 8 tweets, 2 min read Read on Twitter
I've tried to keep this bottled up, but seeing as we've a whole wave of new people to our industry, maybe it's time to help rather than stand silent.

0hday/Zeroday/0-day exploits should be the least of your worry. Adversaries mostly wont be using them*
Vendors have loved the term and jumped on it like a tourists at a free buffet breakfast. It sounds sexy, I mean a cyber weapon/pathogen that's mythical and unknown. My gaaawd how cool. Oh we can detect it and stop it. SIGN ME UP!!
Thing is, ask any good attacker today in 2019 and they won't be burning 0hday for most things. Mostly because it has become a damn valuable asset. Zerodium (market broker leader for exploits today since our resident Bangkok dude retired) just updated their pricing
The rage with Middle-eastern govs is zero-click RCE's, you know, to monitor those pesky citizens who say stuff. This has driven the price sky-high, so if you do sit on such a thing, you aren't dropping it like it's hot, that's for sure. The thing is, you also don't need to.
Sadly we, as an industry, still struggle with patching. It's hard, it's our kryptonite and therefore you don't *need* 0hday when CVE-2017-0199 still works like a charm, or you use Ruler (oh @_staaldraad that's one of the sexiest things i've seen)
Now here's the ugly truth: 0hday sells.
It makes vendors seem like they are solving the impossible, but in reality it's all mostly shit. Time and time again we've seen this play out, but we are a magpie industry where shiny and new trumps the basic and known.
*

There will always be some targets that warrant the use. Often it boils down to a simple equation

What you have + your OPSEC * CAPEX of your adversary ='s use case.

If you are deemed attractive by a regime with unlimited capital, then your threat model is different to most
For most of us, it's about taking care of IT hygiene. Know what you've got under your control, plan and implement a solid patching routine as quickly as possible and use telemetry. Save the millions for hiring good people, not tech!
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Daniel Cuthbert
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!