When a new vulnerability prompts discussion on Twitter or hits media outlets, the security community collectively participates in a familiar triage process: Is the bug pervasive, exploitable, or both? Is it worth dropping everything to patch or mitigate? Is the expected shelf life long enough that it’s worth developing an exploit for? Or is it actually...not useful or interesting?
Security researchers and hackers are almost always the first to shed light on the specific conditions and characteristics that make a vulnerability not just exploitable, but actually useful to attackers. The Metasploit team has been working on a new project to capture this knowledge: AttackerKB is a knowledge base of vulnerabilities and informed opinions on what makes them valuable (or not) targets for exploitation. Starting soon, we’re looking for beta users to participate and provide feedback that will maximize AttackerKB’s value to all security practitioners—blue, red, and every other color.
If you have opinions on why not all vulnerabilities are created equal (and you’re not afraid to share those opinions!), we want to work with you to highlight that knowledge for the benefit of the whole community. And before you ask, yes, of course we want beta participants from blue teams and appsec shops and other defenders in addition to offensive security researchers and operators.
Beta sign-up is here: https://forms.gle/9uuypnUkQqFezc9y6
We’ll respond to beta user requests on a rolling basis. We’ll do our best to respond to everyone within a few weeks.
A few notes on what we’re asking for and what you can expect:
We’re looking for assessments of vulnerabilities, especially research notes and characteristics that indicate high or l ..
Support the originator by clicking the read the rest link below.
