Monday, December 27, 2021

The Infosec Tower of Babel

If you’re God then confusion makes sense. Making people say the same thing in different languages was effective risk management when it came to shutting down the Tower of Babel APT gang. All of the babbling fools had a problem. What if you saw a loose brick that a co-worker was about to step on, and he would surely fall to his death if he did? You yell out “STOP, the brick is loose,” but in his language you said, “Get me a sandwich” Well, he tried to. He even landed right in front of the cafeteria, but he never got up again. That’s the problem, if you don’t use the same words to describe the same thing, the you’ll never get your sandwich.

Time and time again in the infosec world I hear people call vulnerabilities exploits, exploits vulnerabilities, and call payloads either exploits or vulnerabilities. And so, as a public service, and to prevent you from incurring the wrath of God, I’m going to explain the differences between vulnerabilities, exploits, ad payloads while I tell you all about the windows vulnerability I found, how I exploited it, and the unexpected payload. Well, it wasn’t unexpected to my wife, but she knows what I’m capable of.

Check out my latest SecureIQLab blog at

No comments:

Post a Comment