undefined | Better HN

0 pointsTACIXAT6y ago0 comments

>Does it have to be sophisticated and impressive to be advanced?

Yes. I think this is where our opinions differ. It is always a joke to be reading a blog post about an advanced attacker and the exploit is, as you say, the user clicked a jar with a pdf icon.

I agree completely about things that add value to corporations. This is why I am not working corporate security at a startup. I do not care so much about implementing U2F policies or server authentication methods, even though these are much more impactful for the business. I work for a small company, work on less impactful things (in regards to corporate security), and enjoy myself considerably more. If I could stomach the other stuff I would make more money, but I prefer to enjoy my work and hack on obscure things.

Your namesake with eternalblue is quite advanced (even though it was n-day). That stuff is interesting. Reverse engineering that stuff is interesting. I think these things prepare people to do that sort of work.

0 comments

badrabbit6y ago

That's fine,having a specialized interest is ok,just don't say that is a "core concepts of cybersecurity".

You like impressive exploits and vulnerability research,which is good,that upstream work is useful in downstream "core" security whether it be for corporations (a 2 person startup is one) or consumers.

j / k navigate · click thread line to collapse

0 pointsTACIXAT6y ago0 comments

>Does it have to be sophisticated and impressive to be advanced?

Yes. I think this is where our opinions differ. It is always a joke to be reading a blog post about an advanced attacker and the exploit is, as you say, the user clicked a jar with a pdf icon.

0 comments

badrabbit6y ago

That's fine,having a specialized interest is ok,just don't say that is a "core concepts of cybersecurity".

j / k navigate · click thread line to collapse