Sometimes I am asked how to get started in VR. Pick any new Windows kernel security update, patch diff it, try at least to spot and analyze a vulnerability there, and try to write an exploit for it. 1/2.

And sooner or later as you progress you understand that the days when something looks promising are good days in themselves. First rule of exploit club: we don't talk about the days where you hop functions one by one and can't generate a single valuable idea about them.

Kernel exploit developers, does this ring the crash analysis bell?.

When working on certain hard exploits, you might dread & fold from how difficult the task is; true, some exploits are nearly PhD-level problems, verily so. But there will be no gain without this pain. You either go through it or go away. There is no royal path.

When you were trying to calibrate the payload to land a bit more precisely and not only it didn't work but the old poc has also stopped working correctly

My 0x41, my 0x41, don't lie to me, tell me where did you land last crash.

I believe that in the hardest levels of this game, e.g. when hunting the hardest bugs (like zero clicks), it's not only and not that much about the skill but about ability to stay searching long enough so that luck may hit you. Doesn't mean skill has no role, I'd reiterate.

There is no actionable advice how to achieve that. It will simply come with time, patience and endurance, by itself. It would require you to have determination to stay in the game, obviously, but that's a different topic. If you're patient, things are going to work out themselves.

Strategically, you're still in the game because of the overall great reward. But tactically, in work process, it is my opinion that it is better to go cold turkey.

Why subject yourself to that? Because as much as you rely on rewards tactically, you are chaining yourself to punishments. And this is a bad deal because you will inevitably have much more losses than wins in this game. So if you ditch rewards, you may ditch punishments too.

By small wins I mean engaging in some sort of much easier side projects which give you a sense of completion of tasks, hence some positive psychological reward.

You'll often hear you need small wins to keep you going through mostly non-rewarding loop of vulnerability research. I don't agree with that. Small wins will always be lesser than the great ones. Instead, let yourself experience the dread. Learn to live in its presence. Adapt.

@grok your ideas for solving this in a zero-knowledge proof style?.

A and B are mutually trusted exploit buyers. They want to verify that they're buying different exploits from a seller S, assuring exclusivity of sale. They could agree on a hashing a description of vulnerability ("integer overflow in Function"); what are other fun ways to do it?.

The dwarves delved too greedily and too deep. You know what they awoke in the darkness of ndis.sys. Shadow and flame.

Was watching Roland-Garros and thinking that the single most important skill is to remain composed & professional in the face of pressure. Not overly optimistic or pessimistic. In your lane. Not giving into emotions. Playing your game. Directly related to vulnerability research.

RT @udunadan: They say the key to psychological health is worrying only about that what you can control. And vulnerability research is, in….

Linux shows a solid record of being unhackable.

And it's actually quite hard to deliberately train creativity. Like many things, it grows through effort, experience and studying others but in itself, it's a skill that grows slow and hard.

Exploit development is a tough game. But it's the game we play.

How can you know you're progressing if you haven't yet found a real, exploitable bug? You start missing bugs (you were looking at a right place but misjudged), you find bugs that had already been patched; intuition is leading you to the right places but you fail to get there.