Quote:
Originally Posted by Fyyre
It's obvious why she cannot find employment.
1). Intelligent, but acts emo.
|
Yep, that was my conclusion also. Very intelligent and VERY well versed in inner workings of Windows because these exploits are not simple but also either emo or fighting some real depression...
Quote:
2). Has made hostile remarks at powerful Nation State actors. It is not hard to learn from a little history... i.e. OpenBSD
Granted this is no longer the start of the GWOT, as in 2003.... There is no need to bite any prospective hands that _could_ feed you. Your Moral Compass May Vary.
|
Yeah she did also make a few posts to "spite" Microsoft and their products. Also threw quite a lot of insults toward MS and bounty programs.
But I think the worst thing was taunting MS and people in general by saying things like:
- "I might dump another one soon..."
- "Found another, F*** MS, here it is"
- "Dunno what to do... release or not release...
and such...
Quote:
|
3. Github is open source, there are forks, mirrors... like many of you I too have a copy of this POC. Once online, always online.
|
APLC is still up. tasksche impersonation LPE and win32k.sys race condition LPE are removed. I searched the net (by filenames) but didn't have much luck. I guess VT-I has it at least.
Quote:
|
4. It is down right confusing as to why anyone would openly dump a working 0day instead of trying to monetize(legally, or illegally) or at very least... follow the standard channels for "responsible disclosure"
|
I am also at a loss here. After a first dump (APLC), she ended up on several major "Hacking" news site and made quite the stir because she released the exploit on thursday and "patch tuesday" was long way away so basically for minimum of 5 days people were 100% vulnerable to this.
As to why she didn't report, she never said directly, always steered the conversation away from that...
And also she said MANY times she was low on money. These exploits she is doing are worth like 25k+ Maybe up to 100k. Weird.
Quote:
Many of us have done research of our own that has lead, or been an asset to malicious works. Not due to the fact we directly contributed or were involved. In the fact that in years past we were able to see parts of that research directly reflected in source code leaks, or what have you. It's a strange feeling, although one not often directly attributed.
I guess she went for the less subtle approach. Again, this is all speculation on my part.
|
Well I agree. Lots of various source code flying around that is useful for malware or other malicious things but many of the authors didnt intend it that way.
This was quite malicious. Leaving people vulnerable once, then do it again...
Not that subtle.
I won't and am in no position to judge anyone. I can "understand" the 1st one but after that MANY people came to her and tried to convice her to go to proper channels of disclosure. But then (after a while) came 2 more and who knows what else what she left private.
People still tried to help but as said earlier she mostly steered the conversations into health and general RL stuff.
Weird cookie.