It's Not a Vulnerability, It's a Feature - Exploiting Built-in Functionality

Explore the evolution of offensive security from CVEs to TTPs in this 53-minute conference talk. Delve into the concept of "it's not a vulnerability, it's a feature" and how attackers leverage built-in functionalities for malicious purposes. Learn about the Living off the Land Binaries and Scripts (LOLBAS) project and its focus on Microsoft-signed binaries. Discover how creating, sharing, and selling TTPs can benefit the cybersecurity community when vendors don't acknowledge certain functionalities as vulnerabilities. Gain insights from industry experts Bryson and Jorge as they discuss the maturation of offensive security techniques and the potential for monetizing feature-based exploits.