"Are Researchers Helping Criminal Groups?"
The tools and exploits developed and publicly released by penetration testers and security researchers are expected to continue helping adversaries launch attacks aimed at compromising targets. The public release of offensive tools used by penetration testers and security researchers are said to lead to the discovery of possible attacks and the development of mitigations that work against testers and adversaries. However, it has been found that many intrusion groups often leverage public security tools and exploits. In addition, if anyone can access public offensive tools on the Internet, attribution becomes more difficult. Penetration testers and security researchers are encouraged to provide information pertaining to detection, mitigation, and countermeasures when they release new tools and exploits to the public. This article continues to discuss the argument in support of public offensive tool releases, concerns about the negative impact that offensive research can have on enterprise security, and what should be shared in conjunction with security researchers' new offensive capabilities.
Tech Radar reports "Are Researchers Helping Criminal Groups?"