Not all vulns are created equal.
When a new vulnerability prompts discussion on Twitter or hits media outlets, it can be difficult for security teams to wade through all the hype to determine risk and priority. How pervasive is the vulnerability? Is the expected shelf life long enough that it’s worth developing an exploit for? Is it worth dropping everything to patch or mitigate? Does an adversary or threat actor have a desire or motive to exploit the opportunity? Or is it actually… not useful or interesting?
Security researchers and hackers are almost always the first to shed light on the specific conditions and characteristics that make a vulnerability not just exploitable, but actually useful to attackers. AttackerKB was built to capture, highlight, and expand that knowledge for the whole security community.
Here's where you come in:
You each have different perspectives and areas of expertise. Whether you are a pen tester, defender, researcher, consultant, or all of the above, you have hard-won, firsthand experience that’s worth sharing. Both you and the security community can benefit from sharing information.
Have opinions on which vulnerabilities offer the most value to attackers? Thoughts on which CVEs are over-hyped or under-hyped? Experience researching and exploiting vulnerabilities? Share your thoughts and experience in a vulnerability assessment.
The goal of AttackerKB is to provide a forum for the security community to share insights and views that help cut through all the hype and chaos. We believe that providing this information will help security professionals better understand the risk in their environment and make more informed decisions around prioritization and defense.
Please share your feedback (the good, bad, and ugly). Use the feedback button or join us on Slack to talk directly to our team.
If you're looking for more information on how to get started, check out our Guide and FAQ page.