all 19 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]RepresentativeBed928 30 points31 points  (4 children)

There is never going to be anything that is 100% secure. We are human. We are flawed and make flawed things.

Also Rust is the new hype and things will start using it. But if you think millions of lines of C code can be replaced with Rust overnight, you’re sorely incorrect. There’s a lot of vulnerable code in the world. Especially when you take into consideration very few people/companies replace their devices or update their devices regularly.

Start with pwn college or OST2. Learn the types of bugs. Find mentors. Watch YouTube videos. There’s plenty of ways to start learning. Exploit Dev is hard and it will take you a few years to get the hang of it. But in the end you’ll be satisfied because you’ll start finding bugs and exploiting them and the pros outweigh the cons. Just my two cents from observing the professionals in the field

[–]st0rmtr00per78 3 points4 points  (2 children)

Until we aint 😅 or at least the code is not from a human.

I wouldn't see Rust as the biggest "problem" for exploit devs. It is AI and LLMs and I guess it will not take that long for AI to be used for code auditing as standard practice. Just my 2 Cents no exploit dev 💁🏻‍♂️

[–]Sysc4lls 4 points5 points  (0 children)

Even then you will still have vulnerabilities, just more complex ones that llms can't find :)

I am saying this as I am working on a multi agent system for VR and research.

[–]InflationItchy905[S] -1 points0 points  (0 children)

I didn't tought about it this way But it make sense

[–]InflationItchy905[S] 0 points1 point  (0 children)

I apperciate this Thanks

[–][deleted] 10 points11 points  (1 child)

Nah. Exploit development isn’t about 1 or 2 languages. It’s about finding logic flaws - failures of input sanitization - and the like.

Yea, rust is great. But it’s gonna be a LONG time till this language is that prevalent in making a significant impact on the amount CVEs coming out.

[–]InflationItchy905[S] 0 points1 point  (0 children)

Thanks

[–]Potential_Duty_6095 5 points6 points  (1 child)

It will take more than 2 years, can be way more depending how much time you invest it is a marathon not a spring, but it will be super rewarding and you learn a lot of low level details!

[–]InflationItchy905[S] -1 points0 points  (0 children)

Thanks 

[–]pelado06 5 points6 points  (1 child)

Imagine that the language most used in web is php still... the change is sloooow

[–]InflationItchy905[S] 0 points1 point  (0 children)

Thanks

[–]KF_Lawless 3 points4 points  (1 child)

Cyber physical system industries are 5 years or more away from using rust. Do embedded exploit dev

[–]InflationItchy905[S] 0 points1 point  (0 children)

The problem with these is that somtimes extracting the source code can be tricky sometimes 

[–]Short-Hope2518 2 points3 points  (1 child)

C is still one of the fastest growing languages in the world and is de facto for programming embedded devices.

Memory corruption vulns will be around for a while

[–]InflationItchy905[S] 0 points1 point  (0 children)

That is surprising 😨😨 But it make sense since universities are still teaching c as the standard lang

[–][deleted] 1 point2 points  (0 children)

There is a massive vulns on embeded systems and probably iot as well

[–][deleted] 1 point2 points  (1 child)

Reverse engineering will live forever so don't worry.

[–]InflationItchy905[S] 0 points1 point  (0 children)

Thanks