For example:
https://twitter.com/pwnallthethings/status/74852434881898905... No, not every fixed security issue gets a CVE. Not even 1% of them. This is why while auditing a target you'll try to get a copy of the software version they run, and any newer versions to identify patched bugs.
Why is it that .ru intelligence is even pegged as a likely candidate here? Literally nothing pointing towards them, you don't have to be an intelligence agency to pop some DNC boxes.
For example: https://twitter.com/pwnallthethings/status/74852434881898905... No, not every fixed security issue gets a CVE. Not even 1% of them. This is why while auditing a target you'll try to get a copy of the software version they run, and any newer versions to identify patched bugs.
https://twitter.com/pwnallthethings/status/74852495484558131... There's really no inconsistency here, "non-public" generally means "not very well audited"
Why is it that .ru intelligence is even pegged as a likely candidate here? Literally nothing pointing towards them, you don't have to be an intelligence agency to pop some DNC boxes.