How do anonymous grey hat hacking groups consistently find windows entrypoints and exploits to sell to people? Do they have botnets brute forcing random things to try and find glitches in recent patches?



Do they use botnets or something to brute force random things to find glitches to exploit?

In: Technology

“Grey hat” hackers would not sell exploits, they are called grey hats because they are not looking to exploit systems for personal gain (which selling would be personal gain, something done by “black hat” hackers) but rather they have other motivations (such as doing it for fun, or to help make software more secure) *without* authorization from the owner of the system/software (hackers working with authorization are “white hat” hackers).

That said, they find stuff just like most other types of hackers, they know how computers work, they know how software works, they attempt to exploit systems in various ways…some based off older/patched stuff, others based off currently known unpatched things. To intentionally find exploits generally requires a fundamental understanding of the system you are trying to hack so you can envision possible ways to exploit that system. Sometimes things are found by accident, many times it’s the hacker knowing how a system works and attempting to subvert the security controls in place, which requires a level of critical thinking that bots are not capable of.

tl;dr – They rarely if ever use bots or brute force, it’s often targeted and intentional.

The answer to your question lies in the fact that for every Microsoft/Apple/Whatever software vendor employee that is really good at their programming job, there are 10 hackers who are better.

The best programmers out there are not employed by Microsoft, or even by Governments. They are the dudes that get off on cracking everyone elses stuff to prove they are the best.

The largest corporations spend billions of dollars employing entire teams of people to program security and one guy breaks them. It’s about who is the best, and the best are only ever employed if they get caught.