For PoC exploits, go on Twitter

Proof-of-Concept exploits are increasingly being shared and discussed online, threat intelligence firm Recorded Future has discovered.

Between March 22, 2015 and the present day, there have been approximately 12,000 references to shared POCs – and that number is almost triple of what it was in 2014.

“Our research shows that POCs are disseminated primarily via Twitter, with users flagging POCs to view externally in a range of sources — code repositories (GitHub), paste sites (Pastebin), social media (Facebook and Reddit surprisingly), and deep Web forums (Chinese and Spanish forums),” the company has pointed out.

PoC exploits are created by hackers but also security researchers and academics, and the reasons for developing them vary. The former obviously use them in attacks, while the latter are mostly trying to show the world (and prospective employers) what they can do, and to push companies into fixing their products.

“The underlying technologies being targeted in POC development are widespread and high value – smartphones, office productivity software, and some core functions in Windows/Linux machines (DNS requests, HTTP requests, etc.),” the company noted.

Among the ten vulnerabilities most discussed in the last year of POCs were the glibc flaw discovered this February, two Microsoft Server vulnerabilities (one of which was exploited in the wild for DoS attacks), a virtualization platform vulnerability allowing the execution of arbitrary code to escape VMs (CVE-2015-3456), zero-day in Linux kernel that also affects Android devices, and Stagefright, and VENOM.

Exploit creators are (not unexpectedly) mostly concerned with writing PoC exploits for vulnerabilities that allow initial system access through privilege escalation and buffer overflow attacks.