K. Reid Wightman :verified: 🌻 on Nostr: Infosec pro tip: If you're a vulnerability researcher, and you find some gnarly vulns ...

Infosec pro tip:

If you're a vulnerability researcher, and you find some gnarly vulns in stuff, go hunt on Shodan. And, do what you can to track down the owners of the vulnerable equipment to give them a heads-up/warning.

ISACs have been really helpful at this. In the past, we've reached out to MS-ISAC (RIP?), E-ISAC, REN-ISAC, and others. Given them a list of IP addresses and owners, a brief synopsis of what the problem is, and remediation advice (ports to block, stuff to look out for).

Vulnerability crap can seem overwhelming at times, but I've gotta say: seeing even a couple of IP addresses of vulnerable devices disappear due to just reaching out to owners, is an incredibly rewarding feeling. There's no money in it, but dang it feels good...