Risky Bulletin: Between Two Nerds – The Death of the Exploit
Podcast: Risky Bulletin
Episode: Between Two Nerds: The Death of the Exploit
Release Date: September 8, 2025
Hosts: Tom Uren (“A”) and The Grugq (“B”), occasional remarks from a third guest ("C")
Episode Overview
This episode explores the concept of the "death of the exploit" in cybersecurity. Tom Uren and The Grugq discuss how technical exploits for software vulnerabilities—once a primary vector for attackers—are becoming less relevant due to changing defensive technologies, shifts in attacker behaviors, and evolving value chains for access. Instead, attackers increasingly rely on alternative methods like phishing, credential theft, and abusing misconfigurations, which are often cheaper, more efficient, and less risky.
Key Discussion Points & Insights
1. Historical Cycles and Technology Obsolescence
- Analogy to Military Tech: The hosts liken the evolution (and obsolescence) of exploits to the way military technology peaked and then got replaced by radically different approaches.
- "It does feel a little bit like that stage of the Cold War where they were making strategic bombers by just adding more and more propellers…at some point you run out of wing." (B, [01:40])
- Smartphones as Case Study: Modern mobile devices by Apple and Google are so hardened that reliable exploits require complex chains of vulnerabilities, making sustained exploitation increasingly impractical.
2. Exploit Economics and Survivability
- Escalating Costs and Rarity: As platforms become more secure, exploit development becomes accessible only to the richest, most determined adversaries.
- "It said that these [commercial surveillance] vendors are behind nearly half of known zero day exploits targeting Google products." (A, [04:00])
- Value of Specificity: Only targets of high value justify the massive investment needed for bespoke exploit development. "[Most] need a Gmail account, not this Gmail account." (B, [05:48])
3. The Rise of Alternative Attack Vectors
- Infostealers and Phishing: For most cybercriminals, phishing or buying stolen credentials is more cost-effective than technical exploitation.
- "Lapsus and Scattered Spider, these guys are not using exploits. They don't have ode and they are super effective…these are teenagers with, like, $10,000 in crypto that they're using to gain access to something." (B, [19:47])
- Less Reliance on Zero Days: Intelligence agencies or surveillance vendors need zero-day exploits for highly targeted operations—but even groups like North Korea mostly succeed with phishing and reserve exploits for rare, high-impact targets.
- Exploit as Last Resort: "Most the time you can get away with throwing a brick through a window, but every now and then…use your lock picks to open the door." (B, [07:51])
4. Changing Landscape in Enterprise & Cloud Environments
- Shift to SaaS and Supply Chain: As businesses move to interconnected SaaS tools, attackers target weak links in the service mesh or abuse tokens and secrets, not traditional OS exploits.
- "When you're looking at exploits…what you need is a Salesforce access bypass...But once you have that, it's only good for Salesforce." (B, [10:44])
- Recent Incidents:
- Salesloft Drift Compromise: Attackers leveraged access to AI agents and support-case text containing secrets—as opposed to exploiting software bugs. ([11:50])
- Cloudflare Response: Rapid key rotation is now feasible, unlike the past when the theft of 100+ secrets would've been catastrophic. ([15:34])
5. The Enduring Niche Value—and Media Fascination—of Exploits
- Niche But Spectacular: Exploit development is vital for nation-states and surveillance vendors, but irrelevant for most attackers. The rarity and high price make them even more attractive to media.
- "Even though we're declaring the death of the exploit, we're going to continue hearing more and more about them." (A, [25:26])
- The Ironic Afterlife: "The exploit is dead. Long live the exploit." (B, [25:33])
Notable Quotes & Memorable Moments
- Ratcheting Complexity:
"Whenever [exploits] come to light it's seven chained bugs, each of which is a PhD dissertation on how to do some amazing thing when you've got a two bit overwrite of a linked list." (B, [02:23]) - On Phishing Outpacing Exploits:
"Breaking into the phone to get access to your email account is probably a lot harder to do than just asking for access to your email account." (B, [02:23]) - Vendor Hardening vs. Enterprise Laxity:
"It seems that there is a dynamic that has driven at least Apple and Google to actually work very hard...as you move down from the most personal device…enterprise products [are] like, oh, I don't care at all." (A, [09:48]) - On Secrets in Logs:
"If you go back 20 years…that would be a cataclysmic critical event...these days it's like, oh, yeah, well, we just click, you know, select all. Then we clicked revoke." (B, [15:30]) - Media Hype vs. Reality:
"As exploits become more and more niche, the media interest in them will in fact, get bigger and bigger because they're more unusual, they're more exotic." (A, [25:05]) - Badge of Honor:
"There was the Russian ransomware threat actor. He printed out his FBI wanted poster as a T shirt that he wears." (B, [23:50])
Timestamps for Important Segments
- [00:12] - (Intro/blurb about exploit death; setting theme)
- [01:40] - (Cold War analogy; intrinsic limits of exploit chains)
- [03:40] - (Commercial surveillance vendors; zero-day economics)
- [05:48] - (Infostealers vs. targeted exploitation)
- [09:06] - (Differentiation by product; niche persistence of exploits in some products)
- [10:44] - (Enterprise SaaS landscape; exploits in service meshes)
- [11:50] - (Salesloft/Drift incident: secrets harvesting versus classic exploits)
- [15:30] - (Modern incident response: key rotation is now trivial)
- [19:47] - (Access brokers like Lapsus: effective, non-exploit methods)
- [25:05] - (Exploit rarity fuels greater media interest)
- [25:33] - ("The exploit is dead. Long live the exploit.") – episode wrap-up
Tone and Style
The hosts balance technical context with casual humor and lively analogies. Their skepticism toward media hype and industry trends is grounded in seasoned, insider observations.
Conclusion
This episode of "Between Two Nerds" underscores a profound shift in cyber offense and defense: traditional software exploits are becoming rarer, more difficult, and exclusive, while most real-world compromise today relies on less glamorous but far more accessible methods. Despite this, exploits' perceived value and newsworthiness are likely to increase, ensuring they retain a central place in the public imagination, if not in most attackers’ toolkits.
Summary prepared for those who want an engaging, insightful walkthrough of modern exploit economics, attacker behavior, and cyber risk without wading through the full episode.