This guy's work always impresses me. He had a nice Blackhat brief as well.
This list is great and all for redteamers but as a defender, I would like to know if any actual threat actors used these techniques even after publication. Even with all the secret/private and public threat intel I am aware of, none of them register. Not knocking down on threat research, I am honestly curious because I can't tell if I should be on the look out for any real threat actors using these techniques.
Yes, actual threat actors use these techniques even after publication. There is a lot of outdated/misconfigured systems in the wild.
A fairly recent example is the defacing of multiple Ukrainian government websites[1], through exploiting a vulnerability fixed and publicised in august 2021.
There's also around 10,000 (can't remember where that statistic is from) Huawei routers on the internet vulnerable to an issue from 2015, which are constantly being infected with botnet worms.
This list is great and all for redteamers but as a defender, I would like to know if any actual threat actors used these techniques even after publication. Even with all the secret/private and public threat intel I am aware of, none of them register. Not knocking down on threat research, I am honestly curious because I can't tell if I should be on the look out for any real threat actors using these techniques.