#Zero-Days

Vulnerabilities are not immediately known. Rather, they have to be discovered by players through various means, for example (more ideas below): vulnerability research/fuzzing, analyzing attacks, finding exploits in the wild, purchase from other players (zero-day brokers), or public disclosure by other players via ExploitReport.exe (which might then add it to the next version of metaxploit.so). This would provide more depth to the exploit/vulnerability system, would make it harder to establish 100% secure servers with minimal effort (since it's harder to known all vulns up front). This system would reward skill and effort since zero-days would be hard to find but powerful in use. Sys admins of prominent services would have to employ layers of defense and more active monitoring, which would make defense more interesting as well.

Below I ellabortate on some related ideas for this system, but the core idea is the same: vulnerabilities start as secrets and become powerful tools for those who are lucky, skilled, or determined enough to find them. However, once these become public they are added to MetaxPloit and easily usable by everyone. Ideally this would only affect the most experienced players already pushing the game to its limits. Otherwise it's just some fun new mechanics for others to use without hampering their ability to play.

Exploits in the wild:
While hacking into networks, players can discover a new type of loot in addition to things like chat logs, images, etc: closed or open-source exploits. This rewards players for hacking around and can be very attractive loot. Open-source would be most useful because it would reveal the address/string combination. Closed source could also be useful but not as much (harder to plug into tools and such). This is also an opportunity for trickery by other players if they choose to leave incorrect or malicious exploits around

Exploits that players have to find themselves are an interesting idea. It would be great to leave them for secret missions.

Vulnerability Research:
Change the methods for MetaLib.scan/scan_address to the following:
MetaLib.scan(address: string): Boolean
MetaLib.scan_address(address: string, string: string): Boolean

They can both take time to run (like .scan does now), and only indicated if the provided address/address-string combo is vulnerable. Players have the option to fuzz libraries for new vulnerabilities. Upon discovering a vulnerable combination, player would still have to elicit the requirements (if any) for the exploit through testing against various device configurations (which would add a skill requirement to the brute-forcing aspect)

I feel game is already harder for new players, I don’t think adding hidden exploits are ideal that can be kept secret. Unless you have some way to help balance this out.

Sounds good on paper but execution is what matters.

Public Disclosure:
Players can choose to publicly disclose vulnerabilities they find. They might do so for several reasons (ideas): cash reward/bug bounty, reputation (the actual metric in game or just generally in the community, maybe combine with some kind of scoreboard/feed), it would trigger an update cycle for that vulnerability so a patched version would actually get deployed (if players are using that lib they'd like want it patched). Public disclosure would trigger a library update and the vulnerability and its details are added to the next Metaxploit and get returned upon the current calls to MetaLib.scan/scan_address(address)

So all vulnerability are hidden and needs discovers by the player base?

I’m confused on this idea

I think zero day should be part of the game's story. Make a dedicated LAN for secret mission and then create a computer that the player needs to hack into to be bulletproof. Next, the player will look for a way to get into the computer and subsequently find zero day in some unexpected way.

Pentesting Missions:
Players can perform a pentest/code review/etc. for companies. They receive a binary and maybe a vulnerable address (to save time). Once the discover the string, they can choose to send it back to the mission provider and receive a lot of money, which could also trigger an update cycle like public disclosure (but maybe a much, much slower one). They can choose to keep it for themselves and lose reputation. They can also choose to publicly disclose it, which also fails the mission and triggers the example event I describe above in Public Disclosure

I don't think it's a good idea to add zero day with some small chance to a library and generally give users freedom to use over them.

Vulnerabilities in new libraries start out as hidden and would need to be discovered. Once they are publicly reported, they get included in the next MetaxPloit update. This would be to ensure the game remains playable as normal ~90% of the time. It's with the newer libs players patch to that would likely be most targetted by zero-day researchers. New players mostly focused on NPCs and other new players would ideally not have their gameplay disrupted much.

This is why discovering vulnerabilities all on your own should be a very challenging process. The longer you sit on it, the greater the chance someone else discovers it. The more people that know about it, the greater the chance it gets shared around until eventually (ideally) someone publicly discloses it and everyone knows about it. Using exploits could also potentially trigger an event in the logs, revealing the exploited address and string combination.

I don’t see this as a win for new players and challenge for experience players. This just adds more difficulty to a game that’s already difficult for new players to begin with. I will have to down vote this one

Yeah that would be awesome. A level 5 mission or something: attack this fully patched server

I wouldn't say it's meant to be a win for new players. I hope it could add depth and challenge to the players currently pushing the game to its limit. Hopefully some of my other suggestions could work to accomplish this without hampering newer players too much. Again, it would ideally have the greatest affect on new libraries, which currently are not that common in NPC networks.

i think its something that desperately needs to be added, it will prevent absurd libraries and make the game more fun, it will give it more variety so you arent stuck doing the same thing for an hour then log off because ur bored

Yeah, it could also come with a larger number/greater severity of vulnerabilities in all libraries. Because it takes time for vulnerabilities to trickle into the public sphere, newer libraries would generally be the safest, but this would encourage experienced defenders to regularly patch.

would you be up for continuing in a DM? I agree that this should not make the game more difficult overall and am open to ideas for how to balance this.

Sure

This could lead to a classic black/grey/white hat dividing line: what do you do with a newly discovered zero days? Here are some possible scenarios:

White Hat: Disclose it publicly (or report it to the company if doing a pentest mission, or both!). Get some money, a boost to your reputation, and allow server owners to harden their stuff

Grey Hat: Sell it off as a zero-day broker. Maybe disclose it too, Maybe report it during a pentest mission but don't publicly disclose. Zero-day broker shops could pop up selling perhaps the most useful commodity the game has ever had. Players can make entire playstyles built on this.

Black Hat; Horde them, horde them all. Share them with your guild. Plan attacks and utilize an inventory of precious zero-days to target high-value services. This is the most difficult path to walk, but perhaps the most rewarding.

Another exploit discovery tactic...
Sniffing:
If a remote exploit is executed on a device while a Metaxploit.Sniffer instance is running, the details of that exploit (address and string) are revealed. This would make use of zero-days risky because there is a chance you'll show your hand. This would reward careful and diligent attackers and defenders and would provide another avenue for zero-days to make their way into the public sphere the more they are used.

Exploit reporting:
Reporting an address/string combination starts an update cycle that only removes that specifc vuln, and possibly adds new hidden ones. The unpatched vulns from all previous versions continue to exist until they are specifically reported

Hackshops:
Hackshops might include zero-days which could be another avenue for introducing them into the public sphere

I love this. Not only does it do what you said, but it also lets you be part of the reason why metaxploit updates, and how hidden exploits are found as time goes on. You can really be a part of the hacking community in the game universe.

its already how exploit reporting works,,,

Well yes, but I still have yet to be convinced that exploitreport.exe actually does anything, as it hasn't caused any changes that I've seen whenever I used it

And the vulnerabilities that you report are already known by metaxploit, aren't they?

The reporting isn't instant

It is instant, but the patches that happen can range from 5-10 minutes IRL last I used it

NPC networks typically won't update them immediately after new version release anyway.

Maybe it takes longer on singleplayer since less people are reporting and using the exploit

yeah

Read the original dynamic library vulnerabilities thread. I don't know why we had to make a new one but that one went into more detail.

Also not every Feature can or should be a win for new players and a challenge for pros.

I mean how are cryptocurrencies, the last feature added a win for new players. This feature would just add more content (coding shops etc). It also gives players a reason to further secure their servers in case there is still a undiscovered vulnerability

I read the thread, I am on the side with clover

And me and owner of this thread had discuss this in dms

and unfortunately we do not see eye to eye

needed addition to the game