> Really, to me, the hard part is getting in without needing to have the user consciously do anything
That's why I said remote/browser, everything else is noisy and therefore the 'easy' route. Usually this is sufficient for low tech nation states because they attack organizations not individuals, so all you need is a weak human link where noisey isn't a big deal. Then moving horizontally across the organization.
But more importantly OS are terribly insecure and privesc bugs are a dime a dozen. You don't need zero days to achieve that the vast majority of the time.
Yeah, sorry, a no-click / remote exploit is hard. I agree with you there.
But a browser exploit isn't. They're a dime a dozen. Also, I'm surprised that email is still a primary vector that's used to get people to click on links with their work computer. It seems like such a monitored method compared to, say, a LinkedIn contact.
That's why I said remote/browser, everything else is noisy and therefore the 'easy' route. Usually this is sufficient for low tech nation states because they attack organizations not individuals, so all you need is a weak human link where noisey isn't a big deal. Then moving horizontally across the organization.
But more importantly OS are terribly insecure and privesc bugs are a dime a dozen. You don't need zero days to achieve that the vast majority of the time.