From the perspective of a vulnerability researcher, this presentation dives into the impact of 0day and nday vulnerability attacks on enterprises. It examines the capabilities of attackers at different technical levels, the considerations when attackers exploit vulnerabilities, and the cost implications of thwarting attacks at various levels (0day, 1day, nday). The presentation suggests how enterprises can effectively construct defense mechanisms to increase the cost of hacker attacks. This involves raising the risk of detection for attackers post-successful exploitation, thereby enhancing the overall effectiveness in combating vulnerability attacks. The emphasis is placed on multi-layered and comprehensive protection as a crucial strategy in addressing continually evolving threats in the realm of cybersecurity.

In 2023, we will execute 30+ clients and over 180+ penetration test subjects, from which we have found many interesting cases, including AI chatbot jailbreak, intranet penetration of over 20 years old CMS. In 2023, the main industries we tested are: finance, gaming, food and beverage. On average, we find at least 1 High, 1 Medium, and 1 Low security risk for each project, we explore the risk items and statistically analyze them. In the process, we try to increase the execution speed of the project and optimize the testing process, and hope to share and exchange with the industry.

" Is my enterprise secure ? " has always been difficult to answer through Red Team Assessment, as organizations often only address short-term issues without integrating them into long-term cybersecurity strategies. In this presentation, we will examine the challenges faced by enterprises based on observations from nearly a hundred red team experiences and reflect on past issues. To address this, we will introduce a new approach to structuring red team outcomes, like placing axes on the battlefield, to help enterprises overcome the dilemma of solving short-term problems separately and effectively leverage the full benefits of Red Team Assessment.