Adversarial Intelligence: Redefining Application Security Through the Eyes of an Attacker
CVE/FIRST VulnCon 2025 · Main Stage
In this thought-provoking VulnCon presentation, "Adversarial Intelligence: Redefining Application Security Through the Eyes of an Attacker," Roy, an expert from Codem Security with a notable background at NSO Group, provided a unique perspective on application security. The talk delved into the strategic mindset of advanced attackers, drawing heavily from his experience with **Pegasus**, NSO Group's infamous spyware. The core thesis posits that defenders can significantly enhance their security posture by adopting an adversarial lens, understanding how vulnerabilities are exploited not in isolation, but as interconnected **chains** designed to achieve specific objectives.
AI review
Roy brings legitimate offensive credentials from NSO Group and the core thesis — think in chains, not individual CVEs — is directionally correct and worth hearing. But the talk delivers the concept without the receipts. No actual exploit chain walkthroughs, no real technical artifacts, no specific Pegasus internals that would make this more than a well-credentialed version of advice you've read in a dozen AppSec blog posts. The NSO background is the hook; the content doesn't fully cash the check that hook writes.