Comment by dfajgljsldkjag
12 hours ago
I was under the impression that once you have a vulnerability with code execution, writing the actual payload to exploit it is the easy part. With tools like pentools and etc is fairly straightforward.
The interesting part is still finding new potential RCE vulnerabilities, and generally if you can demonstrate the vulnerability even without demonstrating an E2E pwn red teams and white hats will still get credit.
He's not starting from a vulnerability offering code execution; it's a memory corruption vulnerability (it's effectively a heap write).
It's as easy as drawing the rest of the owl, sure.