Reading vulnerability and exploit analysis is (and always will be) a hobby of mine. Despite being someone that is fairly comfortable in a debugger, familiar with x86 assembly and has spent 2 decades troubleshooting complex software in large environments, the skill needed to pull off exploiting these vulnerabilities is incredible. When you take into account the work required to bypass somewhat recent developments like stack protection schemes, DEP, and ASLR, building the software to exploit these memory corruption problems is something you can spend your entire life failing at.<p>Sometimes, I have a hard enough time getting software to do what it's legitimately supposed to do, never mind something it's NOT supposed to do!<p>As a side note, there is are some folks that are pretty critical of Project Zero. The argument is that Google should be using these brilliant resources on creating defensive measures rather than playing whack-a-mole.<p>I don't know one way or the other, but I sure enjoy reading what they post on that blog.
It is kind of scary how good the attackers are getting at exploiting code.<p>It must take a considerable amount of work to get proficient in analyzing and exploiting some of this code.