I was hoping Micro$oft would leave Github be when they acquired it but alas. From now on publishing PoCs targeting M$ products will be verboten. I hate it for multiple reasons.
1. Reason White Hats should hate this
Sure responsible disclosure is always preferable, but the moment a 0day lands on GH it has become a 1day and if it causes enough alarm M$ will be forced to actually get off their ass and start fixing things.
PoCs provide educational value.
2. Reason Black Hats hate this.
kinda obvious. Now they have to work instead of scraping the webz for an easy fix.
3. Reason M$ themselves should hate it.
If the people running the show over there were actually smart they would keep track of every repo belonging to security folks and start work on counter measures the moment they come across something like a 0day. It would save them time and money plus a lot of embarrassment
If you still want to post your PoCs to GH, even compiled ones; all you need to do is encrypt your source/binary files with OpenSSL after which you base64 the output so you get a long string. Which you can then commit to your repo.
Here's the changes in black and white over at GH.
https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/
