PoC validation

Actual exploit testing, attack simulation, and lab experimentation is handled by:

  • Vendors of the affected devices/software

  • Reference labs or sector labs (for industrial/critical devices)

  • National CSIRTs if the CVE affects national infrastructure

What would minimally be needed in a test lab?