Re: It always staggers me
How these guys even come up with this stuff
By "this stuff" do you mean the original broken systems, or the attacks that exploit them?
The former is just run-of-the-mill software development. A team implements a huge system with lots of features. It's too large for anyone to understand the whole thing, or even a significant portion, in depth. Some developers are better than others at producing robust code. There's miscommunication and erroneous and unshared assumptions. And so on.
The latter is all about scaffolding. Decades ago people were mounting what were then very sophisticated attacks, like the Morris worm: send a malformed request to a program, overwrite part of its memory, trick it into doing stuff it wasn't supposed to be doing. Those were individual, largely unique acts by smart people who put a lot of effort into experimenting with breaking those systems, and even so the attacks were quite simple by modern standards.
Then other researchers studied those attacks and created more straightforward and simpler techniques, and disseminating that information. So you have, for example, Aleph Null's "Smashing the Stack for Fun and Profit", which explained how to do Morris-worm sorts of stuff. That let a lot of people experiment with breaking a lot of systems, and as their techniques got more and more sophisticated.
And then people took those more-sophisticated approaches and extended them further. And so on.
These days, it's quite possible for even someone with no experience in this area to read a few articles, throw some random data at a system until it breaks ("fuzzing"), and then follow essentially a recipe of steps to develop a useful exploit. It may require some understanding of programming, but not a lot. In fact, pretty much the whole process can be automated.
That's not to say Nohl's work isn't good stuff - it certainly is. But it's not like he just sat meditating for days and suddenly the attack sprang full-formed into his mind. There's a huge body of existing practice for doing this sort of thing.