Real problems worth solving

In dense urban environments, drones flying at 10-30m altitude between buildings are masked by structural clutter creating radar multipath reflections, obscured from electro-optical sensors by building shadows, and hidden from acoustic sensors by ambient city noise at 60-80 dB. A drone flying down a city street at rooftop level is effectively invisible until it clears the last building, leaving under 10 seconds for detection-to-engagement. This persists because all C-UAS sensor suites were developed and tested in open-field environments with clear line-of-sight -- urban environments violate every assumption in the sensor design.

Developing kernel exploits requires rebooting the target VM after every crash, reattaching the debugger, and restoring state -- a cycle that takes 2-5 minutes per iteration compared to 5 seconds for userland debugging. A single kernel exploit can take 200-500 iterations to stabilize, meaning weeks of wall-clock time spent watching VMs reboot. This persists because kernel debugging fundamentally requires a separate machine (or VM host) as the debugger, OS vendors intentionally make kernel debugging harder to raise the attacker's cost, and no one has built a snapshot-restore workflow for kernel exploit dev that matches userland tooling like rr or time-travel debugging.

Military FPV drone production relies on hand-soldering because PCB designs change every 2-4 weeks in response to battlefield feedback (new ESC layout, different antenna placement, added GPS module). SMT pick-and-place machines require 2-3 days of programming and stencil fabrication for each new board revision, making automated assembly uneconomical for runs under 500 units of a single design. A skilled soldier-technician solders 12-15 complete drones per day. This creates a hard manpower ceiling on production throughput. This persists because the design iteration cycle is driven by adversary adaptation (new jamming, new tactics), and slowing iteration to enable automation means fielding obsolete drones.

Current C-UAS interfaces present each drone as an individual track requiring manual classification and engagement authorization, but when 50-100 drones arrive as a coordinated swarm, an operator physically cannot classify all targets before arrival -- at 60 km/h, a swarm 2km out arrives in 2 minutes, giving 2.4 seconds per target. This persists because C-UAS doctrine was built around the single-drone threat model of 2015-2020, and autonomous engagement violates DoD Directive 3000.09 requiring human judgment in lethal force decisions. No military has solved how to keep a human 'in the loop' when threat arrival rate exceeds human cognitive processing speed.

Red teams age domains for 30-90 days and build reputation through benign traffic, but 60-70% of aged domains are still flagged by email security gateways (Proofpoint, Mimecast) before the first phishing email is sent. The gateways use proprietary scoring that considers domain age, registrar, hosting provider, SSL cert pattern, and historical DNS behavior, and the scoring thresholds are secret. A $500 domain investment plus 3 months of aging can be wasted by a single reputation check. This persists because email security vendors share domain intelligence through threat intel feeds, so a domain flagged by one vendor is blacklisted across the ecosystem within hours.

GPS spoofing broadcasts a stronger fake GPS signal to trick a drone into flying to a wrong location, but affects every GPS receiver within the spoofing radius (500m-5km), meaning friendly vehicles, precision munitions, and civilian aircraft all receive corrupted position data simultaneously. In one documented incident, GPS spoofing near a Russian military base shifted commercial aircraft positions by 25+ nautical miles. This persists because GPS is a one-way broadcast protocol with no authentication at the receiver level -- there is no way to broadcast a fake signal that only affects hostile drones. Military M-code receivers are protected, but all civilian receivers remain vulnerable.

The InvenSense ICM-42688-P is the standard IMU in 90%+ of FPV flight controllers, providing the gyroscope and accelerometer data essential for flight stabilization. While InvenSense is owned by TDK (Japan), the MEMS fabrication and packaging supply chain runs through Chinese semiconductor facilities. Any disruption to this single chip halts flight controller production globally. Alternative MEMS IMUs from Bosch or ST Micro have different register maps requiring flight controller firmware rewrites that take months. This persists because the FPV community standardized on ICM-42688 and all firmware (Betaflight, INAV, ArduPilot) is optimized for its specific noise characteristics.

FPV drones require lithium polymer cells rated at 75C+ continuous discharge to sustain the 100A+ current draws during aggressive maneuvering. Only three factories in Dongguan, China (supplying brands like CNHL, Tattu, and GNB) produce cells at this discharge rating. Western cell manufacturers (Samsung SDI, LG, Panasonic) focus on high-energy-density cells for EVs and consumer electronics at 3-5C ratings. A supply disruption or export restriction from China would halt military FPV drone production worldwide. This persists because high-C-rate cells sacrifice energy density for power density -- the opposite of what the EV market wants -- so Western cell R&D ignores this niche entirely.

Federal law (18 U.S.C. 32) classifies drones as aircraft, making shooting down even a hostile drone a federal crime with narrow exceptions only for DoD, DOE, DHS, and DOJ under the 2018 Preventing Emerging Threats Act, which expired and has been only partially reauthorized. A local police department that spots a drone over a packed NFL stadium cannot legally jam, shoot, or intercept it. This persists because the FAA treats national airspace as a unified system where any unauthorized kinetic action could endanger manned aircraft, and Congress has not reconciled the conflict between airspace safety and ground security. Every stadium, prison, and critical infrastructure site in the US is effectively undefended.

Military FPV drones need conformal coating on electronics to survive humidity, rain, and salt air, but the MIL-I-46058C coating process (spray, cure, inspect) adds $18 per unit in labor and materials -- a 9% cost increase on a $200 drone that will be destroyed on first use. At 2,000 units/month, that is $36,000/month spent waterproofing electronics that exist for a single 15-minute flight. This persists because conformal coating is a manual process requiring trained operators, and no one has developed an automated dip-and-cure line optimized for the small form factors and rapid design iteration cycles of FPV drone boards.

Increasingly, hostile drones are pre-programmed with GPS waypoints and onboard inertial navigation, flying their entire mission without any RF command link, meaning the entire category of RF-based C-UAS is ineffective because there is no radio signal to disrupt. Ukraine has documented FPV drones that switch to autonomous terminal guidance using onboard computer vision, making them immune to both RF jamming and GPS denial in the terminal phase. This persists because 80% of deployed global C-UAS inventory is RF-based, reflecting procurement decisions that assumed drones would always need a human operator, and the shift to autonomy happened faster than the 5-7 year defense acquisition cycle.

The Antimalware Scan Interface hooks every PowerShell, .NET, and VBScript execution on Windows, and each new AMSI bypass technique published by researchers gets patched by Microsoft within 2-4 weeks. Red teams that develop novel AMSI bypasses must treat them as single-use capabilities because any technique shared in a report or conference talk is immediately added to Defender's detection rules. This forces a constant treadmill where offensive teams burn research hours on bypasses that have a shelf life shorter than most engagement timelines. The problem persists because AMSI is architecturally positioned as an inline hook that Microsoft can update server-side via Defender definitions without requiring a Windows patch.

A DJI Mavic-class drone has a radar cross-section of 0.001-0.01 m2, which is 100-1000x smaller than a fighter jet and falls below the clutter rejection threshold of legacy air defense radars, meaning the firmware classifies the drone return as a bird or ground clutter and discards it. The operator never sees the target on screen. This persists because military radars were designed to filter out small, slow-moving objects to avoid false alarms from birds and weather -- the same filtering that enables reliable aircraft tracking actively prevents drone detection. Lowering clutter thresholds generates hundreds of false tracks per hour.

FPV drone brushless motors require thin silicon steel laminations (0.2mm) for stator cores, and 92% of global production comes from Baowu Steel and TISCO in China. US and European steel mills produce automotive-grade electrical steel but not in the thin gauges and small lot sizes drone motor manufacturers need. A single motor uses $0.30 of lamination steel, so no Western mill will retool a rolling line for the volume. This persists because drone motor production is a rounding error compared to EV motor production, so steel mills optimize for automotive customers ordering millions of tons, not drone shops ordering hundreds of kilograms.

Because commercial C2 tools like Cobalt Strike are burned on contact, serious red teams must build custom command-and-control frameworks from scratch. A production-quality C2 with reliable staging, encrypted comms, modular post-exploitation, and evasion requires 6-12 months of full-time development by a senior operator. This creates a two-tier market where well-funded boutique firms (NSO, Crowdfense clients) have working tooling and everyone else is stuck with detected frameworks. The problem persists because C2 development is a full-stack effort spanning networking, cryptography, OS internals, and evasion engineering -- no single open-source project survives long enough before defenders fingerprint it.

When Houthi forces launched cheap drones at Saudi infrastructure, the response was MIM-104 Patriot missiles costing $2-4M per shot against drones costing $2,000-$10,000, creating a cost-exchange ratio of 400:1 in the attacker's favor. At that ratio, an adversary can exhaust a defender's entire interceptor inventory with disposable drones costing less than a single reload. This persists because existing IADS were designed to counter aircraft and ballistic missiles costing millions each, and no military has yet fielded a kinetic interceptor under $10,000 that can reliably hit a maneuvering small drone.

The DJI O3 Air Unit dominates FPV video transmission with sub-30ms latency at 1080p, but its firmware contacts DJI servers in Shenzhen on every boot and transmits telemetry including GPS coordinates. For military FPV operations, this creates an operational security nightmare where flight locations are potentially visible to Chinese intelligence. The only NDAA-compliant alternative (HDZero) has 720p resolution and 40-60ms latency with half the range. This persists because DJI invested $100M+ in custom OFDM silicon and codec optimization that no Western startup can replicate without comparable R&D spend, and the FPV market is too small to attract semiconductor investment from US defense primes.

After Cobalt Strike's source code leaked in 2020, every major EDR vendor reverse-engineered the beacon generation process and now detects all default and most customized beacons within 4 hours of deployment. Red teams spend days building custom malleable C2 profiles only to have them flagged by CrowdStrike or SentinelOne before the first callback lands. This persists because Cobalt Strike's architecture generates artifacts from a fixed set of templates that produce structurally identifiable patterns regardless of profile customization, and HelpSystems has not fundamentally redesigned the beacon generation engine since the leak.

Electronic speed controllers rated for 60A burst current on 6S LiPo batteries are manufactured exclusively by Chinese companies (BLHeli_32, AM32 firmware on Chinese MCUs). Western alternatives from T-Motor or Holybro cost $25-40 per ESC vs $5-8 for Chinese equivalents, making a quad's ESC stack alone cost more than an entire Chinese-built drone. For military expendable FPV drones consumed at 2,000+ per month in Ukraine, this price differential makes non-Chinese sourcing economically impossible. This persists because ESC manufacturing requires tight integration of power MOSFET packaging, gate driver ICs, and firmware tuned to specific motor KV ratings -- a vertical stack that Chinese firms spent a decade optimizing for the consumer drone market while no Western competitor invested in the same volume.

Most commercial drones operate on 2.4 GHz and 5.8 GHz ISM bands, the same frequencies used by military tactical radios and WiFi-based mesh networks, so activating a broadband RF jammer to down an inbound drone simultaneously kills friendly communications within a 500m-2km radius. A squad that loses radio contact during a firefight cannot call for medevac or coordinate flanking maneuvers. This persists because broadband jamming is the cheapest C-UAS response (under $50K per unit), and surgical narrowband jamming that targets only the drone's control link requires real-time signal classification that current fielded systems cannot perform fast enough against frequency-hopping protocols.

When owners stop paying maintenance fees on a timeshare they cannot sell, give away, or return, the resort reports the delinquency to credit bureaus and eventually forecloses, dropping the owner's FICO score by 150 to 300 points. The foreclosure stays on their credit report for seven years, blocking mortgage approvals, increasing insurance premiums, and failing employer credit checks, all over a property with zero or negative market value. This persists because timeshare obligations are treated like mortgage debt by credit bureaus despite having none of the asset value, resorts have no voluntary surrender or deedback program because they profit more from collecting delinquent fees and penalties, and the legal framework gives owners no equivalent of short-sale or deed-in-lieu options commonly available in traditional real estate.

Nearly all timeshare contracts include a Right of First Refusal (ROFR) clause giving the developer up to 45 days to match any third-party offer on a resale, during which time the seller continues paying maintenance fees. Developers exercise ROFR selectively: they buy back prime units at pennies on the dollar to resell at full retail, and let undesirable units pass through, effectively controlling secondary market pricing. This persists because ROFR is presented as 'protecting property values' but actually prevents owners from setting their own price, the 30-45 day review window kills buyer interest and adds transaction costs, and no state law limits how developers can use ROFR to suppress the resale market that competes with their new sales pipeline.

Timeshare sales teams lure prospects with free gifts or discounted stays in exchange for attending a '90-minute' presentation that routinely stretches to 4-8 hours, cycling buyers through multiple closers and confiscating IDs at check-in to make leaving awkward. By hour four the buyer is exhausted, hungry, and will sign a $30,000 contract just to leave the room, which is exactly the psychological state the sales process is engineered to create. This persists because timeshare presentations are classified as real estate sales rather than retail transactions, so cooling-off protections during the pitch do not apply, the FTC has limited jurisdiction over in-person real estate sales tactics, and the 'free gift' framing makes the consumer feel obligated to stay.

Developers converted fixed-week timeshares to points-based systems marketed as offering 'flexibility,' but periodically increase the points required per night at popular resorts, so 10,000 points that once booked a peak-season week now covers only four or five nights. Owners pay the same or higher maintenance fees for fewer usable nights, and popular dates are booked by the developer's own rental inventory before owners can access them. This persists because point charts are set unilaterally by the developer with no contractual cap on inflation, exchange companies like RCI were caught renting prime units to non-owners at higher rates rather than making them available to points holders, and the original sales pitch of 'use your points anywhere' was never a binding contractual guarantee.

State-mandated timeshare cancellation windows range from just 3 days in Indiana and Alaska to 15 days in Virginia, with most states at 5-7 days. Because timeshares are sold during vacation at resort locations far from the buyer's home, the rescission period often expires before the buyer returns home, unpacks, researches what they signed, and realizes the commitment. This persists because the timeshare industry lobbied successfully in state legislatures to keep rescission periods short, sales teams deliberately schedule closings early in the vacation so the cooling-off window expires before checkout, and cancellation requires certified mail to specific addresses that are not easy to send from a resort pool deck.

Timeshare resorts levy one-time special assessment fees of $2,000 to $5,000 on top of annual maintenance fees for capital projects like roof replacements or lobby renovations, often with 30-60 days notice and no owner approval required. A Hawaii resort billed owners $2,400 on top of their $2,944 annual fee in 2025, and a Lake Tahoe resort assessed $970 per owner for a $3.5 million renovation. This persists because the resort's CC&Rs grant the HOA board unilateral authority to levy assessments, the developer-controlled board has no fiduciary duty to minimize costs to owners, and owners who refuse to pay face the same foreclosure and collections consequences as defaulting on the annual fee.

Home warranty contracts require homeowners to maintain 'proper maintenance records' for covered systems, but never specify what maintenance is required, how often, or what documentation is acceptable -- then deny claims by citing 'lack of maintenance' when a system fails. A homeowner who never received guidance that their HVAC required annual professional servicing discovers at claim time that the $300 annual tune-up they skipped is now the justification for denying a $5,000 repair. This persists because vague maintenance clauses give warranty companies a universal escape hatch for expensive claims, there is no regulatory standard requiring companies to proactively communicate maintenance requirements at policy inception, and the burden of proof falls entirely on the homeowner.

The average timeshare maintenance fee jumped from $1,260 to $1,480 in 2024 alone, a 17.5% increase in one year, while CPI inflation was under 3%. Over five years maintenance fees rose 33% versus 21% for general inflation, yet owners have no meaningful vote on the resort's operating budget or the fee increase. This persists because the resort developer typically retains majority voting control on the HOA board through unsold inventory votes, state timeshare statutes impose no cap on annual fee increases, and owners who stop paying face credit score damage and foreclosure rather than any renegotiation mechanism.

Millions of homeowners, especially elderly ones, receive official-looking letters with 'FINAL NOTICE' or 'ACTION REQUIRED' headers that mimic mortgage company correspondence, pressuring them to call a number and purchase a home warranty immediately or 'lose coverage.' These are from unlicensed companies that collect premiums but deny every claim or simply disappear. This persists because property ownership records are public, so scammers can target new homeowners and elderly residents by name and address, the FTC lacks resources to pursue thousands of small-dollar fraud operations, and victims are too embarrassed to report the scam or assume it was a legitimate bill they forgot about.

Thousands of timeshares are listed on eBay for one dollar and still receive zero bids, because any buyer would inherit annual maintenance fees averaging $1,480 that increase 5-10% per year with no cap and no way to opt out. This means the original purchaser who paid $20,000-$40,000 for the timeshare now owns an asset with negative market value that cannot be given away. The resale market remains broken because developers deliberately oversell new inventory at full retail price, use Right of First Refusal clauses to suppress the secondary market, and have no incentive to create a functioning deedback or surrender program that would reduce their fee revenue.