|
BangersInMyKnickers posted:Did they actually sign their code because it would be pretty trivial to kill it if they did and if they didn't then you're going to have to click through a lot of warnings to get it to launch.
|
# ? Jan 2, 2019 22:21 |
|
|
# ? May 19, 2024 20:16 |
|
Wiggly Wayne DDS posted:well ya agreed i figured i'd post the list of malware to laugh at. not impossible to get hold of a code signing cert though let's be honest Yeah it's not difficult, but it also means you can push a revocation which will block the install going forward and block launching on existing infected systems. First couple suckers are going to get popped but after that you've turned over the keys to deactivate your payload to the other team
|
# ? Jan 2, 2019 22:26 |
|
man i wish cert revoc was that effective in practice
|
# ? Jan 2, 2019 22:31 |
|
its definitely better in something like iOS where you don't have admin rights and code is delivered through an app store, but it still works well enough on a more conventional OS that isn't dog poo poo like windows that allows unsigned code to do loving anything forever because someone clicked a UAC dialog once months prior
|
# ? Jan 2, 2019 22:41 |
|
BangersInMyKnickers posted:Did they actually sign their code because it would be pretty trivial to kill it if they did and if they didn't then you're going to have to click through a lot of warnings to get it to launch. Mac users are conditioned to click to give root rights to everything anyway.
|
# ? Jan 2, 2019 22:52 |
|
spankmeister posted:Mac users are conditioned to click to give root rights to everything anyway. a revoked cert won't give you the choice to run it from the finder. you have to turn off code signing entirely and the option to do that isn't surfaced on demand, you have to go rooting through system prefs if you even know how to turn it off it also won't offer to run an unsigned app through the fast/easy path (double click), you don't get the run anyway button. you have to use the open command from a menu for it to present that
|
# ? Jan 2, 2019 22:55 |
|
i was thinking about the detection->revoked stage where you go from it being live to blacklisted before it's hit more machines they definitely have a better foundation for minimising risks, but there's always going to be a delay before the revocation goes live. do apple have an auto-revoke mechanism for random third parties to challenge with a signed payload? i'd be p interested in an analysis of the larger CAs revoke process in practice as well. it's very much part of the malware handling process that goes undocumented
|
# ? Jan 2, 2019 22:56 |
|
Wiggly Wayne DDS posted:i was thinking about the detection->revoked stage where you go from it being live to blacklisted before it's hit more machines in the case of loading malicious ca trusts or certs locally, standard practice from MS seems to be to automatically push local trust updates to the clients to bin them so they don't stick around for too long. I assume Apple is doing something similar since they've clearly thought through code signing on their platform and are far more mature in that space that Windows. there's never going to be a 100% effective route for blocking polymorphic threats short of going full applocker and only allowing known certs/vendors/hashes and even then you need to watch out for poo poo like dll injection, 3rd party components like jars and whatnot though it severely reduces potential impact since you don't have an immediate path to escalate to root/admin unless someone is turning over their password
|
# ? Jan 2, 2019 23:06 |
|
Wheany posted:is there a hex editor or something that can automatically highlight numbers that are likely offsets or close to an offset to the thing you're looking at? the best hex editor for anything close to this is 010 editor: https://www.sweetscape.com/010editor/ you can write templates in a scripting language similar to C and apply arbitrary highlighting.
|
# ? Jan 2, 2019 23:14 |
|
Max Facetime posted:raccoon isn’t really descriptive of build tools there’s a vpn daemon called raccoon I think
|
# ? Jan 2, 2019 23:31 |
|
Partycat posted:there’s a vpn daemon called raccoon I think lol yeah. dude saw the name he wanted was taken so he went with the nickname, not knowing it’s super offensive in the anglosphere problem was when this was helpfully pointed out to him, he and a bunch of other folks kept doubling down that it’s ok bc he didn’t MEAN to be offensive, despite monocqc and a few others repeatedly explaining why his intent wasn’t the issue
|
# ? Jan 3, 2019 00:00 |
|
e: never mind
|
# ? Jan 3, 2019 00:02 |
|
hey guys I wrote this daemon to re-verify tape archives in the background, what do you think
|
# ? Jan 3, 2019 00:04 |
|
haveblue posted:hey guys I wrote this daemon to re-verify tape archives in the background, what do you think lol
|
# ? Jan 3, 2019 01:21 |
|
haveblue posted:hey guys I wrote this daemon to re-verify tape archives in the background, what do you think took me a minute
|
# ? Jan 3, 2019 02:07 |
|
Wiggly Wayne DDS posted:man i wish cert revoc was that effective in practice it is
|
# ? Jan 3, 2019 03:50 |
|
some guy claims to have cracked open widevine drm https://twitter.com/david3141593/status/1080606827384131590
|
# ? Jan 3, 2019 07:03 |
|
Daman posted:the best hex editor for anything close to this is 010 editor: https://www.sweetscape.com/010editor/ I guess I'll try the trial at least, thanks
|
# ? Jan 3, 2019 08:02 |
|
haveblue posted:hey guys I wrote this daemon to re-verify tape archives in the background, what do you think This took me way too long to solve for this ableist joke, and so here it is in spoiler tags: re+tar+d
|
# ? Jan 3, 2019 08:09 |
|
on one hand I never really had any particular training on *nix on the other hand I feel like I should've learned that tar was short for tape archive some time before now
|
# ? Jan 3, 2019 08:12 |
|
Lutha Mahtin posted:some guy claims to have cracked open widevine drm That L3 security level is the "security through obscurity" variant which, no surprise to anyone, is vulnerable as hell if you try hard enough. Software obfuscation only. L2 and L1 are the security levels that try to actually involve OS/hardware in the protection. Always happy to see DRM crumble but this might not be that big an achievement. Then again, considering that only mobile devices get above L3 security, this is still something.
|
# ? Jan 3, 2019 10:20 |
|
haveblue posted:hey guys I wrote this daemon to re-verify tape archives in the background, what do you think actual lol
|
# ? Jan 3, 2019 10:23 |
|
rjmccall posted:my favorite part of the coon controversy was the guy confidently linking to the south park wiki I like the part where they think what matters is which meaning they have chosen and not that when someone looks up the word and sees coon noun
and has to give 33% to 50% chances to the name being racist
|
# ? Jan 3, 2019 11:00 |
|
ErIog posted:This took me way too long to solve for this ableist joke, and so here it is in spoiler tags: duh, i thought it was tar+ba+by
|
# ? Jan 3, 2019 11:03 |
|
sadus posted:Oh boy "Hacking Chromecasts/Google Homes/SmartTVs Progress: 7893/123141 [6.40973%]" What exactly is this hack? Surely it's not just "Chromecast listens for anonymous commands from the internet and asks UPnP to open the port"?
|
# ? Jan 3, 2019 11:23 |
|
yes. yes it is. and also https://twitter.com/HackerGiraffe/status/1080702645051056128 e: they deleted it. admitted to being bad at opsec and hoping nobody would care too much. poop touchers being dumb confirmed geonetix fucked around with this message at 15:45 on Jan 3, 2019 |
# ? Jan 3, 2019 12:04 |
|
“hacking” anno 2019 is literally nothing else than looking for an open mongodb or scada port on shodan and hoping for the best e: oh and give it a funky name and logo
|
# ? Jan 3, 2019 12:05 |
|
Jimmy Carter posted:I'm not aware of any Mac AV that's anything other than snake oil which causes kernel panics. Maybe get yourself a Little Snitch license if you want to increase your paranoia. Install software updates, don't disable SIP and that's about it. https://twitter.com/taviso/status/732365178872856577 DrPossum fucked around with this message at 14:39 on Jan 4, 2019 |
# ? Jan 3, 2019 15:04 |
|
Max Facetime posted:I like the part where they think what matters is which meaning they have chosen and not that when someone looks up the word and sees i had just never considered that some non-american might watch south park and not recognize the running joke that everything associated with cartman is at least subtly and often unsubtly racist
|
# ? Jan 3, 2019 20:00 |
|
rjmccall posted:i had just never considered that some non-american might watch south park and not recognize the running joke that everything associated with cartman is at least subtly and often unsubtly racist ah yes, that "running joke", not "intentional design reflective of the writers"
|
# ? Jan 3, 2019 20:07 |
|
yes, it is a recurring intentional element of the show's script-writing that the producers think is funny, or in common parlance a "running joke"
|
# ? Jan 3, 2019 20:16 |
|
well this went under the radar https://twitter.com/dragosr/status/1080599911110868992 https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf the presentation focuses on steamlink video (russian): https://www.youtube.com/watch?v=Him_Lf5ZJ38
|
# ? Jan 3, 2019 22:45 |
|
Wiggly Wayne DDS posted:well this went under the radar how long until we get a ps4 or xbone jailbreak
|
# ? Jan 3, 2019 23:31 |
|
considering who it is, I wouldn't hold your breath
|
# ? Jan 3, 2019 23:44 |
|
BangersInMyKnickers posted:considering who it is, I wouldn't hold your breath
|
# ? Jan 4, 2019 00:41 |
|
okay this is where you look past the tweet and at the paper and presentation not involving dragos
|
# ? Jan 4, 2019 00:45 |
|
Wiggly Wayne DDS posted:okay this is where you look past the tweet and at the paper and presentation not involving dragos don't post tweets if you don't want people to react to the tweet
|
# ? Jan 4, 2019 00:47 |
|
Wiggly Wayne DDS posted:okay this is where you look past the tweet and at the paper and presentation not involving dragos I'm sorry I usually only read dragos tweets if I want to laugh at a crazy person and then feel bad about myself for laughing at a person with obvious mental illness.
|
# ? Jan 4, 2019 00:59 |
|
geonetix posted:“hacking” anno 2019 is literally nothing else than looking for an open mongodb or scada port on shodan and hoping for the best dammit I thought there was a new Anno game
|
# ? Jan 4, 2019 02:51 |
|
|
# ? May 19, 2024 20:16 |
|
same but the digits don't sum to 9 so that couldn't be it
|
# ? Jan 4, 2019 03:19 |