Did you know that you can mass upgrade a lot of Windows 10/11 3rd party software with a free tool from Microsoft? It's like Linux's "apt" or "yum" ...
https://twitter.com/lkarlslund/status/1479809034836402183
#windows #winget
https://twitter.com/lkarlslund/status/1479809034836402183
#windows #winget
https://krebsonsecurity.com/2022/01/500m-avira-antivirus-users-introduced-to-cryptomining/
500M Avira Antivirus Users Introduced to Cryptomining
😂 What the fuck is going on in this industry ?!
#av #news #fun
500M Avira Antivirus Users Introduced to Cryptomining
😂 What the fuck is going on in this industry ?!
#av #news #fun
👍2
https://github.com/ScarredMonk/SysmonSimulator#
SysmonSimulator is an Open source Windows event simulation utility created in C language, that can be used to simulate most of the attacks using WINAPIs. This can be used by Blue teams for testing the EDR detections and correlation rules. I have created it to generate attack data for the relevant Sysmon Event IDs.
#tools #opensource #windows #sysmon #attack
SysmonSimulator is an Open source Windows event simulation utility created in C language, that can be used to simulate most of the attacks using WINAPIs. This can be used by Blue teams for testing the EDR detections and correlation rules. I have created it to generate attack data for the relevant Sysmon Event IDs.
#tools #opensource #windows #sysmon #attack
👍1
https://github.com/lab52io/StopDefender
StopDefender
Stop Windows Defender programmatically using Steal token from TrustedInstaller and winlogon processes.
#tools #opensource #windows #antivirus
StopDefender
Stop Windows Defender programmatically using Steal token from TrustedInstaller and winlogon processes.
#tools #opensource #windows #antivirus
https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
MoonBounce: the dark side of UEFI firmware
At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner, which has been integrated into Kaspersky products since the beginning of 2019. Further analysis has shown that a single component within the inspected firmware’s image was modified by attackers in a way that allowed them to intercept the original execution flow of the machine’s boot sequence and introduce a sophisticated infection chain.
#article #attack #firmware #uefi #rootkit #malware
MoonBounce: the dark side of UEFI firmware
At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner, which has been integrated into Kaspersky products since the beginning of 2019. Further analysis has shown that a single component within the inspected firmware’s image was modified by attackers in a way that allowed them to intercept the original execution flow of the machine’s boot sequence and introduce a sophisticated infection chain.
#article #attack #firmware #uefi #rootkit #malware
👍1
https://render.com/blog/git-organized-a-better-git-flow
Git Organized: A Better Git Flow
Imagine this: you’ve been paged to investigate a production incident, and after some digging, you identify the commit with the breaking code. You decide to revert the change.
Unfortunately, in doing so, a new bug is introduced! As it turns out, hidden in that old “broken” commit was some code that another part of the app depended upon, and when you reverted those lines, it left the site once again in a broken state.
#article #dev #git
Git Organized: A Better Git Flow
Imagine this: you’ve been paged to investigate a production incident, and after some digging, you identify the commit with the breaking code. You decide to revert the change.
Unfortunately, in doing so, a new bug is introduced! As it turns out, hidden in that old “broken” commit was some code that another part of the app depended upon, and when you reverted those lines, it left the site once again in a broken state.
#article #dev #git
https://www.youtube.com/watch?v=dT9y-KQbqi4
How I hacked a hardware crypto wallet and recovered $2 million
I was contacted to hack a Trezor One hardware wallet and recover $2 million worth of cryptocurrency (in the form of THETA). Knowing that existing research was already out there for this device, it seemed like it would be a slam dunk. Little did I realize the project would turn into a roller coaster ride with over three months of experimentation, failures, successes, and heart-stopping moments. It reminded me that hacking is always unpredictable, exciting, and educational, no matter how long you've been doing it. In this case, the stakes were higher than normal: I only had one chance to get it right.
#video #fun #hack #hardware #crypto
How I hacked a hardware crypto wallet and recovered $2 million
I was contacted to hack a Trezor One hardware wallet and recover $2 million worth of cryptocurrency (in the form of THETA). Knowing that existing research was already out there for this device, it seemed like it would be a slam dunk. Little did I realize the project would turn into a roller coaster ride with over three months of experimentation, failures, successes, and heart-stopping moments. It reminded me that hacking is always unpredictable, exciting, and educational, no matter how long you've been doing it. In this case, the stakes were higher than normal: I only had one chance to get it right.
#video #fun #hack #hardware #crypto
🤯1
https://github.com/taviso/loadlibrary
Porting Windows Dynamic Link Libraries to Linux
This repository contains a library that allows native Linux programs to load and call functions from a Windows DLL.
How does it work?
The peloader directory contains a custom PE/COFF loader derived from ndiswrapper. The library will process the relocations and imports, then provide a dlopen-like API. The code supports debugging with gdb (including symbols), basic block coverage collection, and runtime hooking and patching.
#tools #windows #opensource #linux #fuzzing
Porting Windows Dynamic Link Libraries to Linux
This repository contains a library that allows native Linux programs to load and call functions from a Windows DLL.
How does it work?
The peloader directory contains a custom PE/COFF loader derived from ndiswrapper. The library will process the relocations and imports, then provide a dlopen-like API. The code supports debugging with gdb (including symbols), basic block coverage collection, and runtime hooking and patching.
#tools #windows #opensource #linux #fuzzing
https://mojtaba.me/75d182f48b24
Hamster, Swiss army knife backup solution.
When I joined DGAB as a solution architect, there were several products and infrastructure services, but they didn’t have any solution for data backup. There wasn’t any protocols in place for the backup process.
In the first two weeks, there was an incident in one of the most important infrastructure services and it took three days to restore the data and make the system work as expected.
Not having the backup strategy and solutions for incidents like this cost them a lot.
#article #devops #infrastructure #backup
Hamster, Swiss army knife backup solution.
When I joined DGAB as a solution architect, there were several products and infrastructure services, but they didn’t have any solution for data backup. There wasn’t any protocols in place for the backup process.
In the first two weeks, there was an incident in one of the most important infrastructure services and it took three days to restore the data and make the system work as expected.
Not having the backup strategy and solutions for incidents like this cost them a lot.
#article #devops #infrastructure #backup
👍4
dotMemory – Rider’s built-in memory profiler plugin – is finally available on macOS and Linux inside Rider 2022.3.
https://blog.jetbrains.com/dotnet/2022/07/18/how-to-profile-net-code-using-the-dotmemory-plugin-in-rider/
#article #dotnet #programming
https://blog.jetbrains.com/dotnet/2022/07/18/how-to-profile-net-code-using-the-dotmemory-plugin-in-rider/
#article #dotnet #programming
👍5
One of the reasons you should not share pictures of keys to your new house on social media.
KeyDecoder is a mobile app created for pentesters and security enthusiasts. From the picture of a key, one can measure its bitting easily.
https://github.com/MaximeBeasse/KeyDecoder
#opensource #security #privacy
KeyDecoder is a mobile app created for pentesters and security enthusiasts. From the picture of a key, one can measure its bitting easily.
https://github.com/MaximeBeasse/KeyDecoder
#opensource #security #privacy
👍4
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4🤯1
https://github.com/halpz/re3
In this repository you'll find the fully reversed source code for GTA III (master branch) and GTA VC (miami branch)
#fun #opensource
In this repository you'll find the fully reversed source code for GTA III (master branch) and GTA VC (miami branch)
#fun #opensource
👍2
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
Operation Triangulation: What You Get When Attack iPhones of Researchers
This presentation was also the first time we had publicly disclosed the details of all exploits and vulnerabilities that were used in the attack. We discover and analyze new exploits and attacks using these on a daily basis, and we have discovered and reported more than thirty in-the-wild zero-days in Adobe, Apple, Google, and Microsoft products, but this is definitely the most sophisticated attack chain we have ever seen.
😱
#exploit #ios #hack
Operation Triangulation: What You Get When Attack iPhones of Researchers
This presentation was also the first time we had publicly disclosed the details of all exploits and vulnerabilities that were used in the attack. We discover and analyze new exploits and attacks using these on a daily basis, and we have discovered and reported more than thirty in-the-wild zero-days in Adobe, Apple, Google, and Microsoft products, but this is definitely the most sophisticated attack chain we have ever seen.
😱
#exploit #ios #hack
👍1
https://github.com/torvalds/linux/pull/837/files
https://github.com/torvalds/linux/pull/824/files
Where are the rest of the dictators in the first PR?!
#fun #opensource
https://github.com/torvalds/linux/pull/824/files
Where are the rest of the dictators in the first PR?!
#fun #opensource
How does a B player turn an A team into a B team?
When tackling complex tasks, whether it's debugging faulty code or addressing incomplete projects, there are two paths:
You are stepping up like an A player to fix it and earn recognition, or slacking off and becoming a B player, dragging the team down. Recognizing your role's importance is crucial. Otherwise, you risk lowering the team's standards or losing a valuable A player.
Regarding recognition from the company, it's not just about praise—it often requires financial investment. Why invest in a B player when that money could hire more A players or boost the salaries of existing ones?
Even if a promotion is offered, it might need to be extended to other A players, increasing costs and risking the loss of the B player again. So, the team ends up falling short of its potential.
It's like trying to polish a turd—some improvement might occur, but at the end of the day, it's still a turd.
#leadershipdevelopment #peopleware #teamwork
When tackling complex tasks, whether it's debugging faulty code or addressing incomplete projects, there are two paths:
You are stepping up like an A player to fix it and earn recognition, or slacking off and becoming a B player, dragging the team down. Recognizing your role's importance is crucial. Otherwise, you risk lowering the team's standards or losing a valuable A player.
Regarding recognition from the company, it's not just about praise—it often requires financial investment. Why invest in a B player when that money could hire more A players or boost the salaries of existing ones?
Even if a promotion is offered, it might need to be extended to other A players, increasing costs and risking the loss of the B player again. So, the team ends up falling short of its potential.
It's like trying to polish a turd—some improvement might occur, but at the end of the day, it's still a turd.
#leadershipdevelopment #peopleware #teamwork
Contrary to the Bimodal IT notion, you don’t have to choose between speed and stability. If you want to deliver more, faster, you need stability first. Implementing robust IT practices, such as CI/CD, ensures you can achieve speed and reliability. This balance is essential for success in today’s fast-paced tech and startup world.
#book #accelerate #engineering #management
#book #accelerate #engineering #management
👍1