Jan 30, 2023

The “I can’t believe its already Jan 30!” edition

January 30, 2023

This is very interesting. Russia is sending combat robots to Ukraine for testing. It will be interesting to see how they perform, their capabilities and limitations.

1/ At this point, this sounds more PR than a realistic tactic: Russia's Rogozin claims that Marker UGVs will be modified with antitank weapons to target Leopard and Abrams tanks in Ukraine. Mostly because Markers were not yet really tested in a dynamic combat environment.
— Samuel Bendett (@sambendett)
1:58 PM • Jan 26, 2023

Apparently, Marker UGVs are getting loaded for combat tests in Ukraine - now its 4 vehicles instead of 3. That's 4 out of 5 existing Markers. t.me/rogozin_do/3670
— Samuel Bendett (@sambendett)
1:56 PM • Jan 29, 2023

the girls are tearing your s3 bucket permissions policy apart in the group chat
— “Alex” (@mangopdf)
9:51 AM • Jan 29, 2023

Bypassing (some) EDR stack trace based detections

First part of this series explains the trick used to bypass EDR.

https://0xdarkvortex.dev/proxying-dll-loads-for-hiding-etwti-stack-tracing/

Essentially, call an ntdll function that takes a callback as an argument, rather than calling the API wrappers. To ensure the stack is clean, the ntdll function is executed in another thread. Now the code has no dodgy parent from some weird memory region.

Some EDRs catch indirect syscalls with callstack analysis. Here is a totally new technique which build a clean callstack originating from ntdll to avoid detections. No ROP required and tested and works against every EDR. Enjoy! 🔥
0xdarkvortex.dev/hiding-in-plai…
— Chetan Nayak (Brute Ratel C4 Author) (@NinjaParanoid)
4:28 PM • Jan 29, 2023

For a load of other tricks from a bygone era, check out an article I wrote for Phrack twenty years ago. We had to release it anonymously because myself and the other co-author worked for companies that produced HIPS products. Jamey Butler wrote the shellcode included in the article. We’d agreed that everyone would be anonymous, but things didn’t work out like that.

https://github.com/grugq/grugq.github.com/blob/master/docs/phrack-62-05.txt

These fish committed credit card fraud while playing Pokémon. 💳🐟🐟🐟🐟
— IGN (@IGN)
12:23 AM • Jan 25, 2023

Updated UEFITool and related tools to A63.
Features:
- support for HiDPI displays
- support for Zlib-compressed sections used on AMI-based boards for AMD CPUs
- several small fixes
— uefitool (@uefitool)
12:43 AM • Jan 30, 2023

US sanctions Chinese firm ‘supplying Russia’s Wagner group’ with satellite imagery
— Dr. Dan Lomas (@Sandbagger_01)
12:22 AM • Jan 30, 2023

As of last year, Oregon was the largest shareholder in NSO Group: the Israeli spyware company known for Pegasus, the software linked to infamous murder of journalist Jamal Khashoggi & the hacking of tens of thousands of journalists, activists, and gov officials' phones
Action👇
— emily (@SoupMuse)
10:10 PM • Jan 29, 2023

I am fucking *begging* you to not feed LLM outputs to anything resembling an `eval` statement.
Jesus christ let me work on interesting attacks and not just "oops I asked it nicely to give me a shell and it did"
— Rich Harang (@[email protected]) (@rharang)
9:52 PM • Jan 29, 2023

Many aspiring people have asked me lately about learning the inner workings of LLMs.
Here you go, a great set of notes by Elvis!
Don’t forget to check out @karpathy’s excellent, hands-on labs too:
— Jim Fan (@DrJimFan)
4:44 PM • Jan 29, 2023

— ss23 (@ss2342)
10:30 PM • Jan 29, 2023

Reply

or to participate.