scriptjunkie @sj@social.scriptjunkie.us
Maybe I should add testimonials to my site too
https://twitter.com/0xdade/status/1221189207625883648
RIP my beloved [extract.]http://ntdsd.it
Got a big Italian email via the registry, presumably to justify owning the domain. The jig is up, but the VM's been retired for a few years anyway. It was fun while it lasted. I made sure it worked too!
Thanks for all the uploads!
"the ecosystem is moving" but "once you decentralize a protocol it becomes extremely difficult to change" like "HTTP"? Browsers are indeed distributed. I wonder if the Google Chrome team knows they can't "evolve" and are basically the same as IE 5 from 20 years ago 🙄
It was just a few years ago when ordinary people were frequently getting compromised by simply looking at a bad website through browser exploits (drive by downloads) for example. We've made great strides. It's getting better, not worse!
Of course the ideal P0 disclosure policy is 180 days minus time to patch. 90 days without a patch, exploit gets dropped same as before. But if you patch in 10 days, you now get another 160 days before the exploit drops.
We locked it, but it's a deadbolt and we don't have a key to lock it from the outside so we stayed in the house. Just ignore us.
Let's go over some of these (real) submissions:
1. No, we're the smart kind.
2-3. ?
4. Submits your info to us, duh.
5-7. ?
8. It has two L's.
9. Inorite?
10. DM us for our monero address.
11-12. We do not upgrade from Win7. You may not like it, but W7 is what peak OS looks like.
Every submission is carefully manually reviewed. Keep em coming. Get patched today, whether your change control management likes it or not!
You know you can embed C# in a PowerShell script, (but the PowerShell scanning and logging makes it no longer great for hacking, not to mention that it internally compiles and loads a .dll) but did you know about the C# REPL scriptcs?
- Known good EXE/DLL's
- No AMSI, logging...
The vast majority of vulnerability researcher positions are in support of DoD/IC/LE for example. But advocacy is rare to see here, possibly due to overclassification and STFU OPSEC. Either way, they seem to heavily incorporate public techniques and code.
Server TCP stack (sending data): SEQ1 SEQ2 SEQ3 SEQ4 SEQ5...
Client TCP stack: ACK2 ACK3 ACK4 ACK4 ACK4
Server: Don't ACK like I never told ya
Which ironically was passed because Congress was concerned that...
What RATM said. Literally. That's literally why they passed it. That's why it's the KKK act.
On Linux's Random Number Generation
https://research.nccgroup.com/2019/12/19/on-linuxs-random-number-generation/
Odds are now on a second term. They were not before.
https://www.electionbettingodds.com/
ICANN is astonishingly corrupt and the Department of Commerce's decision to abandon all oversight and control was a terrible idea. Change my mind. (ISOC too while we're at it.)
https://www.theregister.co.uk/2019/12/11/icann_transparency_org/
Domain name transfers, the other option.
https://arstechnica.com/tech-policy/2019/12/failed-plot-to-steal-domain-name-at-gunpoint-brings-14-year-prison-term/
Federal agents persecuting a religious group we like might be held personally liable, but Oh No if they are, then federal agents persecuting religious groups we hate might be held liable too!
Basically everything wrong with the current partisan rhetoric.
Well that's strange. I was assured several times that only the protesters were violent and against the will of the people.
Restrict freedom of expression and you'll soon find yourself believing your own reality-distanced propaganda, to your own embarrassment and detriment.
I'm no @b0rk, but I've decided to start drawing some cyber concepts. First, a diagram of the cyber kill chain.
