schadnfreude

You’ll be happy when they can’t spy on you. ๐Ÿ”’ ๐Ÿ•ต ๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ ๐Ÿ“ž ๐ŸŽฅ ๐Ÿ“‚ ๐Ÿ–ง ๐Ÿ›ก Schadnfreude is a new end-to-end encrypted, anonymous ID and IP-hiding, decentralized, audio/video/file sharing/offline messaging multi-device platform built for both communications and application security and performance. What does all that mean? Well what if you didn’t just hope your […]

No Comments

Covert credit calculation communications

Record numbers of people have been in the market for a house this past year. Now working at home, I also bought a house, with an office. Finding one in this market was frenzied, but I spent as much time trying to figure out the best financing arrangement as picking the house. Every mortgage calculator […]

No Comments

Moving Off Google

Not long ago, a well-known games developer posted the following horror story: I have used and been burned by a number of Google services over the years but certainly didn’t think that attitude would extend to GMail. Yet it apparently has, and even to high profile users, which I am not. I’m also a bit […]

No Comments

rustun – Virtual Not Private Network in 100 Rust lines

While stuck at home I wrote a simple Linux tunnel (“VPN” but not encrypted/authenticated) in 100 lines of Rust. This is a PoC, not an OpenVPN replacement; just sending the IP layers and above over UDP. Specifically, it creates a tun device, enables the device, sets the device’s IP and netmask, and forwards packets in […]

No Comments

Stream Securely: Simply and Privately Preserving Live Video Evidence

People recording acts of aggression and violence frequently find the assailant notices them, swipes their phone, and smashes it or deletes the evidence. Instead, ideally your phone would stream the video to a private recording server. Now it can using Rust and web API’s.

, , , , ,

No Comments

Dispelling Decentralization Doubts

Recently at the 36th CCC, Moxie Marlinspike gave a talk claiming decentralized systems are unable to adapt and succeed and that centralized systems can meet the same goals better. Here’s why he’s wrong.

No Comments

Should there be restrictions on the release of hacking tools?

This is a text outline of the interactive version available here 1.1. No. Authors of such software should decide for themselves what the best release policy should be 1.1.1. Pro: Authors of security tools are in the best position to make judgements on whether to share and how much, and routinely do 1.1.2. Pro: Pissing […]

No Comments

Interface Identifier (IID) list

Interface Identifiers (IID’s) are used to obtain function tables to call most methods of COM objects. In source code, a name like IID_Column will be used, but when this is compiled, the binary will only have the corresponding GUID like {FD1C5F63-2B16-4D06-9AB3-F45350B940AB} embedded in the binary. When reverse engineering it is often unclear what IID a […]

No Comments

Windows 10 Decontamination Scripts

One of the main benefits of our setup we have is that our system will not update automatically. The main problem though, is that it will not update automatically. But we still do want security updates, so it would be nice to let those through, while still blocking any other unwanted updates and the other undesirable activity that is also conducted from the same process (svchost.exe). So instead, I installed Python and wrote my own, which was far less difficult than I had originally assumed since you can generally scrape all the info you want from catalog.update.microsoft.com

, , ,

No Comments

Signed Malware

I recently saw a quote on Twitter along the lines of “I couldn’t be in threat intel because I’d get too carried away, go too far, and end up calling some hacker’s mom.” I had to laugh since I can relate. It is easy to get carried away and you can find a lot of […]

No Comments