Archive for category Uncategorized

schadnfreude

You’ll be happy when they can’t spy on you. ๐Ÿ”’ ๐Ÿ•ต ๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ ๐Ÿ“ž ๐ŸŽฅ ๐Ÿ“‚ ๐Ÿ–ง ๐Ÿ›ก Schadnfreude is a new end-to-end encrypted, anonymous ID and IP-hiding, decentralized, audio/video/file sharing/offline messaging multi-device platform built for both communications and application security and performance. What does all that mean? Well what if you didn’t just hope your […]

No Comments

Covert credit calculation communications

Record numbers of people have been in the market for a house this past year. Now working at home, I also bought a house, with an office. Finding one in this market was frenzied, but I spent as much time trying to figure out the best financing arrangement as picking the house. Every mortgage calculator […]

No Comments

Moving Off Google

Not long ago, a well-known games developer posted the following horror story: I have used and been burned by a number of Google services over the years but certainly didn’t think that attitude would extend to GMail. Yet it apparently has, and even to high profile users, which I am not. I’m also a bit […]

No Comments

rustun – Virtual Not Private Network in 100 Rust lines

While stuck at home I wrote a simple Linux tunnel (“VPN” but not encrypted/authenticated) in 100 lines of Rust. This is a PoC, not an OpenVPN replacement; just sending the IP layers and above over UDP. Specifically, it creates a tun device, enables the device, sets the device’s IP and netmask, and forwards packets in […]

No Comments

Stream Securely: Simply and Privately Preserving Live Video Evidence

People recording acts of aggression and violence frequently find the assailant notices them, swipes their phone, and smashes it or deletes the evidence. Instead, ideally your phone would stream the video to a private recording server. Now it can using Rust and web API’s.

, , , , ,

No Comments

Dispelling Decentralization Doubts

Recently at the 36th CCC, Moxie Marlinspike gave a talk claiming decentralized systems are unable to adapt and succeed and that centralized systems can meet the same goals better. Here’s why he’s wrong.

No Comments

Should there be restrictions on the release of hacking tools?

This is a text outline of the interactive version available here 1.1. No. Authors of such software should decide for themselves what the best release policy should be 1.1.1. Pro: Authors of security tools are in the best position to make judgements on whether to share and how much, and routinely do 1.1.2. Pro: Pissing […]

No Comments

Interface Identifier (IID) list

Interface Identifiers (IID’s) are used to obtain function tables to call most methods of COM objects. In source code, a name like IID_Column will be used, but when this is compiled, the binary will only have the corresponding GUID like {FD1C5F63-2B16-4D06-9AB3-F45350B940AB} embedded in the binary. When reverse engineering it is often unclear what IID a […]

No Comments

Signed Malware

I recently saw a quote on Twitter along the lines of “I couldn’t be in threat intel because I’d get too carried away, go too far, and end up calling some hacker’s mom.” I had to laugh since I can relate. It is easy to get carried away and you can find a lot of […]

No Comments

Hack-back in the Real World

ProtonMail just recently (yet briefly) bragged about shutting down a phishing campaign that it was the target of by hacking back the phishing server… Earlier this year, a member of the US Congress (Rep. Tom Graves) proposed the “Active Cyber Defense Certainty Act (ACDC)” to amend US law to allow private entities, with mandatory reporting requirements to law enforcement, to conduct certain forms of hack-back… Following this proposal, discussion online exploded… My timeline was filled with “If people tried hack-back, this would happen!” but you don’t have to hypothesize. You can see what did happen in the myriad examples of hack-back in the real world. So below I assembled a list of publicly recorded hack-backs, with the results of each and reference to original sources.

No Comments