@Rairii@haqueers.com
@Rairii@haqueers.com avatar

Rairii

@Rairii@haqueers.com

Reversing (malware and otherwise); appsec and websec; embedded security; exploit dev; software preservationist; knows how not to use cryptography.

Currently finding bugs in Windows bootloaders.

You may also know me from capcom.sys.

#nobot

This profile is from a federated server and may be incomplete. Browse more on the original instance.

JulianOliver, to infosec
@JulianOliver@mastodon.social avatar

Very interesting shim vuln allowing for secure boot bypass in most if not all GNU/Linux distros. In most cases, would need adversary-in-the-middle (datacenter unfriendly), other local attack or existing vuln to exploit.

In any case, bc patching it could plausibly break secure boot in some cases, fixing in the wild has quite some challenges.

https://arstechnica.com/security/2024/02/critical-vulnerability-affecting-most-linux-distros-allows-for-bootkits/

Rairii,
@Rairii@haqueers.com avatar

@JulianOliver can't wait for dbx to be 100% full.

ieure, to random
@ieure@retro.social avatar

current status

Rairii,
@Rairii@haqueers.com avatar

@ieure oh, so THAT'S where sorry not in service is

i always wanted to go there but could never find it on any map and no bus going there ever stops

Rairii, to random
@Rairii@haqueers.com avatar

mpeg layer π

gsuberland, to random
@gsuberland@chaos.social avatar

PHP has changed for the better in so many ways in the time between PHP5 and PHP8, making it far easier to write good code, but oh wow do I wish their basic string and array manipulation functions had some consistency. I'm extremely tempted to port LINQ to PHP just so I don't have to deal with completely random* naming & parameter ordering.

(*not actually random; it stems from an old design quirk to do with how standard functions were hashed and indexed internally. it's just annoying)

Rairii,
@Rairii@haqueers.com avatar

@gsuberland "port LINQ to PHP"

...didn't peachpie already do that? :P

Rairii,
@Rairii@haqueers.com avatar

@gsuberland ...does this thing work with iterator objects

yassie_j, to random
@yassie_j@labyrinth.zone avatar

Whole universe reconfigured for optimal patting

Rairii,
@Rairii@haqueers.com avatar

@yassie_j yassie patter is the sound a train makes right

Rairii, to random
@Rairii@haqueers.com avatar

have i won yassie patter yet

yassie_j, to random
@yassie_j@labyrinth.zone avatar

Why are you discussing YasPatter meta strategies now

WTF

Rairii,
@Rairii@haqueers.com avatar

@yassie_j i figured out the yassie patter meta quite easily

https://haqueers.com/@Rairii/111891057430156250

bontchev, to random
Rairii,
@Rairii@haqueers.com avatar

@bontchev alt-text:

Twitter post by x0rz

Things on a current Ivanti VPN box:
NSA (17 years)
China military (5 years)
Unknown TA (3 years)
xmrig (2 weeks)

gavi, to random

bluesky has no moderation team by the way its basically just like reliant on user blocking seems like apparently and community outsourced moderation??? thatll go so well!

Rairii,
@Rairii@haqueers.com avatar

@ipg @gavi you just made me wonder: who has the bigger mod team right now, bluesky or twitter

lexd0g, to random
@lexd0g@wetdry.world avatar

news articles calling any fedi instance a mastodon instance will never not be funny

Rairii,
@Rairii@haqueers.com avatar

@lexd0g i can't wait for the mastodon trademark to become generic because of things like this

ipg, to random
@ipg@wetdry.world avatar

constantly capturing all the network traffic happening on my Windows 11 PC with a bunch of game launchers and anticheats installed is so boring. from the way you people talk it sounds like i have every single website i visit logged on 80 company datacenters but nah its just. "Hallo michaelsoft. Ur driver install worked"

Rairii,
@Rairii@haqueers.com avatar

@winload_exe @ipg @DenJohn i'm not surprised.

since th2 or so, windows is only meant to load drivers signed by MS if they were signed after a certain point. but if there's no timestamp on the cert the old certs all still work (they've all expired by now but that doesn't matter, some of them had their private keys leaked and there's various signtool hooks to patch the expiry time checks out). so for anyone using their own legit code signing cert and privkey the ONLY option for signing drivers is to go through MS.

MS signs anything you give them (as long as you have access to sign drivers, which basically just requires a shell company and an EV code signing cert, people on unknowncheats can afford this) and basically rely on their terms and conditions to say "if you sign something with vulns we will revoke, if you sign malware we will ban". their terms and conditions also specify that they can require a code audit of your drivers at any time.

MS driver signing puts the name of the entity they signed it for in the opus info, that can be seen in the advanced tab (can't remember the asn1 object id right now), they do the same for UEFI bootloaders signed by the UEFI third party certificate

it would be nice if they could have proper certificate transparency-like processes for driver signing and provide any and all drivers/uefi bootloaders for download such that anyone can analyse them. i report third party uefi bootloader vulns to MSRC because MS signed them for someone and they can easily get in contact with the responsible vendor, and get taken more seriously than just some random researcher. maybe I should do the same with vulnerable drivers and see what happens.

i also think MS should clamp down on code obfuscation in drivers. whether that's disallowing it, only allowing it when the obfuscated code is cleanly sandboxed (wasm?) with clean interfaces specified to not allow anything dangerous to be called by obfuscated code, only allowing it by signing using a different chain that would be not be trusted by default and require a BS|NV variable (and physical-presence seperate boot application) to allow (because your typical corporate system shouldn't ever be loading, for example, genshin impact's anti-cheat driver, right?)...

mia, to id
@mia@void.rehab avatar

computernewb.com/vncresolver/browse//20027422 what is this??? a move prop???

Rairii,
@Rairii@haqueers.com avatar

@mia stargate in azure sounds like a physical security risk

Rusty, to bluesky
@Rusty@cubhub.social avatar

Supposedly they're opening up to federation soon.

Wonder how long it'll take someone to write a ATProto/ActivityPub bridge so no one is stuck using their godawful UI. :blobfoxthinkgoogly:​

Rairii,
@Rairii@haqueers.com avatar

@Rusty i think i remember reading of at least one in development already

Rairii, to random
@Rairii@haqueers.com avatar

does anyone ship mallory/bob

LivingCooki, to random

This program cannot be run in DOS mode

Rairii,
@Rairii@haqueers.com avatar

@LivingCooki and its cousin, This program requires Microsoft Windows

Rairii, to random
@Rairii@haqueers.com avatar

i hope the people talking about Bluesky mean the ELO song

Rairii,
@Rairii@haqueers.com avatar

i'm going to make a variation of this joke again when bluesky actually starts federating, aren't i

kerouac666, to random
@kerouac666@mstdn.social avatar

My version of porn is watching the Tesla stock price plummet

Rairii,
@Rairii@haqueers.com avatar

@kerouac666 yo skrill drop it hard

foone, to random
@foone@digipres.club avatar

windows 10 won't let you defrag floppy drives.
this is oppression

Rairii,
@Rairii@haqueers.com avatar

@winload_exe @foone i think they removed them at some point in th1 dev then added them back later in th1 dev

Yuki, to random
@Yuki@im-in.space avatar

I found the power plug of my Surface RT but I have to hold it like this so it charges and I'm not even sure it's gonna work

but hey, if it works I can jailbreak it and put postmarketOS or sth

Rairii,
@Rairii@haqueers.com avatar

@Yuki sounds like my old self-signed efi loader into the grub binary i hacked together that nobody ever got to work haha

Rairii, to random
@Rairii@haqueers.com avatar

remember the ultimately unreleased subor z+?

and how the main DRM on the thing was to be TPM-only bitlocker (with an additional side of cipolicy enforcing UMCI)?

that thing would have had haxx VERY QUICKLY had it released

i have an (incomplete) copy of the last devkit recovery somewhere

the funniest thing i remember seeing when i looked at the installer? how it saved the bitlocker recovery key, in a zip file, using the broken zipcrypto and a hardcoded password, to the efi system partition

Rairii, to random
@Rairii@haqueers.com avatar

hahaha, yaseenho soxxer

Rairii, to random
@Rairii@haqueers.com avatar

hxxps://software.dreamwiz.com/WTPSetup.exe - korean PUP/adware.

C2s: www.noform.co.kr ; www.networkbence.co.kr

NanoRaptor, to random
@NanoRaptor@bitbang.social avatar

Some assembly required.

Rairii,
@Rairii@haqueers.com avatar

@herdsoft @NanoRaptor kind of. https://github.com/Gekkio/gb-research/tree/main/sm83-cpu-core

  • All
  • Subscribed
  • Moderated
  • Favorites
  • normalnudes
  • kavyap
  • GTA5RPClips
  • vwfavf
  • DreamBathrooms
  • mdbf
  • magazineikmin
  • Youngstown
  • ngwrru68w68
  • slotface
  • thenastyranch
  • ethstaker
  • khanakhh
  • rosin
  • megavids
  • InstantRegret
  • modclub
  • osvaldo12
  • anitta
  • everett
  • Durango
  • cisconetworking
  • cubers
  • Leos
  • provamag3
  • tacticalgear
  • tester
  • JUstTest
  • All magazines
    •