Mikina @ Mikina @programming.dev

Posts

5

Comments

482

Joined

2 yr. ago

I'm sure there's a lot of CS employees that would disagree with that, unfortunately there's probably not much they can do about it.

I was just a few days ago giving my two weeks notice exactly for that reason. I'm getting so fed up with capitalism and companies working for the vultures who give zero fucks about what you do or whether you do it well or not, prioritizing profits over actually doing your job well. I don't care about money, I worked in cybersec out of principle, to help people with their security. I don't really care about money, as long as there's job to be done for someone, I don't really care if the project I'm working on is super profitable for me, as long as it at least breaks even. But no, we had to cut corners, basically scam our customers by selling products we had no qualified people for who barely scraped by enough results for the customer to not notice it. Non-existent R&D or training, because several milions of anuall profit are not enough. Fuck all of them, if I'm ever going to work again in cybersec, it will be a non-profit.

This OP's article infuriates me, the nerves they have to demand more money for what's entirely their failure, which they also directly cause in every company they touch. I'm sure that the fact that the failure was so devastating for most companies is also by large margin fault of their investors, some of which are probably also part of this lawsuit, that blocked investment into disaster recovery plans or backups, because their millions of profit per year felt low.

I feel like I'm getting pretty radicalized recently, ugh.

While I'm all for holding CS accountable for what happened, thisis not the way how to do it and to whom they should be accountable. If there's any lawsuit, it should come from the customers who have been affected by the outage, not some fucking investors and shareholders that probably kept pressuring CS for the last several years to reduce costs and increase revenue, that are now scrambling to avoid consequences of their endless greed ruining companies they don't care about by forcing endless growth at all costs and doing as much as they can to prevent internal investments, because that's not what makes the line go up.

Fuck them. I hope they loose and have to eat their losses + expensive lawsuit. If CS would be able to actually invest their revenue internally, instead of it feeding pockets of greedy investors who give literaly zero fucks about the product or the service, this may not have happened.

I saw that happen at the cybersecurity company I was working at, when we got acquired by investors. Several milion of profit after costs suddenly wasn't enough, and we had to reduce already non-existent internal projects or investments, that we have already been lacking to be able to do our job properly.

A random account on FB, with only like one or two mutual friends and a name and profile picture both being reference to Tim Burton's movies has messaged me because of a photo of me on a local old school goth festival. We started talking and hit it off pretty well, and eventually decided to meet. No-one of my friends knew who she was, I never saw any of her real pictures or had any indication whether I'm being scammed, catfished, or who the hell it is, other than her mentioning that she was part of the local goth scene several years ago, before I started participating.

We decided to eventually meet before another party, and I went in half expecting I'll just get a funny catfish story out of it, but I like collecting funny stories so why not. And she promised to bring alcohol, so all I was risking was one awkward afternoon I'd spend getting drunk with someone.

We both arrived already tipsy, and I was met at the train station with a really nice looking girl carrying three bottles of mead, which we've managed to drink on the way to the party. It was amazing experience and we hit it off immediately and it was basically love at first sight. Both of us could hold our drinks well, and we got to the party pretty drunk but nowhere near too drunk - I can drink a lot and be OK (not that I do it too often), and it's rare when I meet someone who can keep up with me.

When we arrived, it turned out that half of the people already knows her, because she indeed was part of the scene around five years before my time, before she got into a really bad relationship she couldn't get out of due to mortage for several years, cutting contact, but she changed her nickname so no one realized it was her I was talking about. She just got out of the relationship by moving out within a day because she found out he was cheating on her, and few months after that randomly decided to message me, because she saw me on photos with her highschool classmate - who was also my best friend who got me in the scene several years before that (I'm around 6 years younger than both of them), and her friend convinced her to just give it a try and message me.

We've been together for almost 6 years, moved together four years ago, and we've eventually started DJing and hosting our own goth parties, among other things, while also helping local promoters with their events. All in all, it's good, but it was a pretty random luck that we've met.

VRAM would be 810Gb/403Gb/203Gb for FP16/FP8/INT4 for interferrence, according to their website.

I'm not sure what "FP16/FP8/INT4" means, and where would GTX 4090 fall in those categories, but the VRAM required is respectively 810Gb/403Gb/203Gb. I guess 4090 would fall under the INT4?

What's happening? This is a second article today where I'm getting the following error. I've never encountered that before, and I'm not even on a VPN. Is it some kind of new regulation? I've literally never saw a similar error before, yesterday was my first time.

They should have just add more rainbows to the skin, and make it as gay as possible.

I mean, if it's *just ** a normal screen-sized website, that already makes it a lot easier. Not having to deal with responsiveness bullshit would make webdev a lot better experience. That is assuming "normal screen" means 19201080, or whatever is the median screen size.

One important thing about CS was that it's also marked as a boot-start driver. That flag tells the OS that it can't boot without it no matter what happens, aside from safe mode, and iirc if your driver doesn't have that flag, which drivers probably shouldnt have, from how I understand it if such a boot loop would happen due to a faulty non-boot-start driver, the system will recognize that and simply disable it.

What stops you from tampering with the game folder, and changing the function that sends the hash, to send a pre-calculated and valid value, instead of calculating it from real files you are running?

Isn't that, like, illegal?

• OrangePi with HomeAssistant and PiHole.
• Old gaming PC turned 24/7 server with Jellyfin, V-Rising server
• Hetzner cloud with Matrix server for Messenger and Discord bridging.
• Synology NAS for SMB and sharing stuff with others through Synology Drive, which also serves as a seedbox for Redacted.ch, with Headphones and Transmission.

I might be wrong, but from how I understand it it probably wouldn't help. Kernel drivers have a rigorous QA and cert by Microsoft if you want to get them signed, which is a process that may take a long time - longer than you can afford when pushing updates to AV/EDR to catch emerging threats. What Crowdstrike does to bypass this requirement is that the CS Falcon is just an engine, that loads, interprets and executes code from definition files. The kernel driver code then doesn't need to change, so no need for new MS cert, and they can just push new definition files. So, they kind of have to deal with unsafe in this case, since you are executing a new code.

I'm not. I vaguely remember seeing it in some posts and comments, and it would explain it pretty well, so I kind of took it as a likely outcome. In hindsight, You are right, I shouldnt have been spreading hearsay. Thanks for the wakeup call, honestly!

We found a RCE on a server during pentest. In KOBOL.

Learning how to make a reverse shell in KOBOL was pretty unique experience. Thankfully, we found another path to DA ajd didn't have to continue, but maan, learning KOBOL, especially of your use-case is niche, is borderline esoteric.

I see a lot of hate ITT on kernel-level EDRs, which I wouldn't say they deserve. Sure, for your own use, an AV is sufficient and you don't need an EDR, but they make a world of difference. I work in cybersecurity doing Red Teamings, so my job is mostly about bypassing such solutions and making malware/actions within the network that avoids being detected by it as much as possible, and ever since EDRs started getting popular, my job got several leagues harder.

The advantage of EDRs in comparison to AVs is that they can catch 0-days. AV will just look for signatures, a known pieces or snippets of malware code. EDR, on the other hand, looks for sequences of actions a process does, by scanning memory, logs and hooking syscalls. So, if for example you would make an entirely custom program that allocates memory as Read-Write-Execute, then load a crypto dll, unencrypt something into such memory, and then call a thread spawn syscall to spawn a thread on another process that runs it, and EDR would correlate such actions and get suspicious, while for regular AV, the code would probably look ok. Some EDRs even watch network packets and can catch suspicious communication, such as port scanning, large data extraction, or C2 communication.

Sure, in an ideal world, you would have users that never run malware, and network that is impenetrable. But you still get at avarage few % of people running random binaries that came from phishing attempts, or around 50% people that fall for vishing attacks in your company. Having an EDR increases your chances to avoid such attack almost exponentionally, and I would say that the advantage it gives to EDRs that they are kernel-level is well worth it.

I'm not defending CrowdStrike, they did mess up to the point where I bet that the amount of damages they caused worldwide is nowhere near the amount damages all cyberattacks they prevented would cause in total. But hating on kernel-level EDRs in general isn't warranted here.

Kernel-level anti-cheat, on the other hand, can go burn in hell, and I hope that something similar will eventually happen with one of them. Fuck kernel level anti-cheats.

Why does this need to be installed here when previously agentless technologies was sufficient

As someone who works in offensive Cybersecurity doing Red Teamings, where most of my job is to bypass and evade such solutions, I can say that bypassing agent less technologies is so much easier than agented ones. While you can access most of the logs remotely, having an agent helps you extremely with catching 0-day malware, since you can scan memory (that one is a bitch to bypass and usually how we get caught), or hook syscalls which you can then correlate.

Oh, an unknown unsigned process just called RWX memory allocation, loaded a crypto binary, and spawned a thread in another process that's trying to execute it? Better scan that memory and see what it's up to. That is something you cannot do remotely.

From what I've heard, didn't the issue happen not solely because of CS driver, but because of a MS update that was rolled out at the same time, and the changes the update made caused the CS driver to go haywire? If that's the case, there's not much MS or CS could have done to test it beforehand, especially if both updates rolled out at around the same time.

From what I've heard and to play a devil's advocate, it coincidented with Microsoft pushing out a security update at basically the same time, that caused the issue. So it's possible that they didn't have a way how to test it properly, because they didn't have the update at hand before it rolled out. So, the fault wasn't only in a bug in the CS driver, but in the driver interaction with the new win update - which they didn't have.

I wouldn't call Crowdstrike a corporate spyware garbage. I work as a Red Teamer in cybersecurity, and EDRs are bane of my existence - they are useful, and pretty good at what they do. In the last few years, I'm struggling more and more to with engagements we do, because EDRs just get in the way and catch a lot of what would pass undetected a month ago. Staying on top of them with our tooling is getting more and more difficult, and I would call that a good thing.

I've recently tested a company without EDR, and boy was it a treat. Not defending Crowdstrike, to call that a major fuckup is great understatement, but calling it "corporate spyware garbage" feels a little bit unfair - EDRs do make a difference, and this wasn't an issue with their product in itself, but with irresponsibility of their patch management.