Posts
4252
Following
736
Followers
1631
"I'm interested in all kinds of astronomy."
repeated

Maybe a bit of an explanation why it does this:

When a new user is logging on, Windows needs to load the users class hive. Since the user isn't logged on before logging on (tautology, I know), it can't be loaded in the context of the user. So it is loaded in the context of NT AUTHORITY\SYSTEM.

LegacyHive abuses this.

It messes with the Windows Object Manager and instead of the actual UsrClass.dat hive points at C:\randomGUID\UsrClass.dat. then it places an oplock on that file and starts an (interactive) logon for the user whose Object Manager path has been manipulated.
This leads Windows to try to open the file, but it can't, because of the Oplock. So the process looks at the Object Manager namespace again, finds a symlink (also manipulated by LegacyHive) and loads that instead, attaching it as the class hive for the user it is trying to create an interactive session for.
The load succeeds because, as I mentioned earlier, Windows falls back to NT AUTHORITY\SYSTEM when it doesn't have a user context yet.

Hope this makes at least some sense blobcatgoogly2

https://infosec.exchange/@kallisti/116924531318272148

1
5
0
repeated

The V Programming Language

V 0.5.2 is out! It's our biggest release yet.

1400+ items in the changelog: https://github.com/vlang/v/releases#release-0.5.2

0
1
0
repeated

New: the highly controversial AI music generator Suno was hacked. The hacker sent us Suno source code; it shows the company scraped YouTube Music, Deezer, and Genius. In all, Suno scraped *decades* worth of music from the internet. Obviously didn't pay artists https://www.404media.co/hack-reveals-suno-ai-music-generator-scraped-youtube-deezer-and-genius/

0
15
0
"In addition to this, two months before the March breach, Stokes had published to his 'Bouquet' user account on the breached platform a photo of what appeared to be his school homework. In the top righthand corner of the homework was the name 'Peter William Stokes.'"

https://www.zetter-zeroday.com/tracking-peter-stokes-and-the-com-allison-nixon-and-her-work-unmasking-cybercriminals/
0
1
1
repeated

When Peter Stokes (Scattered Spider's "Bouquet") was arrested in Finland this month, people speculated that his real identity had been unmasked by Microsoft using the Windows GDID assigned to his computer. GDID *was* used to trace crimes to his computer, but Unit 221B's Allison Nixon tells me he had been unmasked in 2023, long before he committed the biggest crimes mentioned in his indictment. I spoke with her about tracking Stokes and other members of The Com, and why these cybercriminals brag about their crimes online and are so reckless about drawing attention to themselves and leaving a trail of evidence. We also talked about why, if Stokes had been identified in 2023, it took until 2026 to arrest him.

https://www.zetter-zeroday.com/tracking-peter-stokes-and-the-com-allison-nixon-and-her-work-unmasking-cybercriminals/

1
4
0
repeated

@jbz
This is how it all started.
"Processing personal information of children is illegal"
"Cool, I'll ask users if they're adult at registration, and if they lie that's their problem"
"Nope, still illegal, still your problem"
"Ok so how do I prevent children from accessing my website so that I don't accidentally process their personal information?"

Thinking in terms of children leads nowhere. We must ban computers from using humans regardless of age, otherwise we'll end up with age verification

0
1
0
repeated
repeated

Dear Malta Gaming Authority,
Yes, I hacked you, and the data obtained has been shared with media partners, authorities,….

And yes, we will expose the organized crime enablement schemes you created while presenting yourselves as a “legitimate public service”.

1
9
0
repeated
Edited 9 hours ago

So if you lurk in any AI subreddit, discord, forum, or issue tracker, its pretty obvious that the answer to "how do people trust these things when they make mistakes literally all the time and its impossible to know when" is that there is a general conspiracy theory that whenever the model does bad output it is the AI company nerfing their model on purpose: for anthropic, its that they are compute strapped. For openAI, getting sued or cucked. Google is that google just sort of fucks their own shit up all the time, same with Microsoft.

This kind of post basically dominates all of these forums. That systemic failures are one-off byproducts of the momentary malevolence of the companies. The gambler only complains about the house always winning when the house wins bigger than usual.

8
6
0
repeated

RE: https://infosec.exchange/@hnsec/116923239649243702

My C/C++ ruleset is ready for prime time again!

Grab it before our new robot overlords take over the field of entirely 🤖

0
2
0
repeated

"I'm very glad," said Piglet happily, "that I thought of giving you Something to put in a Useful Pot."

0
1
0
repeated

discovered and reported to @certcc 11 old Microsoft-signed UEFI shim bootloaders that allow bypassing UEFI Secure Boot on most UEFI systems. Read about it at https://www.welivesecurity.com/en/eset-research/forgotten-uefi-shims-undermining-secure-boot/
Tracked by -2026-8863 and -2026-10797, all these vulnerable shims were revoked in Microsoft’s June Patch Tuesday updates.

https://www.cve.org/CVERecord?id=CVE-2026-8863

https://www.cve.org/CVERecord?id=CVE-2026-10797
Exploiting these vulnerable shims allows execution of untrusted code at system boot by using the Bring Your Own Vulnerable Driver (#BYOVD) technique, enabling deployment of malicious UEFI bootkits on systems that trust the Microsoft Corporation UEFI CA 2011 certificate.
What makes these old shims dangerous is not a novel vulnerability, it’s that no new vulnerability is needed to bypass Secure Boot. Just an old, still-trusted, unrevoked shim and basic knowledge of how UEFI works is enough to bypass UEFI Secure Boot and deploy a UEFI bootkit.
For more details and instructions on how to verify that the dbx patches were properly applied on your system, read our blogpost:
https://www.welivesecurity.com/en/eset-research/forgotten-uefi-shims-undermining-secure-boot/

0
4
0
LegacyHive : Windows user profile service arbitrary hive load elevation of privileges vulnerability

https://github.com/MSNightmare/LegacyHive
0
1
0
[RSS] I handed the epoll UAF to an agent

https://guysrd.github.io/epoll-uaf-agent
0
0
0
repeated

Idle thought: you can have progressive JPEGs in which coefficients for lower-frequency components are sent first and the detail is refined as more data arrives.

I'm sure you can abuse this to construct a *regressive* JPEG that looks good with the initial low-frequency data and then degrades into something terrible.

3
3
0
repeated

COMPART/SAURUS.GIF

0
3
0
@terinjokes You'd have a bright future in the budget airline biz!
0
0
0
repeated

Remarkable transparency from CISA here. After years of telling orgs to have a playbook for security incident handling, they had a security incident themselves.. and no playbook on how to respond. https://techcrunch.com/2026/07/10/us-cyber-agency-cisa-had-to-build-its-incident-playbook-during-the-incident-agency-reveals/

4
9
0
repeated

Jesus christ. I just watched ChatGPT consult the Merriam-Webster dictionary for firewall syntax.

2
3
0
Show older