Major issue with CrowdStrike Falcon Sensor causing massive Windows 10 outages globally.

Fleets of 50k+ machines stuck in BSOD loop. 70%+ laptops down in some orgs.

Workaround:
1. Safe Mode
2. Delete C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys
3. Reboot

Regions impacted: EU-1, US-1, US-2, US-GOV-1, AU, MY, NZ

Check systems & invoke IR plans ASAP!

#CrowdStrikeCrisis #Windows10BSOD

"many 911 and non-emergency call centres are not working correctly across the State of Alaska"

Periodic reminder that "security by shoving in more complexity" is an especially bad idea in case of critical infrastructure...

#CrowdStrike

#dubtechno
https://www.youtube.com/watch?v=c_8NKt0VrrE

https://github.com/m3n0sd0n4ld/GooFuzz

A powerful tool indeed.
https://blog.projectdiscovery.io/ultimate-nuclei-guide/

You open up a Commodore 64, and the box says "welcome to the world of friendly computing."

You turn on a modern PC, and it immediately threatens your data unless you agree to save your data to *their* cloud service.

That right there is why we talk about vintage computers. Folks need to be reminded of what's possible.

#Commodore64 #VintageComputing

Evaluating Security of banking apps against mobile theft: a Monzo case study https://fortbridge.co.uk/research/evaluating-security-of-banking-apps-against-mobile-theft-a-monzo-case-study/

It's been 4 years since I started working as a penetration tester so I'm barely a medior but I realized a hard truth (actually @buherator made me realize this, haha) during this journey. You can be a pentester without any special programming knowledge, knowing only some bash/python scripting will get you somewhere but if you
really wanna advance in this field you gotta learn programming properly.

This is why i'm dipping my toes in C2 client/server development as im progressing through the book "Advanced Penetration Testing" by Wil Allsopp. I'm probably not gonna use these practice tools in a real engagement but I think it'll be profitable to see how these kind of tools are built from the ground up.

In the last week I've posted some tutorials intended for beginners regarding the exercises in the book:

https://cygnus.mataroa.blog/blog/apt-insights-part-1-vba-and-vbs/
https://cygnus.mataroa.blog/blog/apt-insights-part-2-command-and-control/
https://cygnus.mataroa.blog/blog/apt-insights-part-21-cc-dev-environment-with-visual-studio-and-vcpkg/

https://www.amazon.com/Advanced-Penetration-Testing-Hacking-Networks/dp/1119367689

Techno can be spiritual.
https://music.youtube.com/watch?v=4wD42Axkv9s&si=OwrdQFbCTDQbbtId

The year is 2030.

Computers boot directly into the browser. IDEs are just a web app now, running in the GPU. No one knows why. Or how.

All programs run in 4 nested containers on top of a hypervisor abstracting over the 5 major computational clouds. The last time a branch was predicted correctly, in any CPU anywhere, was 4 years ago.

Cloud costs are withdrawn directly from your retirement fund.

Ext7 just came out, it's written in Javascript and uses AI to guess what the file may contain.

Just published age v1.2.0 ✨

Minor release:

• binaries built with Go 1.22.4
• plugin client API
• CLI edge case fixes
• RecipientWithLabels to make auth'd or post-quantum recipients

Very happy about the last point, it was the last hardcoded thing about scrypt recipients.

https://github.com/FiloSottile/age/releases/tag/v1.2.0

https://blog.sofiane.cc/ssh_honeypot/

#dubtechno <3
https://music.youtube.com/watch?v=HUDdY973AuM&si=lz2Lsfri2kpcNs9p

#ambient
https://music.youtube.com/playlist?list=OLAK5uy_mih314KXhI2JvTgwIviMYJsfDo4XrPSUY

Encrypt/decrypt with SSH keys https://yurichev.com/n/SSH_encrypt/

#dubtechno <3
https://music.youtube.com/playlist?list=OLAK5uy_lVDviT_IRVx-bwnFo5v_RNxKDk0ivcaYQ

https://blog.f-secure.com/dechaining-macros-and-evading-edr/

hola @buherator !