A pentester felt like he’s the smartest one in the room and decided to brag and share a redacted screenshot of a private key that gave him access to the client’s infrastructure. And of course, he redacted just ~half of the key. This didn’t go unnoticed and he got an instant reality check. The whole key was recovered just from the redacted image: https://blog.cryptohack.org/twitter-secrets

CryptoHack

Recovering a full PEM Private Key when half of it is redacted

The @CryptoHack\_\_ account was pinged today by ENOENT, with a CTF-like challenge found in the wild: Source tweet. Here’s a write-up covering how given a partially redacted PEM, the whole private key can be recovered.

https://soundcloud.com/voxnoxberlin/premiere-giovanni-carozza-einatmen-kalte-liebe-remixiht005

SoundCloud

Einatmen (Kalte Liebe Remix)[IHT005]

Voxnox exclusive Premieres got created to support labels, renowned/ emerging artists, and friends from the scene. Support the label buy it here: https://inheritberlin.bandcamp.com/album/ausdauer-ep-i

https://www.youtube.com/watch?v=Y3eDV6mK5VE

YouTube

Tech Subscriptions Are Out of Control

In this video I discuss some of the crazy new tech subscriptions that companies want to charge people for, like the forever, mouse, smart sous vide cookers, and Amazon's Alexa assistant. My merch is available at https://based.win/ Subscribe to me on Odysee.com…

Parent Process ID Spoofing, coded in CGo.

https://github.com/EvilBytecode/PPID-Spoofing

GitHub

GitHub - EvilBytecode/PPID-Spoofing: Parent Process ID Spoofing, coded in CGo.

Parent Process ID Spoofing, coded in CGo. Contribute to EvilBytecode/PPID-Spoofing development by creating an account on GitHub.

Keylogger in Go

https://github.com/EvilBytecode/Keylogger

GitHub

GitHub - EvilBytecode/Keylogger: Go keylogger for Windows, logging keyboard input to a file using Windows API functions, and it…

Go keylogger for Windows, logging keyboard input to a file using Windows API functions, and it is released under the Unlicense. - EvilBytecode/Keylogger

Run Silent, Run Deep

In the battle between the attacker and defender, the advantage usually goes to:

? Whoever achieves the higher level of privilege
➡️ Whoever loads their code first

Multi-ring privilege models have been around for ages (and will continue to be in the foreseeable future).
Though the IA-32 family supports four privilege levels, back in the early 1970s the Honeywell 6180 CPU supported eight rings of memory protection under Multics (Multiplexed Information and Computing Service).

Regardless of how many rings a particular processor can utilize, the deeper a rootkit can embed itself the safer it is.
Once a rootkit has maximized its privilege level, it can attack security software that is often running at lower privilege levels.

Assuming that both the attacker and defender have access to Ring 0 privileges, one way to gain the upper hand is to load first.
By executing during system startup, a bootkit is in a position where it can capture system components as they load into memory, altering them just before they execute. In this fashion, a bootkit can disable the integrity checking and other security features that would normally hinder infiltration into the kernel.

"The Rootkit Arsenal: Hiding in the Darkest Corners of the OS" by Bill Blunden

privilege mode switching while monitoring a notepad.exe process and saving a text file (WriteFile call stack in Process Monitor)

Dynamic null-free reverse TCP shell on assembly x64

https://shell-storm.org/shellcode/files/shellcode-907.html