Skip to main content

Posts

CrowdStrike Falcon was ALWAYS a bad idea

On Friday, July 19, 2024, a single piece of software ground a good chunk of the planet to a screeching halt when someone at CrowdStrike deployed a system driver file filled with zeroes. Threat and state level actors can only dream of having backdoor, kernel level access to the OS of the hundreds of thousands, if not millions, of machines that CrowdStrike Falcon has been installed on. If you are a top level IT manager and use Microsoft Defender, SentinelOne, Huntress, or other Enterprise Endpoint Detection & Response (EDR) remote management solutions, you are probably patting yourself on the back and thinking to yourself, "Whew! We just dodged a bullet!" No. You are still someone who doesn't actually understand the fundamentals of system and network security. True system and network security isn't dependent upon a single piece of magical software that solves all of your problems. It is a combination of first hardening of the mind to trust nothing and trust ...
Recent posts

The EU Digital Services Act (DSA) is very bad for everyone

The European Union is, once again, attempting to dictate global policy way outside their jurisdiction. I run uBlock Origin and Ghostery (you should too!), which already deals with the things GDPR was largely concerned with. The GDPR made the average web browsing experience worse, not better. The Digital Services Act (DSA) expands upon GDPR in a way that supposedly targets very large companies but, digging into it, it actually appears to affect businesses of all sizes. Let's say you run a small business and you have a website. That website has a domain (DNS) that is issued by a registrar (e.g. GoDaddy, NameCheap, etc.) and is hosted on a third party service (e.g. a VPS provider like AWS, DigitalOcean, OVH, etc. or a shared hosting provider like 1&1, GoDaddy, etc.) and then speeds up global content delivery of static assets via a CDN (e.g. CloudFlare). If you are a website developer/admin, all of this sounds perfectly normal and completely innocuous to you. Now let's ...

The craziest command line I've run to date

Here is a lovely but slightly redacted image: There's a lot going on here, so let me explain. First off, the Command Prompt is no ordinary Command Prompt. See the title bar of the window? 'cmd.exe' is running as NT AUTHORITY\SYSTEM, the most powerful user account in Windows, on my desktop as a child process of a non-elevated process via the assistance of a temporary NT System Service. A procedure that had never been done before May of 2021. I recommend reading this post (and watching the really cool video I made about it) if you haven't already done so. In short, we're already in completely uncharted territory on Windows. Since the parent process is running as NT AUTHORITY\SYSTEM, it is one step away from being able to create security tokens for other users without the user's credentials (i.e. without the user's password, biometrics, etc). The above command creates an elevated token for a user in the Administrators group from scratch, routes st...

PSA: "There is MULTIPLE" is wrong

Okay, I'm writing this post because I'm tired of hearing "There is [MULTIPLE]" spoken everywhere and figured I'd attempt to fix this particular pet peeve. "There is" or "There's" followed by a 'multiple' is incorrect English. Likewise, "There are" or the cringe-worthy "There're" followed by a 'singular' is also incorrect. Substituting "There's" when "There are" (or "There're") should be used is also incorrect. Let me provide an example: "There's no problems to report." No. You are wrong. "There ARE quite a few problems to report." Especially with your lack of decent English. Has everyone forgotten how to speak English properly? Knowing how to communicate with complete, properly formed sentences is the foundation of a stable, functional society. Congratulations! You are about to learn how to decide when to say IS vs. ARE, which...

Starting Processes on Microsoft Windows in a Completely Brand New Way

I recently came up with a completely brand new way to start processes on Microsoft Windows that's never been done before. Specifically, starting a child process of a non-elevated user as a completely different user. For those who want to understand and learn new things, here's an in-depth video on how it all works: The video covers the complex topic of Microsoft Windows security objects, moves into looking at security objects with the CubicleSoft GetTokenInformation tool , trash talks Microsoft a few times, gets into a very brief demo of some major enhancements of the CubicleSoft CreateProcess command-line tool , and finally covers how the new enhancements to the CreateProcess command-line tool work under the hood. In the video though, I only briefly demo the CreateProcess tool. That may be a slight disservice to the work that was done. So in this post, I want to cover some of the really cool things that were hand-waved over. First off, did you know that an Administ...

I turned Amazon Prime Photos into an "unlimited" off-site data backup service via JPEG APP markers

It has been several years since the Amazon Cloud Drive service API went from "okay" to "completely non-functional." Since I haven't used the service for quite a while, I figured it would be an okay time to reveal how I used to use Amazon Prime Photos as an unlimited storage backup service. It all starts with modifying the JPEG file format in ways not really conceived of before. The JPEG file format is a chunked, structured binary file format. What this means is that JPEG format reserves the 0xFF byte for "markers" for the start of each "chunk" and each chunk has a specific structure. For example, a JPEG image starts with the Start of Image (SOI) marker, which is 0xFF 0xD8, so we know that if we see that sequence, we have found the start of a JPEG image. Similarly, the End of Image (EOI) marker is 0xFF 0xD9, which means we have found the end of a JPEG image. There are many other markers for specific purposes that have been reserved f...

Predicting the future of COVID-19

For the past few months, I've been watching the Top 10 countries list for the ever-popular COVID-19 topic of discussion. I'm sure some people have grown tired of it at this point, but I've been tracking India with great interest as they cracked the Top 10 and have roared their way to take a solid #3 spot. There has been ZERO news in mainstream media outlets covering India despite the major influx of cases and the fact that they are really just getting started with COVID-19. What happens in India will impact the rest of the world, including the U.S. (e.g. call centers), so the lack of news is rather disappointing. This post isn't about lamenting the lack of good global news coverage but rather my attempt to write some quick-n-dirty software to crunch some numbers in an effort to predict the future. We know the future is always in flux and so any attempt to predict it will be wrong in some way or other. The first step is to find a good dataset. I went with the Our...