Cubic

On Friday, July 19, 2024, a single piece of software ground a good chunk of the planet to a screeching halt when someone at CrowdStrike deployed a system driver file filled with zeroes. Threat and state level actors can only dream of having backdoor, kernel level access to the OS of the hundreds of thousands, if not millions, of machines that CrowdStrike Falcon has been installed on. If you are a top level IT manager and use Microsoft Defender, SentinelOne, Huntress, or other Enterprise Endpoint Detection & Response (EDR) remote management solutions, you are probably patting yourself on the back and thinking to yourself, "Whew! We just dodged a bullet!" No. You are still someone who doesn't actually understand the fundamentals of system and network security. True system and network security isn't dependent upon a single piece of magical software that solves all of your problems. It is a combination of first hardening of the mind to trust nothing and trust ...

The European Union is, once again, attempting to dictate global policy way outside their jurisdiction. I run uBlock Origin and Ghostery (you should too!), which already deals with the things GDPR was largely concerned with. The GDPR made the average web browsing experience worse, not better. The Digital Services Act (DSA) expands upon GDPR in a way that supposedly targets very large companies but, digging into it, it actually appears to affect businesses of all sizes. Let's say you run a small business and you have a website. That website has a domain (DNS) that is issued by a registrar (e.g. GoDaddy, NameCheap, etc.) and is hosted on a third party service (e.g. a VPS provider like AWS, DigitalOcean, OVH, etc. or a shared hosting provider like 1&1, GoDaddy, etc.) and then speeds up global content delivery of static assets via a CDN (e.g. CloudFlare). If you are a website developer/admin, all of this sounds perfectly normal and completely innocuous to you. Now let's ...

Here is a lovely but slightly redacted image: There's a lot going on here, so let me explain. First off, the Command Prompt is no ordinary Command Prompt. See the title bar of the window? 'cmd.exe' is running as NT AUTHORITY\SYSTEM, the most powerful user account in Windows, on my desktop as a child process of a non-elevated process via the assistance of a temporary NT System Service. A procedure that had never been done before May of 2021. I recommend reading this post (and watching the really cool video I made about it) if you haven't already done so. In short, we're already in completely uncharted territory on Windows. Since the parent process is running as NT AUTHORITY\SYSTEM, it is one step away from being able to create security tokens for other users without the user's credentials (i.e. without the user's password, biometrics, etc). The above command creates an elevated token for a user in the Administrators group from scratch, routes st...

Okay, I'm writing this post because I'm tired of hearing "There is [MULTIPLE]" spoken everywhere and figured I'd attempt to fix this particular pet peeve. "There is" or "There's" followed by a 'multiple' is incorrect English. Likewise, "There are" or the cringe-worthy "There're" followed by a 'singular' is also incorrect. Substituting "There's" when "There are" (or "There're") should be used is also incorrect. Let me provide an example: "There's no problems to report." No. You are wrong. "There ARE quite a few problems to report." Especially with your lack of decent English. Has everyone forgotten how to speak English properly? Knowing how to communicate with complete, properly formed sentences is the foundation of a stable, functional society. Congratulations! You are about to learn how to decide when to say IS vs. ARE, which...

I recently came up with a completely brand new way to start processes on Microsoft Windows that's never been done before. Specifically, starting a child process of a non-elevated user as a completely different user. For those who want to understand and learn new things, here's an in-depth video on how it all works: The video covers the complex topic of Microsoft Windows security objects, moves into looking at security objects with the CubicleSoft GetTokenInformation tool , trash talks Microsoft a few times, gets into a very brief demo of some major enhancements of the CubicleSoft CreateProcess command-line tool , and finally covers how the new enhancements to the CreateProcess command-line tool work under the hood. In the video though, I only briefly demo the CreateProcess tool. That may be a slight disservice to the work that was done. So in this post, I want to cover some of the really cool things that were hand-waved over. First off, did you know that an Administ...

It has been several years since the Amazon Cloud Drive service API went from "okay" to "completely non-functional." Since I haven't used the service for quite a while, I figured it would be an okay time to reveal how I used to use Amazon Prime Photos as an unlimited storage backup service. It all starts with modifying the JPEG file format in ways not really conceived of before. The JPEG file format is a chunked, structured binary file format. What this means is that JPEG format reserves the 0xFF byte for "markers" for the start of each "chunk" and each chunk has a specific structure. For example, a JPEG image starts with the Start of Image (SOI) marker, which is 0xFF 0xD8, so we know that if we see that sequence, we have found the start of a JPEG image. Similarly, the End of Image (EOI) marker is 0xFF 0xD9, which means we have found the end of a JPEG image. There are many other markers for specific purposes that have been reserved f...