1827 Posts In Total

so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer


After the Dark, 2013

After the Dark, 2013

Grade inflation

Don’t worry kids, grade inflation has been going on so long, the people who could notice you’re not learning shit are dead.


Stupid

I’m stupid, but most of people I meet are way fucking stupider than me.

Mankind is fucking stupid.


AD CS - New Ways to Abuse ManageCA Permissions

This report documents a local elevation of privilege vulnerability in Active Directory Certificate Services (AD CS). The vulnerability is caused by a race condition vulnerability when Certsrv creates CRL files. Any standard user with a ManageCA ACL on the CA can publish CRL Distribution Points (CDPs) and move arbitrary files to a restricted directory (for example, C:\Windows\System32). An attacker could exploit this vulnerability to write a DLL to the C:\Windows\System32 directory or overwrite the service binary to achieve local privilege escalation. AD CS - New Ways to Abuse ManageCA Permissions


May Henry Kissinger rot in hell

May Henry Kissinger rot in hell

Depressing lives

What’s truly depressing is not that people live depressing lives, but that people choose to continue living that way.


Walkabout, 1971

Walkabout, 1971

Hellhounds: operation Lahat

In 2023, our Positive Technologies Computer Security Incident Response Team (PT CSIRT) discovered that a certain power company was compromised by the Decoy Dog trojan. According to the PT CSIRT investigation, Decoy Dog has been actively used in cyberattacks on Russian companies and government organizations since at least September 2022. This trojan was previously discussed by NCIRCC, Infoblox, CyberSquatting, and Solar 4RAYS.

However, the sample we found on the victim’s host was a new modification of the trojan, which the adversaries altered in such a way as to make it harder to detect and analyze.

As far as we can tell, the APT group Hellhounds that uses Decoy Dog only targets organizations located in Russia. Remarkably, the attackers were using the command-and-control (C2) server maxpatrol[.]net to impersonate Positive Technologies MaxPatrol products. Positive Technologies products contain all indicators of compromise mentioned in this article in their databases. Hellhounds: operation Lahat


Waiting

We’re all just waiting to die.


Death of the West

I honesty think that most despair about the “Death of the West” and some sort of global catastrophe is really just anxiety over the fact that people are aware that the society we created is not sustainable. It operates mostly normally right now but once this generation of internet-obsessed sewer people obsessed with porn and mass media get put in charge? It’s almost impossible to imagine a future with these people. They don’t want to work, they’re poorly educated, they live in their computer screens more than the real world, they’re insincere and depraved, they constantly moralise and make political gains by manipulating people with a victimisation narrative, they’re profoundly mentally ill and often suicidal, and the list goes on.


Death

Death isn’t what we think. Death is the permanent loss of potential. Giving up is dying. This is why I keep walking, although my steps are wobbly and nothing is certain in my life. Whenever something I have worked towards for years reaches completion, I know I’m alive.


Crusoe, 1988

Crusoe, 1988

Event Horizon, 1997

Event Horizon, 1997

Fear and loathing

Nietzsche was right about everything, hope is the worst of all evils.

People love the Internet even and especially when it ceases to love them back because it’s the distraction of distractions, and distractions are today’s substitute for hope as we’re all nihilists or positivists or whatever even if in denial. The Internet is so much worse than it was, and any satisfaction therein all but gone, but we’ll do anything to not look directly into the abyss before us, because the moment you make that eye contact you need to think about life in practical immediate terms, which is the last thing anyone wants to do.

There’s so many things I know I should do, and that I can do if only in some abstract technical sense. But I don’t do them. Instead I look at anything else. Isn’t this what’s meant by life denying? I’ve lived my entire so called life this way, it’s so hard in some inexplicable way to do anything, I never learned to learn, I want to want, and here at the end I realize there’s nowhere to begin. It’s not too late, but I want it to be, because with every passing moment what’s demanded of me, what should be done, it grows while my potential and strength shrink in proportion.

I’m so tired yet I’ve never done anything. I’d give anything to be 20 again to waste a few more moments in that buffer against reality called youth. Nothing would change likely, but I yearn for reprieve, and is that not why I’m writing this, to put a moment between me and starting …


The Champagne Murders, 1967

The Champagne Murders, 1967

Intercepting Flutter Based Application Traffic Using iptables

We will dive into the practical aspect of configuring iptables to capture traffic originating from a Flutter application. By following a series of iptables commands, we’ll reroute the network traffic from your Flutter application to Burp Suite for interception and to perform pen-testing.

Below commands allow us to intercept traffic destined for a specific IP address and port and redirect it to Burp Suite. Intercepting Flutter Based Application Traffic Using iptables


Create Reflective DLL for Cobalt Strike

This blog post aims to solve a problem I faced when using opensource tooling with Cobalt Strike.

During my security assessments I often rely on tooling developped in Python, C#, Go or C/C++. Opensource tools are very often built to produce a PE file that doesn’t fit well on red team engagement as we prefer to avoid uploading and executing file on disk. For Python tools, we need a SOCKS proxy but C2 SOCKS are quite slow as the SOCKS traffic is over the egress C2 traffic of the beacon.

In this blogpost I’m going to show how I ported 2 tools so that they produce a Reflective DLL (RDLL) which could be used in CobaltStrike and executing everything from memory. Create Reflective DLL for Cobalt Strike


Hate

What happened that made the majority of people prefer talking about things they hate instead of things they like?


No nukes versus nukes

No nukes versus nukes

Death

I’m afraid of everything but death.