RiskIQ E5 P2+https://www.bloomberg.com/news/articles/2021-07-11/microsoft-is-said-to-be-buying-cybersecurity-company-riskiq …
-
-
Microsoft has products in development for almost every vertical in cybersecurity, and where there’s gaps there’s deep pockets.
3 replies 2 retweets 33 likesShow this thread -
Replying to @GossiTheDog
kinda funny its still all bypassed just using a 10 year old revoked certificate :D
1 reply 1 retweet 7 likes -
-
Replying to @GossiTheDog
ummm- like this this trick:pic.twitter.com/AZAEIuAv8Z
1 reply 0 retweets 7 likes -
Replying to @jonasLyk
Ahhh! I did realise until I left that MS will sign basically any driver, it’s pretty fun.
1 reply 0 retweets 2 likes -
Replying to @GossiTheDog
Jonas L Retweeted Jonas L
https://twitter.com/jonasLyk/status/1378143191279472644 … oh, i sign my own :) anyone can get that cert, revocation and expiry have never been checked
Jonas L added,
Jonas L @jonasLykWIN32 paths inherently unreliable for linking a running process to the filename used to spawn it. Letter based drive association are per LUID, per process and in no way static. Thats part of why NT paths are used for loading drivers. They have their own problems though. pic.twitter.com/SkTEJvXG9cShow this thread1 reply 1 retweet 5 likes -
Replying to @jonasLyk
This probably explains why MS didn’t bother to revoke the Netfilter rootkits.
2 replies 0 retweets 4 likes
bingo ;) its a common misconception to assume that there cannot be 0 security. Secure boot, HVIC, anti tamper, defender etc. bypassed in 5 seconds. Ok, only arb ring 0 code exec, hypervisor is there... But its job is just to only let secure kernel make ring 0 mem exec.....
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.