Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @tklengyel
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @tklengyel
-
Prikvačeni tweet
Do you have an open-source cybersecurity project you would like to see being worked on as part of Google Summer of Code? We
@ProjectHoneynet are collecting ideas & projects for this summer! Submit yours here (even if you wouldn't be able to be a mentor): https://forms.gle/HiZwuf6sdThu6NdU6 …!Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Tamas K Lengyel proslijedio/la je Tweet
To the person who figured out my honeypot is a honeypot could you please stop putting the picture of Pooh bear with a jar of honey on it? Its like this person's life mission, I've blocked him on: - Client - IPs (now on Tor ffs) - The image (he just edits 1 pixel every time...)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
"Our NN is initially in Python for rapid iteration, then converted to C++/C/raw metal driver code for speed" https://twitter.com/elonmusk/status/1224182478501482497 …pic.twitter.com/9ILKY0p4TG
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Tamas K Lengyel proslijedio/la je Tweet
I've been working on making a great benchmarking suite (MMTests, by
@MelGorman1 &@SUSE Perf Team) better for running benchmarks in VMs. Even in multiple VMs, at the same time and "in lockstep" I'll show how far I got, as of now, tomorrow at@fosdemhttps://fosdem.org/2020/schedule/event/testing_automated_performance_testing_virtualization/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Tamas K Lengyel proslijedio/la je Tweet
A helpful tool for quantifying risk... now available via open source from the Netflix Security team! Enjoy!https://medium.com/@NetflixTechBlog/open-sourcing-riskquant-a-library-for-quantifying-risk-6720cc1e4968 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
"Clustering Analysis for Malware Behavior Detection using Registry Data" using DRAKVUF logs: https://pdfs.semanticscholar.org/90fc/79bc788b74edfb07709b97dc1c9fd1497c47.pdf …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Tamas K Lengyel proslijedio/la je Tweet
Happy to announce a new LLVM instrumentation for AFL++ called CmpLog that feeds the fuzzer with comparisons operands extracted with SanCov. https://github.com/vanhauser-thc/AFLplusplus/blob/master/llvm_mode/README.cmplog.md … I used it to build the Redqueen mutator in AFL++!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Tamas K Lengyel proslijedio/la je Tweet
Just a Reminder! Tickets for the inaugural BSides Boulder go on sale FEB1 @ 9:00am ... There are 3 waves (Feb 1, Feb 15, Feb 29). See you there.https://www.eventbrite.com/e/bsidesboulder-2020-tickets-91076539381?aff=ebdssbdestsearch …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Tamas K Lengyel proslijedio/la je Tweet
CanSecWest is offering a free training and conference admission to the top 4 talk submissions from someone 25 or younger! All qualifying submissions also get a 10% discount on conference ticket. That’s basically a $5000 USD grant to the top 4 submissions. Please share!https://twitter.com/dragosr/status/1222642402738888704 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Lot's of cool stuff being planned for Bareflank 3.0! Worth checking out!https://twitter.com/rianpquinn/status/1222545761813942274 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Tamas K Lengyel proslijedio/la je Tweet
1\ Surprisingly, you could build a very mediocre PE malware detector with a single PE feature: the PE compile timestamp. In fact, I built a little random forest detector that uses only the timestamp as its feature that gets 62% detection on previously unseen malware at a 1% FPR.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Tamas K Lengyel proslijedio/la je Tweet
Windows kernel now relies on Virtualization-based Security (VBS) to securely insert dynamic trace points into kernel code. By relying on VBS, we can now safely and securely insert dynamic tracepoints in the kernel without disabling PatchGuardhttps://twitter.com/TheRealHariP/status/1221885616691900417 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Seriously, how much more convoluted can Microsoft make syscall handling??pic.twitter.com/COi3zaKXSI
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Now to actually calculate the final syscall address from the SSDT: syscall = SSDT base + offset - 0x10000000 syscall += *(uint32_t*)(SSDT base + offset - 0x10000000 + 3) + 7
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
At least the debug data has a hint that such a stub exists. So if anyone wonders what "linkage_name" means for an address in the Volatility/Rekall json profile, now you know.pic.twitter.com/YPrRo2EXhg
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
So what happens is that the address the SSDT points to is just a stub. It's responsible for loading the actual syscall address to r10. The address of the stub is NOT present in the PDB, only the final address it loads to r10.pic.twitter.com/l5qzNO5tzl
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
To clarify, the offsets are always calculated by taking the 32bit value found in the SSDT and bitshifting it >> 4.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Now on Windows 10 1903 a new set of syscalls appeared in the SSDT with a different discrepancy. The functions are expected to be at an address above the SSDT but the (SSDT base + offset) calculation doesn't match that. All of these functions have an offset like fd78df0, fd79030..
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
It seems the reason for the special handling of these functions is due to them being located at an address lower then the SSDT base address. Normal functions are located at SSDT base + offset found in the SSDT. These functions are at (SSDT base + offset) - 0x10000000
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Tamas K Lengyel proslijedio/la je Tweet
Twitter has a new security feature, if you tweet a password it put asterisks instead. Try it now ******
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.