Extencil

> be @github > be acquired by @Microsoft > get annoyed because @ChaoticEclipse0 published 0-days or because @xploitrsturtle2 published github's compromise evidences / proofs that github was successfully breached > start a ban-wave targeting any "hacker related profile" > ban me on Monday around 4am without any notices > let my appeal ticket rot forever under some infinite SLA with zero explanation for the ban > lock me out from updating dozens of open-source repos i contribute to dude, i know i don’t have a profile full of followers, stars, famous projects or hype-driven repos, and i’m still learning so i can publish better work, but what kind of insane policy is this? randomly banning security researchers with no warning, no reason, not even a basic email explaining what happened, just because @msftsecresponse has beef with some other security researcher? are triagers’ egos really that weak? i’ve already seen multiple people on X getting hit by the same thing (like @yebtimothy, @MiroslavSraga, @CollinsCaxton4, @wavey0x and another guy that i forgot his username here on X), so i’m definitely not the only one. now imagine everyone else who doesn’t want to go public and is just taking this garbage silently, GEEZ

Windows LPE -> Priv Util via embeded psexec-> nt-authority\system Eden is a great project which I contributed to made by @marinaiced , using it I managed to escalate from base user permissions to system level.

A collection of THC stuff, curated by @extencil ❤️ Many of these we didn’t know were still floating around 🤙 (github.com/haltman-io/thc…)

damn dude, that’s crazy. it sucks knowing they treat their own customers like this. did you add anyone else as an owner to prevent the org/enterprise from being automatically deleted? i got a kind of "lucky" because i had added some members from haltman.io as owners of the GitHub org too. otherwise we’d be fully locked out. this kind of behavior is honestly scary. if i were an investor, i’d pull my money out just because of the uncertainty they’re creating for their own customers. like, who says they won’t ban the owner accounts of another company next, or the accounts tied to paid services and payment methods?

@extencil @github @Microsoft @ChaoticEclipse0 @xploitrsturtle2 I ´m with you. No response from @github support for my opened tickets. I ´ m copolot and github copilot paid customer without access my company is Microsoft Solutions Partner and even this there is no chance to get support.

> be @github > be acquired by @Microsoft > get annoyed because @ChaoticEclipse0 published 0-days or because @xploitrsturtle2 published github's compromise evidences / proofs that github was successfully breached > start a ban-wave targeting any "hacker related profile" > ban me on Monday around 4am without any notices > let my appeal ticket rot forever under some infinite SLA with zero explanation for the ban > lock me out from updating dozens of open-source repos i contribute to dude, i know i don’t have a profile full of followers, stars, famous projects or hype-driven repos, and i’m still learning so i can publish better work, but what kind of insane policy is this? randomly banning security researchers with no warning, no reason, not even a basic email explaining what happened, just because @msftsecresponse has beef with some other security researcher? are triagers’ egos really that weak? i’ve already seen multiple people on X getting hit by the same thing (like @yebtimothy, @MiroslavSraga, @CollinsCaxton4, @wavey0x and another guy that i forgot his username here on X), so i’m definitely not the only one. now imagine everyone else who doesn’t want to go public and is just taking this garbage silently, GEEZ

THC FUN: Our tmux.conf that we use to upload/download from remote targets (via the terminal/PTY; no new TCP connection): 😜 github.com/hackerschoice/… Try it 👉 Ctrl-b U 👈 No tools installed or needed on the remote target. NO LOGZ == NO CRIME.

@ryan_elfmaster congratulations! =]

Good evening. I am excited to announce that Shiva, Arcana Research's advanced binary patching solution has been competitively assessed by the Defense Advanced Research Projects Agency (DARPA) and has been deemed "awardable" in the Expedited Research Innovation System (ERIS) Marketplace, making it available to view and easily procurable by the Department of War. Shiva: arcana-research.io/shiva Shiva github: github.com/advanced-micro… ERIS program: darpaconnect.us/eris @DARPA #DARPA #ERIS #BinaryPatching #innovation #NationalSecurity

Trend Micro Deep Security Agent Research: Forcing bmhook/tmhook Reloads to Open a Protection Bypass Window Full research: matheuzsecurity.github.io/hacking/trendm… #rootkit #linux #edr #poc

Someone please hire @jonasLyk or throw him some contract work. He’s a very talented security researcher and C/C++ programmer. I’ve chatted with him about his research for years and would easily vouch for his ability to get things done on Windows, Android, etc.

Kernel Rootkit is a new Telegram community for Linux/Windows rootkit research, ring0/ring3, stealth, defense, forensics and reverse engineering. Join us, share knowledge and collaborate. t.me/kernel_rootkit #rootkits #security #windows #linux #cyber #malware #forensics

I analyzed Trend Micro Deep Security Agent for Linux and found that a local event storm can force bmhook/tmhook reload cycles, opening a repeatable temporary protection bypass window. Full write-up: matheuzsecurity.github.io/hacking/trendm… #linux #edr #rootkit #cybersec #security #research

Linux Kaspersky 0day: unloading LKMs directly from userspace. Kaspersky rejected my report, so I'll be publishing the full technical write-up soon #Linux #Kernel #0day #VulnerabilityResearch

Let’s go!!

Reminder that our CFP is still running! 🔥 Including the Rootkit Competition

We're looking for a cover for the next issue of Phrack! Retro sci-fi, terminals, dystopian systems, chrome futures, hacker manuals from an alternate timeline. Make something timeless and strange. Send your work or idea to arts@phrack.org Deadline June 30th

Eu falo isso todos os dias, Bolha dev é altamente tóxica e hostil tanto pra quem tá ingressando na área quanto pra quem já é veterano Enquanto isso na bolha sec a maioria esmagadora das pessoas são gente boa Dificilmente você vai ver uma treta da bolha sec, diferente da dev...

nein papa das ist eine wertanlage vertrau mir eines tages werden wir reich

Phrack wants your art! The theme for this issue is retro sci-fi / old-school cybernetic futures. CRT glow, vector grids, space paranoia, BBS aesthetics, analog cyberpunk, forgotten futures. But we accept all kinds of contributions :) ANSI, illustration, collage, renders, weird experiments. Send it to: arts@phrack.org Deadline June 30th

不升级 -> 0day. 升级 -> 供应链攻击.