Yakov

@sbxpra @VicVijayakumar Um no, the user shouldn't have to be up to date with the news to know when to migrate regions, it's Amazons liability.

@VicVijayakumar OP should have migrated when bombing started happening

😬

@ThatProgrammer @thiojoe Sorry but if there are hash checks then why do you have a fair of infected updates? this is not the first time I've heard people say this and it just sounds like fear mongering.

@thiojoe I know hash checks are likely in place but the idea that a infected update could be downloaded from other devices on the internet makes me fearful of using it.

Ok I slept on this Windows Update feature. I never enabled the "download from other devices on the internet" because of it using upload bandwidth. But I just had an update in a VM slowly trickling to 6% over minutes. Then when I turned it on, it blasted up to 100% in seconds. So if you're trying to install a specific update faster, at least enable it temporarily.

@philviral @vxunderground That's pseudocode (mimicking C, not asm) and that is in IDA Pro.

@vxunderground What software are you using in image one to view the assembly code? Am I correct in assuming that's assembly code? I'm a newb wrt to disassembling binaries but it's something I've always been interested in learning

MalwareBytes has an local database on the machine. It is a SQLite database. It contains settings for various properties such as licensing, malware identified, and known-good and known-bad lists. This is standard anti-malware stuff. The database with "ThankYouForChoosingMalwarebytes" is the less interesting database, as it mostly contains settings (this can still be abused though). Regardless, MalwareBytes does a couple of things with this SQLite stuff MalwareBytes establishes a kernel-mode minifilter (mbam.sys). They setup minifilter callback routines to handle events on the system for process creation, process loading, and registry modification (Image 1) In other words, MalwareBytes is notified immediately when a process is created or an executable image is loaded. When a process is created or an executable image is loaded, MalwareBytes has special functionality to temporarily "pause" execution so it can review it. However, this "pause" happens faster than you or I can blink. Computers are fast. The mbam.sys creates an internal record of all processes running. When a new process is loaded it is added to this internal record. When a program is closed, it is removed from the record. It does this so it doesn't accidentally review or "pause" the same process twice. When a program is added to this list, the kernel-mode component communicates with the user-mode component that then signals and connects to a local SQLite database. The SQLite database then does a lookup to determine if the process "paused" is known or unknown (Image 2) However, it should be noted, Image 2 is not the important SQLite instance I am looking for. This is something else MalwareBytes uses (and communicates to with kernel-mode components). The point still stands. If it is known, it communicates back to the kernel-mode component that is it known. If it known, and known to be malicious, MalwareBytes takes action on the program attempting to run and immediately stops execution. If it is known to be good, MalwareBytes marks it internally as "seen" and keeps it in it's internal record. Image 3 is from the internal database they use. It's fairly large and is mostly settings. I still haven't find where the really nice, big, and important dataset they use is. It requires more poking and more sticks.

@Little_34306 Send me the GitHub when you open source it, thanks!

I'll open source a bot that can decrypt app on iOS 18-26. It supports app > 2GB (by userbot) and only support Vietnam Appstore atm Require 1 device on iOS 14 with trolldecryptjb cli (included later) Tele API for upload is limited so it's a lil bit slow t.me/DecryptAppForM…

@SpinkaMilan @0gtweet No in this case of Samsung magician installer, which is what he's using, is an installer which unpacks itself which means that the unpacked binary which would use the imports aren't called yet because the parent process was doing the check (and it doesn't rely on those DLLs)

@0gtweet I would say that if you see this message box, it's already too late to check for DLL hijacking, which happens at load time... or am I missing something? Or does it check pre-elevation to avoid privileged DLL hijacking?

Wait, what...? 🤔

@rtheoryxyz @abhitwt but where is the in between? I feel like that is lacking..

@abhitwt the nvidia founder/ceo into dishwasher/busboy pipeline is maybe the most real credential flex on the entire platform. this is what "started from the bottom" actually looks like

one if the most goated profile ever

@ElPsyCongrooV @ArtemR They're ogg files. The mp3 files are just a 30 second preview.

@ArtemR In mp3? Hard pass

Holy shit, Anna's Archive scraped almost all of Spotify. 300TB. annas-archive.li/blog/backing-u…

@NeonVintage_arg @XenoPanther The photo is for demonstration :)

@XenoPanther Not a detective but I think it may be copilot

I wish Windows told me which service was using my microphone

@kaustubhowmick @rayman_1337 @ayysoni Modifications to any app would render it with an invalidate certificate. Mentioning they he might have taken some FOSS software may be true but is irrelevant to that post.

@rayman_1337 @ayysoni I doubt he made this app, probably took some FOSS software and bundled his logo and UI, and put a price tag

The internet trained us to think "just upload & convert" is normal. Marksheets. IDs. Salary slips. All going to some server we’ll never see. I still love ilovepdf for what it did. But I’d rather keep sensitive docs on my own machine. So I built filestudio.app last month - 100% offline - PDF + file tools - no accounts, no uploads, no tracking Same workflow. Completely different trust model.

@davepl1968 This isn't Windows. This is your NAS's SMB implementation :)

Score one for Windows today! If you have a ZFS pool that is set up for automatic snapshots, you can go to a file's properties and see the prior versions, restore them and so on, all from your desktop. I can't find a way to surface that feature on a Mac, so I'm guessing it's not possible?

@jerkeyray Without saving, it's :q! (not :q)

obsidian literally asks you if you know how to exit vim before letting you enable vim mode 😭😭

@EvilFuGuru You should upload it to archive.org.

When I got my Xbox One on launch day (Amazon delivery), it had this disk inside of it. I never figured out what it was, but I’m 99.9% sure it wasn’t supposed to be in there🤔

@RileyHellsing @Maytechummia It's fake, notice how the dents only show up a few seconds after the door opens

@Maytechummia Why is the camera moving?

@yarden_shafir What was the 3 lines?

Hours of complex research in the last few days ended up with like… 3 new lines of code. These 3 lines make a big difference. They do something really cool. But this still feels very underwhelming for how cool this research was.

Mention a better alternative to this I’ll wait.

@WhoisPandey @WindowsLatest You can't because as soon as they discontinue an older version, it subsequently gets discontinued on the server-side as well. (specifically by turning off support for their older networking protocol version)

@WindowsLatest I hope someone reverse engineers and disables the update feature so that we can continue using the last version of WhatsApp indefinitely.

Meta has just replaced WhatsApp for Windows 11 with a web wrapper that consumes up to 2GB of RAM (or up to 1 GB when idle). New WhatsApp for Windows 11 is based on WebView2. WhatsApp has been testing its new web-based app for Windows 11 for some time now, and it's rolling out today. WebView2 is based on Chromium, using the same Microsoft Edge (Chromium-based) rendering engine. Do not update WhatsApp in the Microsoft Store.

@WindowsLatest Even if you don't update eventually the version will expire (and it won't take that long) and you won't be able to use it anymore.

@RobertSkvarla @archiveis The owner is already known. Not sure what there's more to uncover. drive.google.com/file/d/1M6PMQr…

It appears the FBI is going after @archiveis

@CryptoCyberia It's already known the owner of archive.is is Denis Petrov drive.google.com/file/d/1M6PMQr…

FBI has subpoenaed the domain registrar of archive.is The won't say what crime is being investigated. Sad :(

@hackerfantastic That's actually pretty funny because I actually have a Chinese VM with all these programs installed on the desktop

Chinese hacker checks if the computer is a real computer not a sandbox by looking for common installed Desktop shortcuts like WeChat and QQ. Neat trick for Chinese specific desktop compromise ;)