SapientFlow

@JoelKatz @JedMcCaleb @dark_horse Canton Network’s L1 need-to-know privacy via Daml is a bank magnet and one of a kind, as pitched to the SEC (sec.gov/memo-digital-a…). BIS’s Project Promissa proves it (bis.org/othp93.pdf). Could this steal Ripple/Stellar’s (cross-border payment) pitch? Canton’s private model feels distant from XRPL/Stellar’s public ledgers. Any bridges linking Daml’s smart contracts to XRP/XLM’s token systems? Private XRPLs or Stellar anchors might offer privacy—how do they compare to Canton’s bank-ready setup? Digital Asset's Canton Network satisfies banks’ privacy needs for sensitive financial products like no other. XRPL/Stellar lead in retail speed & liquidity, and their open ecosystems resonate with crypto’s inclusive roots, while Canton excludes retail users. Can synergies blend these worlds?

Why the debate between @vincent_vancode and @SMQKEDQG ? Let’s clarify what you’re really arguing about. RippleNet is ISO 20022 compliant, and its preferred blockchain for transaction settlement is the XRPL, which uses XRP as its native token for gas fees. However, as Vincent points out, no blockchain — nor any token — sends ISO 20022 messages directly over the chain. This is why Vincent refers to tokens like XRP as "non-compliant" in the context of ISO 20022 messaging. Instead, RippleNet (and other ISO 20022 "compliant" systems) relies on an off-chain private network to handle this messaging standard. Here’s how it works: Bank A sends an API request with ISO 20022-formatted data to RippleNet. RippleNet then determines the most efficient way to route the transaction. It might use traditional financial rails (TradFi) for fiat-based exchanges, or it could leverage a blockchain—not necessarily the XRPL—depending on the best path for settlement. When RippleNet opts for On-Demand Liquidity (ODL) and its optimized chain, the XRPL, it initiates a transaction from Bank A’s wallet to the destination wallet on the XRPL. This transaction contains no ISO 20022 messaging — it’s in JSON, the XRPL’s native format. However, RippleNet may include a unique identifier in the transaction’s Memos field (e.g., the ISO 20022 EndToEndId) to enable off-chain correlation. Once the XRPL transaction is complete, RippleNet retrieves the transaction ID (e.g., TX1234567890) and correlates it with the original ISO 20022 message using the stored MsgId and EndToEndId. RippleNet then generates an ISO 20022 confirmation message (e.g., in pain.002 format) and sends it to Bank B, ensuring the bank can match the transaction to its original request. This off-chain correlation ensures seamless communication between the blockchain and traditional financial systems, bridging the gap between the two worlds. To put it differently, as of now, ISO20022 messaging only happens at the start and end (off-chain) and there is no ISO messaging on-chain whatsoever. Further, RippleNet can provide a similar "ISO20022 compliance support" for any other chain but it needs to build the interfaces for that. But it is a service that in principle is blockchain-agnostic. Maybe @JoelKatz can confirm this once and for all (or debate certain points for that matter).

“XRP has nothing to do with messaging” Here are four different documents that confirm RippleNet provides messaging, clearing, and settlement services using XRP for cross-border payments.💯 Easy.🥱

@dobinrutis What it does NOT ever do is to allocate novel code space (RX). So we dont need to spoof stacks, do sleep masks, etc. All APIs are called with existing functionality allocating space for arguments and structures. Suspicious behavior except API patterns is quite low imo.

@dobinrutis Can you be a bit more specific in what you mean by "generic DLL caller" ? :) I personally think that anything in the implant can be mangled by good margin each time. it is just a matter of writing clever code that changes every time.

My first ever blog post is out: @sapientflow/finding-pastures-new-an-alternate-approach-for-implant-design-644611c526ca" target="_blank" rel="nofollow noopener">medium.com/@sapientflow/f… Happy for any constructive criticism or anyone that just wants to engage on the topic.

@GabrielLandau what's the cheapest option for me to test my implants against Elastic Endpoint detection ? I might just be stupid but as far as I am aware, I can't just buy that for a single host for testing.

@zodiacon Well deserved :)

It's nice to be recognized... let's see if this brings more clients thetop100magazine.com/pavel-yosifovi… 😇

@0x64616e @C5pider Thanks - I will look into this as soon as I find more time

@sapientflow @C5pider Yes, that's a weak point. But it could be addressed with virtualization. For example a RISC-V VM without address translation like github.com/thesecretclub/… The only disadvantage of the railgun idea is the open connection to the C2 for the runtime of the payload.

Thanks for sharing. Basically rewrote a large part of my private agent to adapt this and it works wonderful. No more memory toggling. Every function now takes a KnSelf as a first param which is the instance passed. For function like beacon api can use a macro that gets it.

@0x64616e @C5pider I might have tried this but felt that just passing in parameters to image-backed existing functionality was superior. Your code/implant does not really change then. If I missed something big here, tell me 😬

@0x64616e @C5pider I roughly thought about this before I started out with the "railgun"-esque way. But - to my understanding - your approach would require dynamic code allocation in some manner, no ?

@0x64616e This look very cool !

Cool use case for NTLM relay from SO-CON 2024. github.com/SpecterOps/pre…

@hasherezade - Thanks a lot for the repost ! :) Your wisdom would come quite in handy here - major pros and cons for OPSEC ?

@techspence I should recap my old Red Teaming notes, but I definetely have to freshen up on the latest Azure attack methodologies as well. OST2 has some very cool low level Windows internals courses 🧐 ML ? More custom tooling ! Got a bit rusty in web apps, should watch more James kettle 🫥

Feeling burnt out? First of all, don’t beat yourself up about it. Second of all, take a look internally and ask yourself if you truly love and enjoy what you’re doing….. Cybersecurity is a very popular field right now and understandably many flock to this industry because of high salaries 💰, but they may not truly enjoy the work. Maybe you’re burnt out because you don’t really enjoy the work that much. 🤔 That’s totally ok! Just be honest with yourself. 🙏 Instead look for the things to do enjoy in the work and try to do more of that.

@matterpreter @nostarch An absolute beauty of a book. WOW ❤️

I've long been interested in how EDRs work under the hood and how we can apply a more evidence-based approach to evasion. I'm happy to announce that I've written a book covering these topics with @nostarch which is now available for preorder 🎉 nostarch.com/book-edr

@vxunderground @necrosynthetik If two people would hack your brain, would that be considered a multiple personality disorder ?

@necrosynthetik STAY OUT OF MY BRAIN

Yesterday Neuralink unveiled it's first patient. It is a quadriplegic individual who states he can play Chess using his brain.

@shubakki Very cool ! I enjoyed reading it a lot. Also kind of jealous of your neat css/website design 👏

first chapter of two, stay tuned 🤠 sillywa.re/posts/flower-d…

@GabrielLandau Could re-use the meme to show my reaction when realizing you have actually read my post 🤧

> these new fancy EDRs — mostly working with kernel-side capabilities

@s4ntiago_p Thanks man ! But surely not so ingenious programmer haha. There's quite some cleanup to do - professional programmer would not be thrilled ;) Trying to improve on that but it is hard, if you never learned that during your studies. Why did I have to study electric engineering ?🙄

@sapientflow A very ingenious approach man! I hope we get to see some code at some point 😜

@Octoberfest73 Thank you ! You are probably one of my favorite posters to this topic because you question it the most. This ultimately hightlights the flaws of it all. It's not all sunshine and rainbows :)

@sapientflow I should clarify, its still cool research and the right kind of outside-the-box thinking, congratulations on the first blog post 🙂

@conduit0x00 @Octoberfest73 @0xTriboulet That's a good point. The communication channel also would have to be quite well designed. Running loops for scripts individually and sending them back in a dump way would not be clever - this should entail API-blocks for code logic like that.

@Octoberfest73 @sapientflow @0xTriboulet Other points aside, there is probably some value in keeping logic off target and streaming calls. It’d make it a lot harder to follow/reverse unless you captured a session (probably a marginal benefit over BOF). That said, trading time in target memory for noise on the wire.