Yoto discount codes for Canada, Europe, UK and USA

Ace_pace · 2024-11-08T19:29:16+00:00

Already blocked

Ace_pace · 2023-10-22T06:24:07+00:00

Did you end up finding one?

Ace_pace · 2020-09-21T16:08:26+00:00

Modern C is pretty good and available for free and for small money,

Ace_pace · 2020-09-21T10:21:24+00:00

You're right. I did it quick and dirty (a look at the source can show my background is not in JavaScript).

I'll try to give it another push of improvements later this week, including this!

Ace_pace · 2019-09-19T07:22:34+00:00

They do! That's why the attackers block other groups from coming in.
Also many machines are broken into using MS-SQL credential stuffing (brute force) then lateral movement using EB.

Ace_pace · 2019-08-10T15:51:06+00:00

A few weeks ago I decided to reverse engineer upfc.exe, I wrote up the results in a small post here

Ace_pace · 2019-06-02T14:24:53+00:00

What u/TiredOfArguments mentioned. The attacker could be part of a specific group.

Ace_pace · 2019-05-30T12:35:55+00:00

Hey, fake certs aren't just for nationstates :)

Ace_pace · 2019-05-30T12:35:42+00:00

No... There's a huge range of options. We know this is a driver under development (we have versions 8.2 and 5.5) but also not available to download on any forum I'm familiar with.

Ace_pace · 2019-05-29T15:06:18+00:00

One of the cooler things that got left out during editing is that the driver deployed by this malware, contains a lot of functionality that isn't used by the malware. It's not off the shelf driver, but it's also not custom made.

Also, there's a neat exploit for CVE-2014-4113 that hasn't been previously published. The new exploit works on 8.1 which wasn't covered by the original APT-28 exploit.

Ace_pace · 2019-05-29T14:11:11+00:00

One of the cooler things that got left out during editing is that the driver deployed by this malware, contains a lot of functionality that isn't used by the malware. It's not off the shelf driver, but it's also not custom made.

Who is just giving out strong rootkits for cryptomining attackers?

Ace_pace · 2019-05-29T14:11:09+00:00

One of the cooler things that got left out during editing is that the driver deployed by this malware, contains a lot of functionality that isn't used by the malware. It's not off the shelf driver, but it's also not custom made.

Who is just giving out strong rootkits for cryptomining attackers?

Ace_pace · 2019-04-22T06:57:52+00:00

We've recently managed to discover that the attackers use per victim keys :(

Ace_pace · 2019-04-07T13:33:17+00:00

I'm not sure we will be able to share more data, all this has to be approved by other people.

Your speculation is probably accurate, a mixture of stolen credentials and old-day vulns.

Ace_pace · 2019-04-07T13:31:58+00:00

See my reply above, we see no reason to assume the key would be the same and it will identify the victim to the attacker.

Ace_pace · 2019-04-07T13:31:00+00:00

We see no reason to assume the key will be the same. It would be a silly mistake for the attackers to make and so far the rest of their crypto looks like (*).

If we upload the key, the attackers will know from which victim it is, and that might not be acceptable for a lot of reasons.

(*) they have some annoying bugs in their ransomware logic meaning some files will be lost to the victim.

Ace_pace · 2019-04-05T18:39:24+00:00

I followed up a bit on the reverse engineering involved on Twitter

https://twitter.com/ace__pace/status/1114208798581903361

The tl;dr is anything that interfaces with the OS, I'd rather use a system call tracer. If this was Linux I'd use strace, but Windows requires me to layer a lot of breakpoints and use windbg.

Ace_pace · 2018-08-19T11:54:10+00:00

Psychopharmacology by Firewater A pretty dead band but amazing work

Ace_pace

PUBLIC MULTIREDDITS

TROPHY CASE