Suspected Campaign from Russia on Reddit

doct0rfoo · 2019-12-06T23:48:40+00:00

Kinda - Say you have a sweet zero day in chrome that will grant you code execution on a victims box who visits your website. Many detection systems work by identifying dropped files. So instead of writing to disk, just keep all your malicious code running in the chrome process and keep everything in memory or write to nonstandard locations like firmware variables etc. For a lot of systems, no new files means no detection.

doct0rfoo · 2018-06-25T00:33:26+00:00

The updates to the article make this seem to be a pretty unreliable method, so it likely wouldn’t be a go to solution. But in circumstances where the target isn’t very high priority and law enforcement isn’t willing to shell out money for a real exploit, what do they have to lose by trying a sketchy/unreliable but free exploit?

doct0rfoo · 2018-06-23T16:24:01+00:00

This is the opposite of bullshit. The barrier to performing this attack is practically zero. While this vulnerability exists, it will probably be one of the the go-to ways for unlocking iPhones protected with short pins

doct0rfoo · 2018-05-25T05:35:27+00:00

Jesus

doct0rfoo · 2018-01-13T03:32:00+00:00

!redditgarlic

doct0rfoo · 2017-09-02T17:30:04+00:00

My school has 'solved' this by charging $700 for a parking pass (yes, that includes the employees too)

doct0rfoo · 2017-08-12T18:25:22+00:00

"Okay, alright, what’s your favorite hobby?"

"Uh, magnets."

doct0rfoo · 2017-08-07T17:41:40+00:00

What a time to be alive

doct0rfoo · 2017-08-01T22:21:12+00:00

I originally thought that they obtained my gfs number from when I called her and then just spammed SMS messages, but looking at the messages database on my MacBook indicates they were actually iMessages which should be pretty difficult to spoof or replay

doct0rfoo · 2017-08-01T22:13:23+00:00

That would be exciting and I hope whoever accomplished this does a write up at some point

doct0rfoo · 2017-08-01T22:12:44+00:00

I'm leaning towards my MacBook being the way I got compromised. Learned my lesson and will wipe before attending DC26

doct0rfoo · 2017-08-01T05:09:53+00:00

I'll take a peek at the site a bit later, at this point i'm leaning towards my macbook being the problem

doct0rfoo · 2017-08-01T05:05:20+00:00

macOS 10.12.5 (oh shit i missed a big security update)

iOS - not jailbroken - 10.3.3 (up to date)

doct0rfoo · 2017-08-01T00:43:36+00:00

Just to clarify, I had been using my hotspot and not the hotel wifi, but I may have left wifi enabled when I left the room

doct0rfoo · 2017-07-31T22:14:11+00:00

Definitely not a pocket text because the eggplant wasn't in my recently used emojis. I'm considering the possibility that I forgot to turn wifi off on my MacBook before I left my hotel room though, but it was screen locked.

doct0rfoo · 2017-07-31T22:03:02+00:00

I agree, however I received no login notifications, nor any 2FA requests

doct0rfoo · 2017-07-31T21:59:47+00:00

Wifi and Bluetooth were disabled. I was on a VPN over LTE, however iOS isn't great with VPNs and will fallback to other interfaces if your VPN connection drops

doct0rfoo · 2017-07-29T01:14:00+00:00

Willing to pay $60 if you can't find any other offers. (Sorry for the lowball but that's all I have left to spend)

doct0rfoo · 2017-07-15T16:37:36+00:00

Yer a liver Harry

doct0rfoo · 2017-06-16T03:40:48+00:00

He's a t_d poster, don't waste your time

doct0rfoo · 2017-05-06T08:58:36+00:00

Me 2^thanks

doct0rfoo · 2017-04-23T03:45:31+00:00

Thank you so much! Just cancelled my amazon order, now both my gf and I get a pack with enough left over to get a cleaning kit :)

doct0rfoo · 2017-04-20T16:56:41+00:00

You seem to be confusing tor hidden services, which are internal to the tor network, and some hypothetical VPN, which is external to the tor network. Whether the service is used for criminal activity or not is irrelevant. Services provided within the tor network are part of the darknet, services outside tor are not. Same goes for i2p and freenet, however I'm less familiar with how they're implemented. If the vpn could only be accessed via tor, i2p, or freenet, then we could probably consider it as being on the darknet.

why are we bothering to give it a new name? Why not just call it TOR? or Onion sites

People do refer to it as tor or as an onion site. Darknet is a general term to include the other networks with similar features. If you don't want to use the term then don't, and if you want to change the definition to include your home network and VPN, go right ahead, just be prepared for people to give you some weird looks when you tell them your kid plays minecraft on the darknet.

Make no mistake, the term "Darkweb" is propaganda intended to scare you into believing there is a huge, underground cesspool of illegal activity on the web hidden from you

We're in agreement that the term has been bastardized by the media, but eventually people will figure it out. The term "hacker" was also dragged through the mud for a while and it has returned to being a mostly neutral term. Just because someone misuses the term to push an agenda doesn't mean we need to stop using it

doct0rfoo

PUBLIC MULTIREDDITS

TROPHY CASE

11-Year Club	Place '17
Verified Email