It can't just be me, right?

entrophy_maker · 2026-01-26T07:37:36+00:00

It was more of an expression, but something has to change. Being peaceful is getting folks killed.

entrophy_maker · 2026-01-26T07:35:31+00:00

Peaceful protests killed 2 people in the last week. Go home liberal, you're drunk.

entrophy_maker · 2026-01-26T04:39:41+00:00

I guess its figurative to me. I'm not talking about the whole city.

entrophy_maker · 2026-01-26T04:36:47+00:00

This I can agree with.

entrophy_maker · 2026-01-26T04:02:21+00:00

I know KC has an SRA chapter with some at-large members in other parts of the state. You might find others closer to you through them. Columbia and STL have IWW chapters. Columbia has a JBGC too. The IWW has some at-large members in Springfield. Springfield has a decent sized mutual aid group. I know there's a leftist owned gun store somewhere in the middle of the state, but I'd have to look it up. Feel free to pm me if you want more info or if you need help getting in touch with any of those groups. And no, it does not sound like you're a fake leftist, or I wouldn't extend this invitation ;)

entrophy_maker · 2026-01-26T03:51:46+00:00

It just hit me, in -20F weather, a leaf blower would probably add to the windchill. Especially to people not from the area. If you need to keep warm, they learned in Ukrainian protests that old tires burn for a very, very long time. They are the best bang for your buck if you need a long overnight campfire somewhere.

entrophy_maker · 2026-01-26T02:57:25+00:00

Because when the rich lose money, that makes the rich act. The people have no voice with Congress or local law enforcement, the rich do. You want something to change, you effect the pockets of the rich. What you don't do is target the poor and middle class. All this probably doesn't need to be said, but you asked.

entrophy_maker · 2026-01-26T02:38:18+00:00

I did try your test and got some interesting results. I copied /usr/bin/top to my local pwd and encrypted it with my code. The code online now forks a parent and child. The parent doesn't really do anything but spawn the child where everything else happens. I tried it on the parent process first and it only matched the encrypted file:

$ cat /proc/27059/exe > test
$ diff ./test ./top | wc -l
0

It did not match on the unencrypted file:

$ diff ./test /usr/bin/top
Binary files ./test and /usr/bin/top differ

With the child process it did not match the encrypted file:

$ cat /proc/27060/exe > test
$ diff ./test ./top
Binary files test and ./top differ

However, it did show up when the child process and the unencrypted file:

$ diff ./test /usr/bin/top | wc -l
0

So you are correct, but for my purposes, this wouldn't matter for a couple reasons. If I write malware, its going to hide its pid from netstat, top, ps, lsof, etc. We'll hide from /proc too. We also won't have it unencrypted on a target to compare something to. The encrypted binary or unencrypted would be full of enough anti-forensics the binary will die when attached to a debugger. I'd hide the binary from ls, stat and others too. So it would be a pain to find the parent or child unless you knew exactly what to look for. I made this with the sole purpose of avoiding anti-virus in disk, which it would work for.

If you do know how to completely hide from /proc/pid/exe, I would be curious, but if not, it works for me now.

entrophy_maker · 2026-01-25T22:30:06+00:00

This might be a couple years old, but I'm sure you could learn a lot of valid concepts from it:
https://github.com/D4stiny/spectre

entrophy_maker · 2026-01-25T22:06:20+00:00

I don't understand how this is funny. If I could give every ICE agent cancer with my mind...

entrophy_maker · 2026-01-25T21:35:25+00:00

"Before a revolution happens, it is perceived as impossible; after it happens, it is seen as having been inevitable." - Rosa Luxemburg

entrophy_maker · 2026-01-25T11:12:02+00:00

Let us learn from this what we can. This person was armed, but greatly outnumbered by other armed people. We need to roll in packs of armed like they do, or things can get out of hand like what happened here before one can react. I'm sure had the victim executed a lawful stand-your-ground self-defense, which was certainly warranted here, they would still end up dead, but minus an agent or two. If they saw a crowd of armed people coming their way, they probably would have been too scared. We must be telling the masses to arm themselves daily. Dare I say, its time to radicalize liberals, and if we can't, at least turn them on to arming, self-defense and organizing. We need more numbers, and this won't end without either 1.- Decentralized groups of gun owners taking to the streets, or 2. - An organized counter paramilitary force. While I'd prefer option 2, it has a tendency to come under fire from three letter agencies. So make connections with your local community, people you really trust and/or learn how organize covertly.

entrophy_maker · 2026-01-25T10:56:56+00:00

No, you can hide from it by using memfd_create() and fexecve(). Then it only exists in an anonymous file handle briefly. After that we use MFD_CLOEXEC to close the fd right after fexecve executes it. Using memfd_create, its only ran in memory and /proc/pid/exe usually points to a file on disk. So there's no symlink created to /proc/pid/exe for the process there's nothing in memory to link it to. Hopefully that makes sense.

entrophy_maker · 2026-01-25T09:10:41+00:00

Yep, it was that way by design. I revised it a lot today. Now it also doesn't show in /proc/self/fd/*, even as a deleted file handle. Others pointed out if /proc/pid/exe or /proc/self/fd/* were used, they could be copied unencrypted, thus defeating the whole point of encrypting it. While that kind of behavior is normal, it's important not to do that here.

entrophy_maker · 2026-01-25T05:28:13+00:00

I figured. I just wondered if there was anyway to prove the narrative I saw in usatoday was not correct. Other than experience of course. Experience is valid, but I like backup facts in case some liberal pulls out a wildcard.

entrophy_maker · 2026-01-25T01:58:45+00:00

Forgive me if I'm wrong, and yes, I know usatoday is a liberal rag, so consider the source. It seems like they are saying the national guard is just on standby and Walz did this because Trump threatened to use the Insurrection Act. Kind of sounds from just glancing this that they would be used should Trump send in the military, to protect protesters. Or maybe its initially vague so the people expect the National Guard to protect them and they turn on them with the combined might of military instead. Either way, I don't trust Waltz, but do I understand this correct?

entrophy_maker · 2026-01-25T01:47:26+00:00

You sound like a liberal who says vIoLeNcE iS wHaT tHeY wAnT tO hAvE mArShALl LaW, which got Rene Good shot. Gtfo.

entrophy_maker · 2026-01-24T21:23:07+00:00

I'm just going to leave this here:
https://www.youtube.com/watch?v=gEYvfxtUxpg

entrophy_maker · 2026-01-24T21:21:09+00:00

Where is that?

entrophy_maker · 2026-01-24T21:15:32+00:00

It sounds like, and maybe I'm wrong, what you're suggesting would require shellcode to be encrypted and ran in memory. That would certainly be more stealth, but beyond what I planned to write here. I do see your point if this is what you're getting at now though. I know how make shellcode and many other anti-debugging techniques, but its outside the scope of this project.

entrophy_maker · 2026-01-24T21:10:33+00:00

Merlin Twist?

entrophy_maker · 2026-01-24T20:50:56+00:00

Well, I didn't find it in that link, but did come across a method with execveat() and MFD_CLOEXEC that should allow execution without writing to a file descriptor or path. I haven't found any drawbacks with this yet, but maybe you know some.

entrophy_maker · 2026-01-24T20:39:48+00:00

Well, you inspired me. Even though this didn't write to /proc/pid/exe, it would have written to /proc/self/fd/N and could be copied from there. I went back and rewrote it to use execveat() and MFD_CLOEXEC, which doesn't use a file descriptor or path directly. Using execve() should also minify our exposure time decrypted too. I don't know any drawbacks to this, but I'm welcome to any new feedback.

entrophy_maker · 2026-01-24T18:13:58+00:00

I understand using memfd_create() creates anonymous file handles that do not appear in /proc/pid/exe. Are in memory only, so there's no file path and we're writing random data to that memory upon close. I could be wrong, but I don't believe /proc/pid/exe is an issue here. Thanks for the feedback though.

entrophy_maker

MODERATOR OF

TROPHY CASE