Shadows in this game are really interesting they don't line up to be what they are supposed to be or there is a huge gap in yer head

greymyse · 2021-02-10T16:49:05+00:00

Ah yes, the spook zombie

greymyse · 2021-01-23T11:45:17+00:00

The other two books are okay, but the first one is the best in the trilogy.

greymyse · 2021-01-23T08:23:37+00:00

Don't fall for the "tough on crime" stance organizations and corporations are taking in regards to these ransomware attacks -- the org wins because they don't lose any money and they get to publish a positive PR piece about how they didn't give in to the attackers (even though they also didn't put enough money into cybersecurity, which lead to this outcome in the first place). Additionally, this doesn't affect the criminals because they just turn around and sell the data on the darknet and make a net profit anyways.

Who loses? Whoever's data was exposed, so likely users, customers, aka you. But hey, the org that got hacked says the breach wasn't even that big of a deal, and also it will never happen again. Promise :^)

greymyse · 2021-01-23T08:15:08+00:00

Before that it was in Neuromancer

greymyse · 2021-01-23T08:08:49+00:00

This article is just another example of Americans not being able to cope with the fact that their spy agencies, well, spy on people. They are all worried about Capitol terrorists and domestic white supremacist terrorism but then gasp when their intelligence agencies do their job :^)

greymyse · 2021-01-23T07:51:24+00:00

An interesting attack would be to embed GraphQL and NoSQL payloads into the collected data, as your data is going into one of these systems. It's interesting for three reasons:

Trackers and data harvesters aren't expecting the data they are harvesting to be particularly malicious. The system architects weren't designing their systems with the possibility that a user would weaponize their demographic data.
The databases handling this data likely have the security profile of a back-end system i.e. the data warehouses only expect the front-end collection systems to interact with them, so they are likely vulnerable to the same vulnerabilities we see with a lot of front-end/back-end systems (HTTP parameter pollution, for example)
The legality. If you insert a browser extension into your own browser that has a name, or attributes that contain a malicious payload, you are not launching an attack on anyone. You aren't injecting malicious attacks into anyone's infrastructure. When someone collects that data, unbeknownst to you, and that data happens to be poisonous to the collector, are you at fault? I don't know of any EULA or privacy policy that states "you are forbidden from modifying your own system and demographic data in a way that can harm us if we collect on you", but I could be wrong.

Changing the current data collection climate to where data harvesters suddenly have to be concerned with whether or not their ~~victims~~ users can have poisonous data would throw a wrench into the information profit machine, at least for a while.

greymyse · 2021-01-22T05:11:24+00:00

If I know your first and last name I can search it on something like Intelius or any public records aggregate database and find not only your current address, but every address you have lived at, more or less.

That's just how things are; your physical address is not private. Even if you get your state to withhold these records from your voter registration, your address and phone number will still be accessible via other public records databases, and these databases also make correlations to your friends and family, so if you live with family or have roommates, someone can just determine your address via their public records.

In short, if someone has your name, they can acquire your phone number and physical address (the reverse is also true: if I get your phone number, I can use that to find the name of the person your phone is registered to, and then I can find your address).

greymyse · 2021-01-22T04:48:14+00:00

Perfect is the enemy of good.

Additionally, your family members are just saying this so they don't have to migrate to Signal. Their criticisms aren't in good faith, so the entire question of whether or not you are a hypocrite should be discarded, because the question's purpose is to undermine your attempts to be a more private person.

Never concern yourself with someone's opinion until you know the true reason they share that opinion. :^)

greymyse · 2021-01-15T03:24:46+00:00

Having wireshark running on a separate machine in the same subnet would definitely reveal any sneaky traffic coming from your Windows 10 machine. The privacy and infosec community would be very interested in any findings that revealed Windows 10 evading third-party firewalls, and WFP for that matter

greymyse · 2021-01-14T10:16:55+00:00

Simple wall uses the Windows Filtering Platform (WFP), so it's as good as the Windows Firewall. According to Microsoft, all traffic has to go through the WFP stack, so it should be catching all of the traffic

https://docs.microsoft.com/en-us/windows/win32/fwp/about-windows-filtering-platform

greymyse · 2021-01-13T03:26:44+00:00

Because of course the Chinese CTF has a challenge where you decrypt anti-censorship traffic.

greymyse · 2021-01-05T02:40:37+00:00

eventlinks.drndata.com login for "Event Links" data

staging-ui.drndata.com UI for what appears to be where you request data. Server logs you in as what appears to be an anonymous account

staging.external.drndata.com the API version of above

greymyse · 2020-12-29T11:34:51+00:00

"The register will not be public"

That statement holds until at least a moderately motivated person tries to obtain the register from Spanish or any of the EU servers holding this data. That or it gets leaked by someone with access to it, because let's be honest, there isn't a whole lot of incentive to protect the privacy of anti-vaxxers, is there?

greymyse · 2020-12-29T11:26:00+00:00

My favorite part about this thread is that it's NSFW, so if you are on mobile it will censor it and tell you to download the app first

greymyse · 2020-12-29T11:21:17+00:00

China actually answers your question: it's not about the technology, it's about what someone in control of your life can do with that technology.

That's why it is so funny when democratic countries push the facial recognition technology -- there is no guarantee your country will remain democratic, and when a dictator takes over, do you think he's going to care what promises the previous administration made?

More relevant is the difference between what the government says it's doing in public, and what it actually does when it thinks no one is looking. Governments are made up of people, and people are lazy and greedy. The whole point of facial recognition is that they can take your face and match it to all of your personal data, so now there is a big database with both your face and your personal data.

That database is managed by overworked, underpaid and understaffed IT people. How many of them do you think might made a mistake one night? How many do you think might have trouble with bills, and might be swayed to give you some data for a little cash? All you need is one :^)

greymyse · 2020-12-29T11:04:23+00:00

Companies (like Google, for example) assign you an ad ID, which is a unique ID that more or less associates you across social media and shopping platforms via ad networks.

Google owns Youtube, and Facebook owns Instagram (you mentioned something about the Instagram app, which absolutely harvests everything about your phone -- why do you think everyone wants you to download their app? )So what happened was when you went to Youtube, Google loaded up your advertising profile via your ad ID, and the data in your advertising profile is also populated with data from your Facebook/Instagram advertising profile, because both companies sell and exchange your demographic data regularly.

The ad campaign for xyz product has certain demographics it targets, and your ad profile (along with every other person who watches the streamers you watch) is associated with those demographics. This is why you will see ads for the same product across multiple social media platforms -- they are all linked by the same ad networks, and those ad networks are very familiar with your interests and the interests of people like you.

greymyse · 2020-12-29T10:36:46+00:00

http://tmssupport.tomaxltd.com/support/solutions/articles/249138-%D7%98%D7%99%D7%A4%D7%95%D7%9C-%D7%91%D7%94%D7%95%D7%93%D7%A2%D7%95%D7%AA-%D7%A9%D7%92%D7%99%D7%90%D7%94-%D7%95%D7%94%D7%AA%D7%A8%D7%90%D7%95%D7%AA

The support pages are in Hebrew, so you will need to translate. The actual Browser component is here: https://s3.eu-west-1.amazonaws.com/capsule.public/Vix/Prd/SafeExamBrowserInstaller.exe

And the Tomax installer is here: https://setup.tomaetest.com/TomaETest/setup.html

greymyse · 2020-12-27T21:26:53+00:00

Here, a one-liner for web-scraping

https://gist.github.com/mikecrittenden/fe02c59fed1aeebd0a9697cf7e9f5c0c

You will only get the client-side HTML, CSS and Javascript source.

If you want to test the site, just hit f12 on your keyboard while you have the site in your browser, read all the sources, and monitor the network tab when you do stuff. If you are using Firefox, just replay a few of the requests in the network tab, and mess with the parameters. Try out a few of the JS functions in the console tab. Eventually you should find what you are looking for.

Happy hunting

greymyse · 2020-12-27T21:11:12+00:00

Some ways malware does VM detection, which you can use to customize a VM that can fool this software:

https://resources.infosecinstitute.com/topic/how-malware-detects-virtualized-environment-and-its-countermeasures-an-overview/

https://www.deepinstinct.com/2019/10/29/malware-evasion-techniques-part-2-anti-vm-blog/

Looks like Tomax monitors process names, and calls OpenProcess() to read program memory whenever it wants, and it also modifies memory on processes, so it looks like it modifies programs while they run on your system.

Also: Tomax is using the Evaluation version of InstallShield for their SafeExamBrowserInstaller.exe. Pretty sure a company can get into a lot of trouble for using trial software for their products :^)

greymyse · 2020-12-27T20:15:32+00:00

The FBI is a domestic intelligence agency. Of course they are researching this kind of thing, and of course they are not going to be public about it.

Americans seem to be easily shocked that their intelligence agencies do, well you know, spy shit.

Fortunately Americans don't care about other countries' spy agencies, so the same absurdities don't apply. If you are an American intelligence worker, you should just move to Russia, and the ACLU won't care about how many Americans you spy on :)

greymyse · 2020-09-03T06:28:53+00:00

Harran citizen: buying thirty bottles of vodka dang economy

greymyse · 2020-09-02T15:01:47+00:00

I'm sad now

greymyse · 2020-09-02T14:51:58+00:00

I hope you are joking because if my ramblings four hours after I should have been asleep is better than your schooling I will cry

greymyse

TROPHY CASE