Notes

IDA Pro tips

Friendly reminder to change

STORE_USER_INFO=YES

STORE_USER_INFO=NO

in your ida.cfg.

CVE-2021-1965 (Qualcomm SnapDragon WiFi Driver RCE)

Zero-Click PoC Trigger for CVE-2021-1965 (Qualcomm SnapDragon WiFi Driver RCE) - git commit

↳ Zero-Click PoC Trigger for CVE-2021-1965

Hackers leak names of 'Freedom Convoy' donors after GiveSendGo breach

Hackers leak names of ‘Freedom Convoy’ donors after GiveSendGo breach.

No, those are not hackers, they’re not even “hackers”, they are politicians. Hackers used to fuck with the government, not do its dirty deeds, but they definitely aren’t the first revolutionaries that morphed into the people they railed against.

US sanctions on Iran denies Iranians access to US websites

Friendly reminder that people in Iran are denied access to many Internet based services like GitHub, GitLab, Oracle/GCP/AWS/Azure services, Cloudflare and other US based services due to US sanctions.

Maybe it’s time to host your website/webservices somewhere else?

An idiot admires complexity, a genius admires simplicity

An idiot admires complexity, a genius admires simplicity, a physicist tries to make it simple, for an idiot anything the more complicated it is the more he will admire it, if you make something so clusterfucked he can’t understand it he’s gonna think you’re a god cause you made it so complicated nobody can understand it. That’s how they write journals in Academics, they try to make it so complicated people think you’re a genius. Terry Davis

Ten years of ThinkPadding

Most of the ThinkPads’ unique features, as I’ve realized upon writing this article, are long gone. The only remaining part of the legendary ThinkPad ergonomics is its TrackPoint. At the same time, the combination of mediocre keyboard layout and just average palmrest make ThinkPads less suitable for comfortable typing sessions anyway, somewhat reducing the real TrackPoint advantage to mere sentiment.

↳ Ten years of ThinkPadding

How to make Homebrew usable

How to make Homebrew usable:

export HOMEBREW_NO_ANALYTICS=1
export HOMEBREW_NO_AUTO_UPDATE=1
export HOMEBREW_NO_EMOJI=1
export HOMEBREW_NO_INSTALL_CLEANUP=1
export HOMEBREW_UPDATE_REPORT_ONLY_INSTALLED=1

Use of Google Analytics and data transfers to the United States

Google Analytics provides statistics on website traffic. After receiving complaints from the NOYB association, the CNIL, in cooperation with its European counterparts, analysed the conditions under which the data collected through this service is transferred to the United States. The CNIL considers that these transfers are illegal and orders a French website manager to comply with the GDPR and, if necessary, to stop using this service under the current conditions.

↳ Use of Google Analytics and data transfers to the United States

OpenStego

Steganography is the science of hiding secret message inside another larger and harmless looking message. This is one notch above regular cryptography; which just obscures the original message. Steganography tries to conceal the fact that there is a message in the first place. Steganographic message often appears to be something else than the original (secret) message, like a picture, sound, larger text, etc.

↳ OpenStego

How we Achieved the Arbitrary [micro]Code Execution inside Intel Atom CPUs

All the modern Intel CPUs have RISC-core inside the chip. The core implements abstraction layer that interprets user-visible instruction set to invisible hardware-internal RISC instructions. RISC core has maximum privileges accessing the data. The microcode program is built into chip, but the OS and UEFI may apply some patches – microcode updates. Unfortunately, they are encrypted and there is poor public information on how it is working. Due to this, there are no public researchers about internal structure of Intel CPU microcode. Now we found the way that you can use to get an access to it on public-available platform. In our talk, we are going to describe the structure of microcode for the Intel Atom platform, how our proof of concept works and hijacking user-visible x86 instruction. We will describe the approach how we did reverse engineering of microcode format and internal microarchitecture of Intel Atom.

↳ How we Achieved the Arbitrary [micro]Code Execution inside Intel Atom CPUs

Bloomberg News accidentally publishes pre-written 'Russia invades Ukraine' story

Bloomberg News accidentally publishes pre-written “Russia invades Ukraine” story

We prepare headlines for many scenarios and the headline “Russia Invades Ukraine” was inadvertently published around 4 p.m. ET today on our website. We deeply regret the error. The headline has been removed and we are investigating the cause.

Right.

Bypassing Little Snitch firewall with empty TCP packets

Little Snitch does not trigger an alert when a TCP connection is established but instead is triggered when application data is sent across the connection. So if you set up a TCP connection and immediately close it, before sending any data across it, an alert will not be triggered by Little Snitch.

You can test this without installing anything on your computer with the nc command.

↳ Little Stitch

Interested in bootkits?

Interested in bootkits? If you want bootkit samples from real attacks, get them here. Be careful if you download anything.

GitHub down again

→ in reply to @note#1638079901

Can you guess if GitHub is down once again? Spoiler: it is.

Malwarebytes Labs mis-attribution to Lazarus Group

Nice Malwarebytes Labs analysis of malware but the attribution to Lazarus Group is wrong:

In this campaign the actor has targeted people that are looking for job opportunities at Lockheed Martin. Targeting the defense industry and specifically Lockheed Martin is a known target for this actor.
Using job opportunities as template is the known method used by Lazarus to target its victims.
Using Frame1_Layout for macro execution and using lesser known API calls for shellcode execution is known to be used by Lazarus.

You can do better than this, Malwarebytes, or should I say Ankur Saini and Hossein Jazi?

I love my bed, my bed loves me

I love my bed, my bed loves me.

God does not exist

God is expressly not a material phenomenon and is thus not dependent on the existence of material reality.

Happiness today

Happiness is used today in the sense of “contentment” or “satisfaction” with regard to a utility function. It stems from cringe-tier utilitarianism of the Englishman.

I got some attention from someone, therefore I am happy.
I got 100 likes on my latest Instagram post, therefore I am happy.

This is not happiness in the philosophical sense of the word, or at least it’s not how non-utilitarians understand it. Because our world is dominated by the US consumerist mindset, their definition of happiness (ie satisfying one’s utilities) has unfortunately become the main definition of happiness.

Illusion only is sacred, truth profane

But certainly for the present age, which prefers the sign to the thing signified, the copy to the original, fancy to reality, the appearance to the essence, change, inasmuch as it does away with illusion, is an absolute annihilation, or at least a reckless profanation for in these days illusion only is sacred, truth profane. Nay, sacredness is held to be enhanced in proportion as truth decreases and illusion increases, so that the highest degree of illusion comes to be the highest degree of sacredness. Ludwig Feuerbach, The Essence of Christianity

The old ones are ignored, the young ones don't want to be irrelevant

The old ones are ignored, the young ones don’t want to be irrelevant.