/tech/ - Technology

Name
Options
Subject	Spoiler Image
Comment
Verification
Flag
File
Embed
Password	(For file deletion.)
What is 6 - 2?

File: 1775885575063.png (730.75 KB, 1228x820, 1775861227071436.png)

Windows Defender Is Being Used to Hack Windows Anonymous 11-04-26 05:32:55 No.33080[Reply]

Windows Defender, the built-in antivirus running on every Windows machine, has a working zero-day exploit with full source code sitting on GitHub. No patch, no CVE, and confirmed working on fully updated Windows 10 and 11. A researcher who says Microsoft went back on their word just handed every attacker paying attention a privilege escalation that takes any low-privileged account straight to NT AUTHORITY\SYSTEM. On Windows Server the result is different but still serious: a standard user ends up with elevated administrator access.

The vulnerability is called BlueHammer. On April 2nd the researcher posted the public disclosure on a personal blog, and on April 3rd the full exploit source code went live on GitHub. Both published under the alias Chaotic Eclipse, also known as Nightmare Eclipse, with a message to Microsoft's Security Response Center that comes down to: I told you this would happen.

Before getting into the technical side, there is a backstory here worth knowing.

In late March, the same researcher opened a blog with a single post explaining that they never wanted to come back to public research. Someone had made an agreement with them and then broke it, knowing exactly what the consequences would be. The post says it left the researcher without a home and with nothing. A week later, BlueHammer went live on GitHub with a message that specifically thanks MSRC leadership for making it necessary. That is not someone annoyed with a slow review process. That is someone with nothing left to lose.

* * * * *

Now to the exploit itself, because this one is genuinely worth understanding.

BlueHammer is not a traditional bug, and it does not need shellcode, memory corruption, or a kernel exploit to work. What it does is chain five completely legitimate Windows components together in a sequence that produces something their designers never intended. Those five components are Windows Defender, Volume Shadow Copy Service, the Cloud Files API, opportunistic locks, and Defender's internal RPC interface. One practical limitation worth knowing: the exploit needs a pending Defender signature update to be available at the time of the attack. Without one in the queue, the chain does not trigger. That makes it less reliable than a push-button exploit, but it does not make it safe to ignore.

Here is how the attack chain works.
Post too long. Click here to view the full text.

2 posts and 2 image replies omitted.

Anonymous 29-04-26 13:38:01 No.33285

>>33280
also if anyone decides to download and test it on a windows VM, please make sure to disable "Automatic Sample Submission" in Windows Defender

Anonymous 29-04-26 13:39:37 No.33286

>>33080
do you have an article I can show to IT? I'm not about to show them a chan post

Anonymous 29-04-26 13:49:11 No.33289

>>33286
No, it's something I just made myself. Please don't show them, I don't want the signatures out in the wild.

Also, I actually have to do a little debugging cause I am adding an AMSI bypass patch

Anonymous 29-04-26 13:53:14 No.33291

>>33080
can you send the github repo OP?

Anonymous 29-04-26 14:49:27 No.33293

File: 1777474167568.zip (22.08 KB, Stager-Rev1-Rev2.zip)

Here is the revised stager. It seems to bypass defender pretty well, but sometimes sometimes it seems to want you to click through a filter to download. I am gonna try some obfuscation techniques and will upload a better version when I get around to it.

File: 1777469651281-0.png (47.81 KB, 863x435, ClipboardImage.png)

File: 1777469651281-1.png (114.91 KB, 340x384, comrade-tux.png)

pen test Anonymous 29-04-26 13:34:12 No.33281[Reply]

Does anyone wanna learn some offensive security and Linux stuff?

Recently, I have been brushing up on my C2 skills and writing some FUD malware for Linux and Windows

Anonymous 29-04-26 13:36:30 No.33283

File: 1777469790796.zip (6.51 KB, win-sliver-stager.zip)

I made a FUD stager the other day using deepseek, and some snippets of code from github shellcode loaders. It's best used with RC4 encrypted Sliver payloads (windows shellcode) over HTTPs. If anyone wants help using it, I'll monitor this thread.

Just substitute your staging URL and RC4 key in the main C file, and cross-compile with MINGW toolchain.

https://sliver.sh/docs?name=Getting+Started

Anonymous 29-04-26 13:37:35 No.33284

>>33283
If anyone decides to download and test it on a windows VM, please make sure to disable "Automatic Sample Submission" in Windows Defender

Anonymous 29-04-26 13:52:27 No.33290

hol up actually, gotta do some debugging to make the newly added AMSI patch work. If you wanna try it as is, just remove the BypassTelemetry from main in stager.c, and compile without the modules. It will still compile and run, and most likely bypass defender.

File: 1775021422641-0.jpg (59.79 KB, 894x684, 61SeZVYhbLL._AC_UF894,1000….jpg)

File: 1775021422641-1.jpg (100.41 KB, 800x680, 6M2A4273-with-OT-Logo-800x….jpg)

How to become a ghost online (HACKER ADVICE!) Anonymous 01-04-26 05:30:23 No.33020[Reply]

Hardware:

* MilkV board with Gentoo Linux
* Modos paper display (e-paper display)
* Keyboardio keyboard and/or Ploopy mouse kit (custom keyboard and mouse)
* Ovrdrive USB with encrypted password manager (KeePassXC, masterpassword.app, or Bitwarden)

Software:

* Gentoo Linux with:
+ Hardened kernel
+ Refusal to install proprietary packages
+ rkhunter (rootkit hunter)
+ iptables (firewall)
+ firejail (application sandboxing)
Post too long. Click here to view the full text.

8 posts omitted.

Anonymous 29-04-26 13:25:08 No.33277

>>33020
gentoo is awesome. are you still itt OP?

for me, it's xen and nftables

Anonymous 29-04-26 13:25:38 No.33278

>>33102
that is why you use a shipping/buying proxy and pay with crypto

Anonymous 29-04-26 13:27:40 No.33279

>>33278
the feds have already de-anonymized crypto transactions and can do stuff like value matching to find you, crypto already makes you niche which is easier to find and using proxies again, just heightens your risk profile.

Be boring, ship to your own address with your own name - it raises less heat.

Anonymous 29-04-26 13:35:49 No.33282

>>33279
that's kinda scary, do you have any articles?

also if you are into the topic of this thread check out the one I just made, I am bored

>>33281

Anonymous 29-04-26 13:41:15 No.33287

>>33282
https://thenextweb.com/news/danish-police-hunt-down-criminals-using-bitcoin#.tnw_9Qrx5Pxy

the process they use is basically creating a database of prices of products sold on the darknet then looking for exact matches in purchases or sales for bitcoins to these values adjusted for inflation. They can do end to end analysis.

How do you stop this? You dont, you stop this by never being known to them in the first place.

File: 1777311039220.png (390.86 KB, 545x699, ClipboardImage.png)

Datura Network Glownonymous 27-04-26 17:30:39 No.33264[Reply]

if you care about privacy you should check this out: https://datura.network/

as you may or may not know, tor is likely a honeypot created and funded by the USA.
this has been written about here: http://opbible7nans45sg33cbyeiwqmlp5fu7lklu6jd6f3mivrjeqadco5yd.onion/opsec/torhoneypot/ or for my clearnet friends: https://bible.beginnerprivacy.com/opsec/torhoneypot/

The datura network is a new darknet that is going to be written in rust. It will be designed in such a way that state-level threats of passive network analysis, active sybil attacks and disruptive DDoS attacks are rendered useless to conduct against it's very design.

it would also be great of you to contribute to the creation of this new darknet if you could <3

Glownonymous 27-04-26 18:54:22 No.33265

>rust
what's the point if i can't even run it on my rpi server?

Anonymous 27-04-26 22:09:22 No.33266

>a new darknet that is going to be written in rust
the memes write themselves

Glownonymous 28-04-26 04:53:39 No.33267

>>33265
>>33266
To be fair, if this does result in a functional spec and only requires a few cryptographic primitives, i might try my hand at a C implementation with NaCl.

File: 1776597502030.png (54.34 KB, 1014x323, vpn.png)

VPN and Piracy Anonymous 19-04-26 11:18:22 No.33124[Reply]

So I just got a copyright complaint from my ISP claiming I was torrenting today. My VPN says I've been covered for the last 34 hours straight. Also, I didn't even use BitTorrent today.
But when I went to delete some TV episodes I'd watched it said 'cannot delete because this file is currently active in BitTorrent'.
So I can't trust BitTorrent to close when I close it? And I can't trust my VPN either?

The last time I got one of these warnings prompted me to get the VPN so this wouldn't happen again.

My wi-fi stopped working but my ethernet was fine. I called them up and they made me listen to a reading of the email threat and then turned my wi-fi back on. Said repeated violations may lose me my internet access. Yeah right. I pay like $400 a month for the premium cable bundle (which is why I don't sub to every fucking streaming service and I pirate from time to time).

So does this make sense to anyone? VPN was never down and I didn't torrent anything and then I get another slap on the wrist, sit in the corner warning. Do I need to activate that killswitch thing? Because VPNs can kind of make the internet a bitch now and then. They want me to sign in to use youtube. I actually have to turn my VPN off just to post this message. And then the changing of IPs fucks with my use of other sites.
But what use is a VPN if my ISP still finds out I'm torrenting? And why is bittorrent connecting on its own when it's set not to?

Any opinions appreciated. And I already have Soulseek but it's hit or miss with a lot of stuff.

1 post omitted.

Anonymous 19-04-26 12:42:05 No.33126

>>33125
Hey, thanks. I'm going to unplug from the internet before even opening bittorrent again to mess with it.

Glownonymous 19-04-26 12:44:08 No.33127

>>33124
>they made me listen to a reading of the email threat and then turned my wi-fi back on
bleak

Glownonymous 22-04-26 20:08:12 No.33166

helpful link cus u sound like a beginner:
https://fmhy.net/beginners-guide#torrenting

Anonymous 23-04-26 02:54:47 No.33168

you have to bind to the VPN network interface because DHT is really chatty and even if the VPN drops for 1 second it's enough to cause like 20 minutes of DHT traffic and peer discovery to spam you. Soulseek is good you can check out lucida.su as well.

Anonymous 25-04-26 19:12:58 No.33252

I've set up my torrent client and vpn client inside containers and the torrent depends on the vpn so if the vpn doesnt start my torrent client also wont start

File: 1775371838826-0.png (761.73 KB, 1465x1437, ClipboardImage.png)

File: 1775371838826-1.png (932.39 KB, 1749x1393, ClipboardImage.png)

File: 1775371838826-2.png (184.17 KB, 2577x661, ClipboardImage.png)

File: 1775371838826-3.png (280.18 KB, 2057x1549, ClipboardImage.png)

File: 1775371838826-4.png (204.97 KB, 480x360, ClipboardImage.png)

Anonymous 05-04-26 06:50:41 No.33058[Reply]

They just pushed an update to ChatGPT that makes it randomly respond in Hindi.

https://www.reuters.com/legal/government/judge-now-dismisses-lawsuit-by-sam-altmans-sister-accusing-openai-ceo-sexual-2026-03-20/

2 posts omitted.

Anonymous 11-04-26 17:12:51 No.33087

That's hilarious.

Anonymous 20-04-26 16:17:48 No.33134

I'll never understand why AI companies train on user conversations. Most users are retarded.

Anonymous 23-04-26 17:54:23 No.33216

>>33134
>I'll never understand why AI companies train on user conversations. Most users are retarded.
yes. also…

chatgpt is making people stupider but only because most people are stupid in the first place

they ask the chatbot a naive and poorly typed question because they don't know how to ask good questions or how to word things properly

and they ask it about a domain with which they have no familiarity or knowledge, so they don't bother to read or understand the answer

then they take that answer and copy paste it to other people who also don't read it

as always people confuse the misuse of a technology for it being useless. even when you point this out, people will say it's useless because it wastes energy. but people also waste energy, and you can run these LLM models locally without using data centers in a house that is solar powered… yet almost nobody does…

the real use for these things is as a springboard for further research, just like wikipedia or google, but with less having to schizophrenically jump between several pages, because what it is really doing is collating information from all over the web in one place for you. it's your job to hunt down the research papers the info is originally taken from and actually read them and make sure they had good methodology. but nobody wants to do that because it's a lot of work. people think tech is supposed to make them not work at all when really it's supposed to make them work faster.

Anonymous 23-04-26 18:01:34 No.33220

training set is poo

Anonymous 24-04-26 21:01:11 No.33238

>>33134
That actually sounds like a great reason to train on user conversations.

File: 1776541939353.jpg (158.95 KB, 1280x720, Pixabay-geralt-5194815-und….jpg)

Anonymous 18-04-26 19:52:19 No.33117[Reply]

ok, so I looked at this thread https://www.reddit.com/r/privacy/comments/1soq24c/parent_decide_act_you_think_using_linux_will_save/ and the internet crackdown is real, and I very often read that Linux is supposed to be the way out in the coming future of a totalitarian internet. but I wonder, how exactly is Linux supposed to be the rescue? what use is a free OS to me if the internet is a total prison? what use is the darknet or any “alternatives” like Mastodon, Gopher or whatever if there’s no interesting/high-quality content there anyway? at first I was worried about the internet crackdown too, but what would be so bad about it? the Chinese are managing it fine. they don’t have these silly discussions about Linux, Tor, GrapheneOS and all that nonsense. they are completeky happy with wechat, douiyn and other corpo shit. so what exactly is being lost?

1 post omitted.

Anonymous 18-04-26 20:30:03 No.33119

>>33118
the difference is that China and Korea have communist parties ruling them and you do not

Anonymous 18-04-26 20:31:35 No.33120

Honestly people would generally be content with a completely controlled life if it meant a life with decent shelter, sustenance and companionship. That's mostly what people need anyways. I also don't think most people would be against things like arranged marriages if it most contentment and stability. I know I probably wouldn't. Most people don't really have much control over their lives nor do they really want to. It's too much work

Glownonymous 18-04-26 20:42:12 No.33121

>the internet crackdown is real, and I very often read that Linux is supposed to be the way out
>the Chinese are managing it fine. they don’t have these silly discussions about Linux, Tor, GrapheneOS and all that nonsense. they are completeky happy with wechat, douiyn and other corpo shit.
Linux is orthogonal to the Internet and privacy question and is actually very useful for China as a basis for their own operating systems so they don't depend on Western operating systems and it's open source so they can modify it at will. Not to mention how useful is Linux as embedded system for various devices.
Linux is also purely practically useful in general outside of political issues simply because of how much you can achieve with that system, it is very pliable.
As for Tor, GrapheneOS and similar stuff - they are useful in the West and Western-aligned countries because there it is in user's interest to escape the state that is currently in the hands of porkies and porky-aligned glowies.
In a socialist country on the other hand they would be only useful for counter-revolutionaries and foreign glowies.
The question is from who you're trying to escape/hide, porky or communist party? In the West porky runs the government, in China it is communist party.
Once a socialist revolution happens in your country Tor and such tools will become useless unless you're a counter-revolutionary. Until then they can be useful to you.

>what use is the darknet or any “alternatives” like Mastodon, Gopher or whatever if there’s no interesting/high-quality content there anyway?
I agree these are not useful in practice currently, merely potentially if things escalate much further forcing many more people to migrate. Pragmatically speaking it is better to use porky monopolies like a parasite that spreads "viruses". Counter-propaganda travels much faster and further on porky controlled platforms simply due to the mass of users.
Like the way Iran has won the propaganda war outside of burgerland because they used burger platforms while Trump has self-isolated himself on his own one-man platform.

Anonymous 18-04-26 21:14:15 No.33122

>>33121
>Tor and such tools will become useless
What about for porn? They usually don't ban just porn studios (based) but also homemade videos and drawings/erotica

Anonymous 19-04-26 14:19:25 No.33128

>>33121
>porky or communist party?

they are both the same.

File: 1774152954346.webp (28.65 KB, 1200x600, IMG_1228.webp)

Anonymous 22-03-26 04:15:54 No.32919[Reply]

systemd implemented age verification guess that about wraps it up for linux being the free and open operating system LOL

to all systemd apologists: we told you so

48 posts and 8 image replies omitted.

Anonymous 17-04-26 16:56:56 No.33110

>>33109
If it were limited to that, yeah, that's my assessment too; that western tech is shooting themselves in the propaganda machine with this.

However, that this stuff is being extended to operating systems and such too, this could widen the digital divide unless that turns out to not be very enforcable.

Anonymous 17-04-26 19:41:11 No.33111

yeah i dont think its bad its just gonna make a second internet that doesnt suck or have the drawbacks of the darknet

Anonymous 17-04-26 20:01:45 No.33112

>>33110
I mean if it is an open standard it shouldn't

Glownonymous 17-04-26 20:24:44 No.33113

>>33108
It's not yet certain that laws of one country will be applied to citizens of another country where such laws don't exist. They could do this with cookie notices required in EU because it doesn't break websites, but this would break them completely by definition.

>>33109
Western, particularly burger Internet has almost absolute monopoly outside of a few isolated countries like China and Russia. And it encompasses much more than just propaganda, there's a lot of technical and hobby stuff hosted on burger servers. If I want to look at source code or docs or submit a patch to a certain library hosted on a popular git hosting server, then in most cases I have no alternative but to visit to burger servers. Same goes for any other banal and hobby stuff, there's a lot of useful information out there hosted on burger servers. Cloudflare and Google captcha faggotry is already hellish enough.

Anonymous 17-04-26 20:32:20 No.33114

>>33113
>Western, particularly burger Internet has almost absolute monopoly outside of a few isolated countries like China and Russia. And it encompasses much more than just propaganda, there's a lot of technical and hobby stuff hosted on burger servers. If I want to look at source code or docs or submit a patch to a certain library hosted on a popular git hosting server, then in most cases I have no alternative but to visit to burger servers. Same goes for any other banal and hobby stuff, there's a lot of useful information out there hosted on burger servers. Cloudflare and Google captcha faggotry is already hellish enough.
I know, but those will be archived (or not, maybe you shouldn't use discord as a forum) and then moved to alternatives. Like lemmygrad did with the genzedong subreddit

File: 1608526287100.png (32.83 KB, 432x432, 1565502518003.png)

Comrade 21-12-20 04:51:27 No.4951[Reply][Last 50 Posts]

This Thread Has Been Re-appropriated for leftypol.org Usage.

General thread meant for the discussion of the mobile app for browsing leftypol.org, known as clover.

Releases can be found here:
https://github.com/PietroCarrara/Clover/releases/latest

302 posts and 43 image replies omitted.

Anonymous 24-01-25 12:08:08 No.28232

has anyone managed to post threads from phone ? I cant do it from the app the captcha/2 doesnt appear

Anonymous 24-03-25 03:22:22 No.28818

https://x.com/rapidresponse47/status/1898890252032590132?s=46&t=mXwz2oF37MZNIs96lNjC8Q

Anonymous 24-03-25 03:31:04 No.28819

<blockquote class="twitter-tweet" data-dnt="true" align="center"><p lang="qst" dir="ltr">Yes <a href="https://t.co/9EqxS8J4nO">https://t.co/9EqxS8J4nO</a></p>— Elon Musk (@elonmusk) <a href="https://twitter.com/elonmusk/status/1903935258799775749?ref_src=twsrc%5Etfw">March 23, 2025</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>

Anonymous 24-03-25 05:43:05 No.28821

>>28819
Are you trying to post something from xitter? Just take a screenshot.

Anonymous 15-04-26 20:56:10 No.33103

Does it work on android galaxy

File: 1776179272436.png (130.73 KB, 255x255, 1775933227537[1].png)

Communist hidden services? Censored communist (clear)websites? Anon 14-04-26 15:07:52 No.33099[Reply]

What the title says. Apart from leftychan and Marxist Internet Archive, do you know any? I heard from a maoist comrades that there are (news?) websites that they could only access through Tor because they were censored in multiple countries. Do you know any? Thanks in advance

PS: I already found some news/theory magazines that are forced to host a new website every once in a while, so this counts too

Anonymous 14-04-26 15:19:10 No.33100

>>33099
raddle.me and lemmygrad.ml

Delete Post [ File] Password

Reason