My favorite windows update was when I was at local Microsoft office on some kind of highschool coding competition hosted by Microsoft, and we had to start 10 minutes late because we were watching the meeting room computer force a restart with Windows update a minute after the introduction presentation started.

I mean, if it’s **just ** a normal screen-sized website, that already makes it a lot easier. Not having to deal with responsiveness bullshit would make webdev a lot better experience. That is assuming “normal screen” means 1920*1080, or whatever is the median screen size.

One important thing about CS was that it’s also marked as a boot-start driver. That flag tells the OS that it can’t boot without it no matter what happens, aside from safe mode, and iirc if your driver doesn’t have that flag, which drivers probably shouldnt have, from how I understand it if such a boot loop would happen due to a faulty non-boot-start driver, the system will recognize that and simply disable it.

What stops you from tampering with the game folder, and changing the function that sends the hash, to send a pre-calculated and valid value, instead of calculating it from real files you are running?

Isn’t that, like, illegal?

• OrangePi with HomeAssistant and PiHole.
• Old gaming PC turned 24/7 server with Jellyfin, V-Rising server
• Hetzner cloud with Matrix server for Messenger and Discord bridging.
• Synology NAS for SMB and sharing stuff with others through Synology Drive, which also serves as a seedbox for Redacted.ch, with Headphones and Transmission.

I might be wrong, but from how I understand it it probably wouldn’t help. Kernel drivers have a rigorous QA and cert by Microsoft if you want to get them signed, which is a process that may take a long time - longer than you can afford when pushing updates to AV/EDR to catch emerging threats. What Crowdstrike does to bypass this requirement is that the CS Falcon is just an engine, that loads, interprets and executes code from definition files. The kernel driver code then doesn’t need to change, so no need for new MS cert, and they can just push new definition files. So, they kind of have to deal with unsafe in this case, since you are executing a new code.

I’m not. I vaguely remember seeing it in some posts and comments, and it would explain it pretty well, so I kind of took it as a likely outcome. In hindsight, You are right, I shouldnt have been spreading hearsay. Thanks for the wakeup call, honestly!

We found a RCE on a server during pentest. In KOBOL.

Learning how to make a reverse shell in KOBOL was pretty unique experience. Thankfully, we found another path to DA ajd didn’t have to continue, but maan, learning KOBOL, especially of your use-case is niche, is borderline esoteric.

I see a lot of hate ITT on kernel-level EDRs, which I wouldn’t say they deserve. Sure, for your own use, an AV is sufficient and you don’t need an EDR, but they make a world of difference. I work in cybersecurity doing Red Teamings, so my job is mostly about bypassing such solutions and making malware/actions within the network that avoids being detected by it as much as possible, and ever since EDRs started getting popular, my job got several leagues harder.

The advantage of EDRs in comparison to AVs is that they can catch 0-days. AV will just look for signatures, a known pieces or snippets of malware code. EDR, on the other hand, looks for sequences of actions a process does, by scanning memory, logs and hooking syscalls. So, if for example you would make an entirely custom program that allocates memory as Read-Write-Execute, then load a crypto dll, unencrypt something into such memory, and then call a thread spawn syscall to spawn a thread on another process that runs it, and EDR would correlate such actions and get suspicious, while for regular AV, the code would probably look ok. Some EDRs even watch network packets and can catch suspicious communication, such as port scanning, large data extraction, or C2 communication.

Sure, in an ideal world, you would have users that never run malware, and network that is impenetrable. But you still get at avarage few % of people running random binaries that came from phishing attempts, or around 50% people that fall for vishing attacks in your company. Having an EDR increases your chances to avoid such attack almost exponentionally, and I would say that the advantage it gives to EDRs that they are kernel-level is well worth it.

I’m not defending CrowdStrike, they did mess up to the point where I bet that the amount of damages they caused worldwide is nowhere near the amount damages all cyberattacks they prevented would cause in total. But hating on kernel-level EDRs in general isn’t warranted here.

Kernel-level anti-cheat, on the other hand, can go burn in hell, and I hope that something similar will eventually happen with one of them. Fuck kernel level anti-cheats.

Why does this need to be installed here when previously agentless technologies was sufficient

As someone who works in offensive Cybersecurity doing Red Teamings, where most of my job is to bypass and evade such solutions, I can say that bypassing agent less technologies is so much easier than agented ones. While you can access most of the logs remotely, having an agent helps you extremely with catching 0-day malware, since you can scan memory (that one is a bitch to bypass and usually how we get caught), or hook syscalls which you can then correlate.

Oh, an unknown unsigned process just called RWX memory allocation, loaded a crypto binary, and spawned a thread in another process that’s trying to execute it? Better scan that memory and see what it’s up to. That is something you cannot do remotely.

From what I’ve heard, didn’t the issue happen not solely because of CS driver, but because of a MS update that was rolled out at the same time, and the changes the update made caused the CS driver to go haywire? If that’s the case, there’s not much MS or CS could have done to test it beforehand, especially if both updates rolled out at around the same time.

From what I’ve heard and to play a devil’s advocate, it coincidented with Microsoft pushing out a security update at basically the same time, that caused the issue. So it’s possible that they didn’t have a way how to test it properly, because they didn’t have the update at hand before it rolled out. So, the fault wasn’t only in a bug in the CS driver, but in the driver interaction with the new win update - which they didn’t have.

I wouldn’t call Crowdstrike a corporate spyware garbage. I work as a Red Teamer in cybersecurity, and EDRs are bane of my existence - they are useful, and pretty good at what they do. In the last few years, I’m struggling more and more to with engagements we do, because EDRs just get in the way and catch a lot of what would pass undetected a month ago. Staying on top of them with our tooling is getting more and more difficult, and I would call that a good thing.

I’ve recently tested a company without EDR, and boy was it a treat. Not defending Crowdstrike, to call that a major fuckup is great understatement, but calling it “corporate spyware garbage” feels a little bit unfair - EDRs do make a difference, and this wasn’t an issue with their product in itself, but with irresponsibility of their patch management.

Is there any good interactive VIM/Helix tutorial/practice tool? I imagine something like hotkey trainers for Starcraft, or keyboard typing trainers. It gives you a task, and measures time how fast it takes you to do it, giving you hints about best keybindings in the process. I did find https://www.openvim.com/ , which is great to learn what options there are, but I’m missing the trainer part of it giving you tasks and scoring you on them, that you can drill in to learn it quicker.

Also, it’s missing macros and some of the more advanced stuff, which would also be great if included.

I still use Parsec for remote, and I don’t have any issue with it, it works great and I like it. However, they also did offer a free SDK (Unity plugin) to integrate remote play into your game natively (just like you can have “Invite to Steam Remote Play” button from Steam SDK), which was exactly what we needed - and Steam Remote was never working without issues for us, in comparison to Parsec which worked amazingly well every time we tried it.

I found numerous mentions of Parsec SDK and how easy it is to integrate, but after Unity bought it, I couldn’t find it anywhere. Only mention was that if you need it, you should contact them.

So I did that, mentioning that we are a small team of students working on a offline co-op only 2 player game in our free time, and that since Steam Remote wasn’t working for us and I have great experience with Parsec, I asked what we have to do to get access to the SDK/Unity plugin.

Unity’s answer? Sure, no problem, they will be happy to give us access, with first step being that we pay them 1 000 000$ for it.

Like, wtf? Did they even read the email? How out of touch you have to be, to casually ask a small student team to pay 1 000 000$?

If you have a desktop at home, what was working super well for me was to just get a cheap laptop, and figure out Wake on Lan through RPI. When I needed to do anything that demanded more than running a simple text editor from my laptop, I just WoL my desktop and connected using Parsec. I never ran into issues, but it depends on WiFi you have (or having an unlimited mobile data plan, which I also have).

I could play any game through Parsec without any issues, and when they asked us to work in Unreal Engine, I was one of the only ones actually being able to run it without major stuttering and such a long loading times.

My best VCS experience so far was when working with Plastic SCM. I like how it can track merges, the code review workflow is also nice, and in general it was pretty nice to work with.

Fuck Unity, who paywalled it into unusability, though. Another amazing project that was bought and killed by absurd monetization by Unity, same as Parsec.

While I’m not using it, since we started our small-team hobby project in git and moving away from it would be a bother, there is one use-case of SVN that would save us a lot of headaches.

SVN being centralized means you can lock files. Merging Unity scenes together is really pain, the tooling mostly doesn’t work properly and you have no way how to quickly check that nothing was lost. Usually, with several people working on a scene, it resulted in us having to decide whose work we will scratch and he will do it again, because merging it wouldn’t work properly and you end up in a situation where two people each did hundreds or thousands of changes to a scene, you know that the Unity mergetool is wonky at best, and checking that all of those changes merged properly would take longer and be more error prone than simply copying one persons work over the other.

We resorted to simply asking in chat if anyone has any uncommited work, but with SVN (or any other centralized VSC, I suppose) we wouldn’t have to bother with that - you simply lock the scene file and be safe.

On the other hand, git has major issues with binary content, such as when making games. I know there is Plastic, which has some cool features, especially in regards to merging, but when Unity bought it, it got stuck in unreasonable overpriced proprietary licensing hell. Is there some kind of FOSS VCS that solves similar issues?