If you've ever pulled an old webpage out the Wayback Machine, or made use of their copious collections of old audio, music and film, drop by https://archive.org/ and give them a few $$ during their fundraising drive. Keep the history of the web alive!
So, there's a Chinese botnet package known as "Destroyer" (破坏者).
It, ironically, can itself be destroyed, thanks to a stack buffer overflow.
I wasn't able to get full RCE, but a jump to "call ExitProcess" should be enough, no? It can be triggered directly after "start DDoS", for even more lulz.
Here's the exploit: https://gist.github.com/Wack0/d0aa7f56d5d044fb918056207d2149b1
And here's a bot sample hash: b17535de8061dce3d6630e92d601ebe1ebac44ed52b3a04a8bb72f6661f23d44
Let's #destroythedestroyer :)
spent my day testing for RCEs in my work stuff, and had a couple of colleagues get completely confused over how i was using reverse shells to figure out when a command actually fired, so i wrote an introductory guide https://incognitjoe.github.io/reverse-shells-for-dummies.html
Brilliant <thing on other network we don't talk about> by @Mudge:
"This is a brilliant tactic. There are so many others like this because the AV community keeps thinking this is a one-move game... Kudos!"
That definition of the strategy of the AV community is absolutely perfect. Depth: zero.
Twitter sued Customs and Border Protection for trying to unmask one of their pseudonymous alt agency accounts. Within 24 hours of Twitter filing the lawsuit, the government withdrew its subpoena. What happened here?
https://mastodon.social/media/xH9DRSbd8bAOwNLIXHM this is the collection so far. Each of them is a memento. Each of them holds a memory.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!