"Qui est la première dame de la #France ?"
Une des questions imposée par surprise aux sans-papiers à la préfecture des Hauts-de-Seine pour une demande d'Admission Exceptionnelle au Sejour.
Source : Mediapart https://www.mediapart.fr/journal/france/200425/la-prefecture-des-hauts-de-seine-donne-des-interros-surprises-aux-sans-papiers
#WormLocker Returns with New Builds. First detected in 2021, this #ransomware remains active, with new samples recently identified.
With #ANYRUN Sandbox, analysts can trace the full execution chain and uncover #malware behavior without the need for reverse engineering or manual debugging. Let’s see it in action.
Upon execution, WormLocker 2.0 creates worm_tool.sys files in both the Desktop and Downloads folders.
It uses the ‘takeown’ and ‘icacls’ commands to take ownership of system files and modifies their access control lists. Malware then unpacks its resources into the System32 folder.
To disrupt system recovery, it disables Task Manager, deletes hidden files, and terminates the Explorer process. The Shell settings are set to empty, keeping the Explorer disabled even after reboot.
WormLocker 2.0 employs #AES-256 in CBC mode with a fixed salt. The key is generated from the hardcoded static password ‘LUC QPV BTR’ by applying SHA-256.
Entering this key restores system settings and decrypts the affected data.
Finally, the ransomware runs a VBS script to play audio containing its ransom demand.
Analysis session: https://app.any.run/tasks/5a6eb571-5fb2-45cc-b498-6a4ce17fc510/?utm_source=mastodon&utm_medium=post&utm_campaign=wormlocker20&utm_term=170425&utm_content=linktoservice
With ‘LUC QPV BTR’ password entered: https://app.any.run/tasks/5bb3af51-5d60-452d-a0c8-c1ee8593fedd/?utm_source=mastodon&utm_medium=post&utm_campaign=wormlocker20&utm_term=170425&utm_content=linktoservice
Improve your SOC operations with #ANYRUN 
#ExploreWithANYRUN
I hate making posts like this because people get really mad at me when I criticize #AES.
However, refusal to criticize #China means to fall into campism which means to defend one #imperialist camp over another. There's no longer a #socialist camp unfortunately, just competing imperialist camps.
Going to spend the day in a team mixing competition with two of my fellow recent Blackbird Academy grads up against teams from 4 or 5 of the local university and tech school audio programs. Should be fun. I am getting two t-shirts out of this.
Géopolitique 
La Russie renforcera son soutien militaire à l’Alliance des Etats du Sahel
https://www.agenceecofin.com/actualites/0404-127276-la-russie-renforcera-son-soutien-militaire-a-l-alliance-des-etats-du-sahel
#géopolitique #Afrique #Russie #Sahel #AES #militaire #économie #diplomatie #France #USA
Today:
- professional development reading
- building out the home page some more
- dig into #AES documentation standards for mixing
- pre-production for an acoustic set week after next
- pre-production for next #VoidConspiracy project
- practice mixes
Let's see how much of that I actually get to.
https://www.soniccomponents.com/fortigate-900g-dc/
Fortinet FortiGate FG-900G-DC Network Security/Firewall SSL, AES (256-bit), SHA-256, TLS 1.3 - 10000 VPN @fortinet #fortigate #900g #DCpower #networksecurity #firewall #ssl #aes #aes256 #sha256 #tls #10kvpn #forticare #FORTIGUARD @SonicComponents20
Reversing Crypto Functions: AES
A practical walkthrough of reversing AES crypto functions using Ghidra to analyze key scheduling and encryption logic.
https://goggleheadedhacker.com/blog/post/reversing-crypto-functions-aes
I just published two cryptography attacks on Uppy Companion, a tool for downloading/uploading documents from various cloud storage providers.
https://github.com/transloadit/uppy/issues/5705
https://github.com/transloadit/uppy/issues/5706
These attacks allow the recovery of the access tokens/refresh tokens of the various cloud provider, enabling an attacker having access to a stolen encrypted cookie value to get access to the cloud storage.
Once again, people: do not roll your own crypto! 
Using plain AES-CBC, deriving secrets with SHA256 and the sign-then-encrypt paradigm are not best practices.
RUSSIA | 
SAHEL
AES Ministers Head to Moscow
Foreign ministers of Mali, Burkina Faso & Niger to meet Lavrov in Moscow April 3–4.
First AES-Russia talks aim to formalize military & strategic partnership.
Junta-led states expelled Western forces & pivoted to Russia for security.
Sahel faces years-long jihadist insurgency; ties with Moscow seen as counterweight to France.
What’s your average speed? AWAS point-to-point speed camera trial to begin in June #aes #aesmalaysia #automatedawarenesssafetysystem #automatedenforcementsystem #awas #digitallife #jpj #ministryoftransport #mot #news #speedcamera #speedlimit #speedtrap #transport
https://soyacincau.com/2025/03/25/awas-speed-camera-trial-date-route/
So you thought AES-CBC was safe from decrypting? Ask your nearest Padding Oracle for another opinion!
Le #BurkinaFaso, le #Mali, et le #Niger, tous membres de la Confédération des Etats du Sahel (#AES) affirment leur souveraineté en sortant de l'organisation Internationale de la Francophonie (OIF).
Линейный криптоанализ. Как работает современное шифрование. Часть 1/2
В этой статье поговорим о блочном симметричном шифровании, а также способе взлома - линейном криптоанализе. Для исследования реализуем программное обеспечение, наглядно показывающее алгоритм шифрования и его взлом. В качестве изучаемого шифра возьмем сильно упрощенную версию шифра DES и AES. Шифр AES является одним из самых распространённых алгоритмов симметричного шифрования. Любой современный процессор поддерживает аппаратное ускорение алгоритма AES.
Взлом радиошифрования НАТО
Высокочастотное радио (ВЧ) на коротких волнах в диапазоне от 3 до 30 МГц (длина волны от 100 до 10 м, соответственно) применяется армией, агентствами по чрезвычайным ситуациям, промышленными предприятиями и другими, кому необходима высоконадёжная связь на больших расстояниях без какой-либо внешней инфраструктуры. На этих частотах радиосигналы отражаются от электрически заряжённых частиц в верхних слоях атмосферы. В современных условиях такая радиосвязь обычно шифруется. Однако в некоторых системах применяются нестандартные (проприетарные) алгоритмы шифрования, что исторически известно как не самый надёжный вариант. На последней хакерской конференции 38th Chaos Communication Congress (38C3) в Гамбурге представлен доклад с описанием фатальных недостатков в алгоритме шифрования HALFLOOP-24, который используется военными США и НАТО.
