***THREAD***

I’ve been on the phone with colleagues about the hack all morning. None of us can figure out why #CISA chose this particular response to the breach. Couple of things struck us as curious.

The agencies targeted are not responding how you might expect...

Data drop! Some numbers, nuggets and trends for bowl season which I find interesting...

Miami has lost 9 of its last 10 bowl games and is 2-10 ATS in its last 12 bowl games. Oklahoma State has covered each of its last four bowl games, three coming as an underdog.

This is the first time since 2011 Texas is favored in a bowl game...

Wisconsin has won five of their last six bowl games with the only loss in that span a one-point loss to Oregon last year in the Rose Bowl. Each of Wake Forest’s last five bowl games have been one-possession games (6, 3, 3, 8, 6)...

Mike Leach coached teams are 1-9 ATS in their last ten bowl games (4-6 SU). Included in those ten games are four outright losses and a 1-7 ATS mark as a favorite. In the last five years, Leach’s teams have averaged 19.6 PPG in bowl games (28 is the high in that span)...

I was hacking a game and accidentally invented a word for when you think someone is trans and you're proud of them for coming out but then you find out they aren't

someone is excited to watch bill nye in science class

This happens because one of the ways I figure out which memory location needs to be modified is by memory-searching for all occurrences and changing the first letter of them

so like if I know the next line of dialog is "Die"
I change it to "Aie" "Bie" "Cie" "Eie" "Fie"

then I see which one shows up in the game

Wanna disable Defender when enabled Isolated Core and Tamper protection?

Its a bit more trouble- but doable, without ruining Isolated Core/Secureboot etc.

Defenders process will run as a unkillable protected service- so new tricks needed.

Here we go:

Ok- tamper protection is easy, just make .bat - run as adm:
:again
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter\Instances\WdFilter Instance" /v altitude /t REG_SZ /d -1 /f
goto again

Then unload minifilter with process hacker:

The registry key will be changed while the minifilter do not protect it, when tamper protection makes the driver load again it cannot attach to volumes nor protect registry keys.

Removing it will make it recreate, but invalid altitude do the trick

Notice now the service is: Protected light(antimalware)
Now we cant do anything to the service/process- not even see its open handles.

Lets start by elevating to SYSTEM- just launch a command prompt, then close process hacker- and run it again from the command prompt.
Now process hacker runs as SYSTEM

I have been a Substack and Patreon user for a few years now. And though more than one social media giant has, in recent months, expressed the desire to help writers and journalists monetise their audience, there are very good reasons to take these SOPs with a pinch of salt.

Because the reason Patreon and Substack came into existence was not the need for a new business model. It was as a cure for the old business model - an algorithm-driven ad revenue system that powered the attention economy. The attention economy turned audiences into scrollers...

...who were in it for the next viral hit. Quality of information suffered, the nature of discourse suffered, and as a result, democracy itself suffered. Much of this was enabled by the social media giants who are trying to copy the Substack and Patreon model right now in an...

...attempt to "put creators first". But what we must not lose sight of is that the Substack / Patreon model only emerged as a result of the bad practices the social media giants enabled. The algorithm made a toxic internet possible and they were what hit back. Today, multiple...

...podcasting tools video streaming services have donation buttons built in. But it was not always so. I applaud all attempts that anyone makes to help independent media not have to rely on ad money, but I am not going to ever be able to see Facebook's newsletter tool as a...