BC INTERNET

Saved by @Alex1Powell

Kyle Hanslovan
@KyleHanslovan 5 years, 5 months ago 1480 views

Save to PDF Share See On Twitter

Only 1 / 67 antivirus engines list SUNBURST backdoor as malicious - SolarWinds.Orion.Core.BusinessLayer.dll https://t.co/taaiUtSJzR #SUNBURST #UNC2452

SolarWinds' digital certificate hasn't been revoked yet.

The full compromised package is still being hosted online as well 😓 hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2019.4/2019.4.5220.20574/SolarWinds-Core-v2019.4.5220-Hotfix5.msp

Job class within the backdoored #Sunburst DLL is pretty straight forward and aligns with @FireEye's analysis. CollectSystemDescription:

DeleteFile

DeleteRegistryValue

FileExists

#UNC2452 prefers MD5 for their file hashing routine

#UNC2452's DirList is savvy enough to always expand environment variables. Doesn't appear to have any recursion or depth arguments for DirWalk'ing.

Use of token manipulation was underwhelming. Sets process privilege to SeTakeOwnershipPrivilege, SeRestorePrivilege, and SeShutdownPrivilege.

Domain1 = https://t.co/BGPAyeprMm
(just like the report said). Thus far all analysis has held up (no real surprise there).

One of the anomalous #SUNBURST DLLs from October 2019 that Microsoft highlighted can be found in the SolarWinds Coreinstall.msi for 2019.4.5220.20161 - hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2019.4/2019.4.5220.20161/CoreInstaller.msi

Malicious #SUNBURST DLL CE77D116A074DAB7A22A0FD4F2C1AB475F16EEC42E1DED3C0B0AA8211FE858D6 from May 2020 can be found in CoreInstaller.msi for 2020.2.5320.27438 -hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2020.2/2020.2.5320.27438/CoreInstaller.msi

Malicious #SUNBUST DLL 019085A76BA7126FFF22770D71BD901C325FC68AC55AA743327984E89F4B0134 from April 2020 can be found in CoreInstaller.msi for 2020.2.5220.27327 - hxxps://downloads.solarwinds[.]com/solarwinds/CatalogResources/Core/2020.2/2020.2.5220.27327/CoreInstaller.msi

More from Internet

Jonas L
@jonasLyk

Wanna disable Defender when enabled Isolated Core and Tamper protection?

Its a bit more trouble- but doable, without ruining Isolated Core/Secureboot etc.

Defenders process will run as a unkillable protected service- so new tricks needed.

Here we go:

Ok- tamper protection is easy, just make .bat - run as adm:
:again
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter\Instances\WdFilter Instance" /v altitude /t REG_SZ /d -1 /f
goto again

Then unload minifilter with process hacker:

The registry key will be changed while the minifilter do not protect it, when tamper protection makes the driver load again it cannot attach to volumes nor protect registry keys.

Removing it will make it recreate, but invalid altitude do the trick

Notice now the service is: Protected light(antimalware)
Now we cant do anything to the service/process- not even see its open handles.

Lets start by elevating to SYSTEM- just launch a command prompt, then close process hacker- and run it again from the command prompt.
Now process hacker runs as SYSTEM

Gwen Snyder is uncivil
@gwensnyderPHL

With Parler down, there are going to be a ton of white supremacists switching to (or back to) @Telegram, a company that has sheltered some of the worst, most explicitly pro-terror Nazi groups for years now.

RT to tell @apple & @google to KICK TELEGRAM OFF their app stores, too.

Or, Telegram can actually enforce its terms of service.

But I am watching tons of Nazis thrill to the idea of mass murder on there.

They're emboldened, and @Telegram gives them a place to recruit, radicalize, and plan to kill people.

Parler was bad, but Telegram is the absolute wild west.

I've watched actual terror plots unfold there.

It's where they share printable gun plans and bomb how-tos.

It's where they discuss targets and share vicious, gory murder videos of minorities they don't like.

And I would also add, deplatforming the less dark-webby extremism platforms like Parler ALWAYS means a temporary influx to these more extremist, darker-webby platforms.

We saw it after 8chan, too.

It was necessary, it immediately and overwhelmingly cut down on successful deadly terror, but in the very short term I watched numbers swell in overtly terror Nazi channels as more radicalized/edgelors 8chan folks sought a new home.

Advertisement

Jim Lakely
@jlakely

Let's be clear about what @Google, @Apple & @amazon instantly destroying #Parler's ability to be the free-speech version of Twitter is. At its core, this is about the ability to freely communicate one’s thoughts to others — once considered a hallmark of "The American Way." 1/13

What Big Tech is doing is as if Ma Bell in 1973 (ask grandpa) decided what you're saying to a friend on a landline phone was “dangerous." So they cut off the line in the middle of the talk and then sent someone over to physically cut your phone line. That's Stasi shit. 2/13

I realize that a personal conversation is not the same as a public tweet, but the principle is the same. The company that "owns the wires" for your speec — and has special govt rules protecting them due to their position — cuts off your call due to what you are saying. 3/13

If this analogy doesn't work for you, imagine someone tackling and punching you for speaking on a soap box in a public park and then setting your soap box on fire. And the govt being OK with that in a country that has a First Amendment. Moving on ... 4/13

Big Tech shadow banned people for years to just do it "halfway." That way, they could continue to paint an increasingly thin patina on their original govt-protected pledge to promote the free exchange of thought. #freespeech 5/13

FRANCIS AARON
@FrancisAaronUK

Transgenderism resembles a mass psychogenic illness that has spread thanks to the internet. If there were no Tumblr identity fluidity nonsense, and if Reddit and YouTube had never existed, most “trans” people would not have landed on “gender” as the source of their ills.
1.

It is handed to them in the same way religion is handed to children. Thoughts and ideas are set before them, and they have brought these thoughts and ideas to live in themselves. Without the Internet, their feelings of dis-ease would have found a different explanation.
2.

These ideas became a framework for self-understanding, a map that instructs their actions, a vocabulary that programs their tongue. The pursuit of identity was the task, the online bubble its surrogate. They were commanded by it, and it gave their lives purpose and meaning.
3.

It had benefits. It catered to vanity. Social adulation arrived with each new step. This is why they so fiercely cling to it, since any conceptual breakdown would shatter the world they’ve built, which has been buttressed and fortified through these concepts – these errors.
4.

Its appeal first came as an escapist fantasy for the dysmorphic and disenchanted. Unbound from the meanings thrust upon them by others, they could instead become self-creators. They imbibed the dogma that suggested only two paths lay before them: – transition or suicide.
5.

Disclosure Backpack
@DisclosureBP

Affidavit by former head of IT for large Italian defense contractor admitting he uploaded instructions through military satellite to Frankfurt to flip votes from Trump to Biden on election night under direction of US persons. Willing to testify.#ItalyDidIt

You May Also Like

Jaya_Upadhyaya
@Jayalko1

DODDA GANAPATHI, BENGALURU
#karnatakatemples

Dodda in Kannada means big. Sri Ganesha here is 18 ft tall in height and 16 ft wide. Dodda Ganesha is also known as Shakthi Ganapathi and Satya Ganapathi.

It is said that Kempe Gowda, the founder of Bengaluru, saw a rock here.

The rock had engravings of Ganesha. His sculptors cut the Ganesha murti from that single rock. Later, a shrine was built around the Ganesh murti.

It is believed that Dodda Ganapathi is the protector of Bengaluru. All auspicious events start by praying to Him.

Benne Alankara is the most famous festival here when about 100 kg of butter is coated over Ganapathi every four years and the rich prasad is offered to the worshippers.

Ganesha is also covered in cream colour and is decorated with golden laces and buttons
@GampaSD

The Dodda Ganapathi murti is believed to be still growing in size, especially towards right.

The weavers from old Bengaluru tie a coconut to their looms before starting work. When the work is completed, they break 100 coconuts here along with the one tied on the loom.

Alex Stamos
@alexstamos

The entire discussion around Facebook’s disclosures of what happened in 2016 is very frustrating. No exec stopped any investigations, but there were a lot of heated discussions about what to publish and when.

The story doesn\u2019t say you were told not to... it says you did so without approval and they tried to obfuscate what you found. Is that true?
— Sarah Frier (@sarahfrier) November 15, 2018

In the spring and summer of 2016, as reported by the Times, activity we traced to GRU was reported to the FBI. This was the standard model of interaction companies used for nation-state attacks against likely US targeted.

In the Spring of 2017, after a deep dive into the Fake News phenomena, the security team wanted to publish an update that covered what we had learned. At this point, we didn’t have any advertising content or the big IRA cluster, but we did know about the GRU model.

This report when through dozens of edits as different equities were represented. I did not have any meetings with Sheryl on the paper, but I can’t speak to whether she was in the loop with my higher-ups.

In the end, the difficult question of attribution was settled by us pointing to the DNI report instead of saying Russia or GRU directly. In my pre-briefs with members of Congress, I made it clear that we believed this action was GRU.

Advertisement

Vibhu Vashisth
@VIBHU_Tweet

Surkanda devi mandir is a famous shrine of Hindus located near Kaddukhal distt of Uttarakhand, 11 Km from the town of Dhanaulti and 35 Km from Mussoorie.
The Temple is one of the 51 Shakti Peethas spread all over Indian Subcontinent and is dedicated to Goddess Surkanda.

Nestled on a Hill at an Altitude of 2700 m approx, the place offers a splendid view of the snow capped mountains, the picturesque scenic beauty that offers an experience of the lifetime.
The Temple build in the traditional Garhwal style exuberates the Architectural splendour.

The origins of the Surkanda Mata Mandir is attributed to Goddess Sati, consort of Bhagwan Shiv who in a rage immolated herself in her arrogant Father Daksha's Yajna Kund bcoz he didn't invite Bhagwan Shiv in the Yajna.

Devastated by the death of Sati Shiva wandered all over the cosmos performing Tandava-The Dance of Cosmic Destruction.Fearing the total annihilation of cosmos, Gods requested Bhagwan Vishnu to pacify Shiva.Bhagwan Vishnu then used his discuss to destroy the burning corps of Sati.

The pieces of Sati Mata's body then got scattered all over the region which were later established as Shakti Peethas by Bhagwan Shiva himself.Its believed that the head of Sati fell here and it was called Sirkhanda Mata Temple before, but with passage of time it became Surkanda.

Guillaume Chaslot
@gchaslot

The YouTube algorithm that I helped build in 2011 still recommends the flat earth theory by the *hundreds of millions*. This investigation by @RawStory shows some of the real-life consequences of this badly designed AI.

Flat Earth conference attendees explain how they have been brainwashed by YouTube and Infowars https://t.co/gqZwGXPOoc
— Raw Story (@RawStory) November 18, 2018

This spring at SxSW, @SusanWojcicki promised "Wikipedia snippets" on debated videos. But they didn't put them on flat earth videos, and instead @YouTube is promoting merchandising such as "NASA lies - Never Trust a Snake". 2/

A few example of flat earth videos that were promoted by YouTube #today:
https://t.co/TumQiX2tlj 3/

https://t.co/uAORIJ5BYX 4/

https://t.co/yOGZ0pLfHG 5/

WORLD OF SANATAN DHARM...
@world_sanatan

THE LAST STAND OF PAVAN KHIND - THE 300 BATTLE OF INDIA

A long🧵that u must read

In desperate times, great men come forth. Those men who are ready to sacrifice all of their lives work for a single cause.

Baji Prabhu Deshpande is one such man.

1/25

Battle was between the Maratha Warrior Baji Prabhu Deshpande and Sidi Masoud of Adil Shahi Sultanate.

In 1660, the Maratha King Shri Chhatrapati Shivaji was trapped in the fort of Panhala, under siege and vastly outnumbered by an Adilshahis army led by Sidi Masoud.

2/25

And while everyone is thinking that finally the Maratha king will be subdued, Shivaji planned to escape to the fort of Vishalgadh. It was administered by a Maratha chieftain named Range Narayan Orpe under Shivaji.

3/25

For months the siege warfare continued as Shivaji made sure that the food source of the Besieging army drops down, due to which they will initiate a general assault on the castle.

4/25

Shivaji, Baji Prabhu, and around 600 of their best troops, hardened mountaineers of the Maval region, would dash through the Adilshahis force at night.

A man named Shiva Kashid, who resembled Shivaji in appearance, had volunteered to dress like the king and get captured.

5/25