General Discussions and Off Topic

Hi guys, just have a another small question about handling responses and creating new valid request header fields.So recently I found some new issue what did surprise me and I don't understand how to handle it yet.The problem is that there are seems to be some webpages who using other methods to allow cookie requests.Normaly I thought I always HAVE to use the "Cookie: *" field in my requests for any cookie I HAVE to use for another requests reading from "Set-Cookie: X". Example: Cookies I got in response... ------------------------------------------------ Set-Cookie: X=12345; path=/; expires=Sat, .... GMT; domain=ABC.com; samesite=none; secure Set-Cookie: Y=…

Hi guys, I have a new little question about drivers and how to update them.I found a tool on internet called DUMo... https://kcsoftwares.com/?dumo ...what shows and listed all drivers of your system stuff.Now I see in my case I have some old drivers in use for diffrent devices.... Intel(R) Dynamic Application Loader Host Interface Intel 1.38.2020.805 Update verfügbar (1914.13.0.1065) Intel(R) Management Engine Interface #1 Intel 2040.100.0.1029 Update verfügbar (2047.100.0.1039) etc ...but I can't update them with this tool (no license for it) or do anything with it also if it calls itself as freeware (Trash).I dont get any DL link of…

A path would immediately cause Windows 10 to crash and display a BSOD when entered into the Chrome address bar. When developers want to interact with Windows devices directly, they can pass a Win32 device namespace path as an argument to various Windows programming functions. For example, this allows an application to interact directly with a physical disk without going through the file system. Lykkegaard told BleepingComputer that he discovered the following Win32 device namespace path for the 'console multiplexer driver' that he believes is used for 'kernel / usermode ipc.' When opening the path in various ways, even from low-privileged users, it would cause …

That is it. Or c:\:$i30:$bitmap inside of a shortcut file would do the job. This will cause immediate corruption in Win10 builds 1803 or later. It will cause prompts to reboot to repair the disk and then chkdsk on boot will be unable to repair. This sounds quite dangerous as it makes downloading zip or rar archives and extracting them potentially harmful if they contain such a shortcut .lnk in them. https://www.bleepingcomputer.com/news/security/windows-10-bug-corrupts-your-hard-drive-on-seeing-this-files-icon/

Hello everyone, I actually found this forum while searching for Dup skins, some of you know me and for ones who don't I'm 24 and I'm repacking softwares, trying to learn delphi / pascal and a bit of RE. Thanks y'all!

Hi guys, I did update my Brave browser to latest version (small while ago) V1.11.97 but I found a nasty bug I dont wanna have.Problem should be any Java issue and showing listings correctly.Not sure how this is called but you know websites who using Java listings which gets open automatically when you scroll down a page right.So this is working so far but on some pages you have a button to load more listings and right there happens the problem.When I press that button then more content gets loaded and shown but the browser jumps directly to the end of the new content and I as user have to scroll manually up many pages to reach the location where I was stand before et…

Happy New Year 2021 For All members

bleepingcomputer.com/news/security/github-hosted-malware-calculates-cobalt-strike-payload-from-imgur-pic/ NZBgeek Has Been Hacked torrentfreak.com/nzbgeek-has-been-hacked-leaving-private-user-data-exposed-201228/ Linux on the Nintendo 64 fudzilla.com/news/gaming/52114-2020-is-the-year-of-linux-on-the-nintendo-64 Facebook is an imperialist nation, and people are its colonies boingboing.net/2020/12/28/facebook-is-an-imperialist-nation-and-people-are-its-colonies.html theatlantic.com/technology/archive/2020/12/facebook-doomsday-machine/617384/

DNS resolvers and queries (over HTTPS) seem to be a bit of a popular topic in the news of late. There are a number of reasons why people should be using DoH (or DoT); privacy, security, prevention against eavesdropping and man-in-the-middle attacks. For those not familar and for those of you interested there are ad-blocking DoH resolvers. Below is a list of ad-blocking resolvers that I am currently aware of. Obviously these will perform better or worse depending on where you are located geographically in the world. My top three for performance are the first three in the list, the others are ranked in no preferential order. https://adblock.mydns.ne…

ThreatNix has uncovered a large scale phishing campaign using GitHub pages and targeted Facebook ads that has affected more than 615000 users. The campaign is targeting Nepal, Egypt, Philippines along with a large number of other countries. threatnix.io/blog/large-scale-phishing-campaign-affecting-615000-users-worldwide/

Came across this a couple of week ago and thought i would share What Is This Project? Windows 10 AME aims at delivering a stable, non-intrusive yet fully functional build of Windows 10 to anyone, who requires the Windows operating system natively. Spyware systems, which are abundant in Windows 10 by default, have not been disabled using group policy, registry entries or various other workarounds – they have been entirely removed and deleted from the system, on an executable-level. This includes Windows Update, and any related services intended to re-patch the system via what is essentially a universal backdoor. Core applications, such as the included Edge…

thehackernews.com/2020/11/apple-lets-some-of-its-big-sur-macos.html

Looks like some of the core-developpers secretly prepared a somewhat hostile (?) fork of radare2, called rizen. https://rizin.re/posts/faq/ Cutter already announced they support it.

Does anyone know if such a tool exists? The fact that the article comes through the wire before Javascript comes and hides it behind paywall or login banners, means there should be some way to undo the nonsense. Of course these sites are moving towards fixing this and not sending more than a teaser over the wire. But to this day most sites are still sending full articles and relying on client side content blocking as silly as that is. I'm just surprised not to have come across such a tool. It's getting harder and harder to use aggregates since half the articles are linking to these types of sites

Hi guys, I have a bad problem.Few days ago I did prepair my USB drive (format with NTFS) and gave it a name.Everything seems to be ok and I did started to backup much files on it.Today I did connected that USB disk and see that the name I gave that USB disk didnt showed up in my explorer (just local disk as name) and also no filesize was shown too.Now I cant access it anymore etc.In the computer management / disks I can see all my hard-drives (also that USB drive) what shows me filesystem raw and also the full filesize with 100% free!Great!!! So what can I do now?Dont wanna loose the datas I did backup already and deleted from my other HDD.Is there are way to re…

Can anyone know what was screen recorder software of Lena151 reverse engineering tutorials? I am looking for that.

Hi, i'm not good on introduce myself, so I'm going to get right to the point, I'm a beginner practicing every day, but most of the time I fail on my task (I find important instructions, but then nothing work), I'm searching a mentor or a group to talk with (and that tell me where I'm wrong), I can't ask single question when i don't know what to ask, hope you understand me ahaha, if someone will anwer I will appreciate it a lot, thank for reading. At the moment this is what I did: - I readed the book Learning Malware Analysis(my final objective is to become a Malware Analyst) - Followed some videos of Lena151 - Practiced with some programs

https://techcrunch.com/2020/10/23/the-riaa-is-coming-for-the-youtube-downloaders/amp/ Does anyone know where to grab the latest master source zip?

arstechnica.com/tech-policy/2020/11/zoom-lied-to-users-about-end-to-end-encryption-for-years-ftc-says \bonus/ It’s a bird! It’s a plane! It’s a BMW-powered electrified wingsuit www.slashgear.com/its-a-bird-its-a-plane-its-a-bmw-powered-electrified-wingsuit-09646309/ Google Says Quantum Computer Beat 10,000-Year Task in Minutes www.bloomberg.com/news/articles/2019-10-23/google-says-quantum-computer-beat-10-000-year-task-in-minutes

bleepingcomputer.com/news/security/new-pay2key-ransomware-encrypts-networks-within-one-hour/ \bonus/ Poor man integration of Ghidra decompiler into Binary Ninja - github.com/Martyx00/ghinja SQLite compiled to JavaScript - sql.js.org SpotifyKeyDumper - gitlab.com/fornication-capitalism/spotifykeydumper

the $70 desktop PC - www.raspberrypi.org/blog/raspberry-pi-400-the-70-desktop-pc/ \/_bonus_\/ All the resources you need for front end development - github.com/developer-resources/frontend-development SDelete GUI - www.ghacks.net/2020/11/02/delete-files-securely-from-the-explorer-context-menu-with-sdelete-gui/ Winamp Windows 10 - www.mywinamp.com/winamp-for-windows-10-download/

https://arstechnica.com/information-technology/2020/11/githubs-source-code-was-leaked-on-github-last-night-sort-of/ Last night, developer and privacy activist Resynth1943 announced that GitHub's source code had been leaked on GitHub itself, in GitHub's own DMCA repository. It's going to take some unpacking to talk about that, but first things first—this isn't as big a deal as it might sound like. GitHub Enterprise Server != GitHub.com Grinding a DMCA-related axe It seems likely that the "unknown individual" Resynth1943 referenced uploaded the leaked source code largely out of anger about the recent Youtube-dl takedown. The code itself was d…

oswalt.dev/2020/11/anatomy-of-a-binary-executable/ \bonus/ SEGA to sell off 85% of arcade business - tweaktown.com/news/76041/sega-to-sell-off-85-of-arcade-business-shares-avoid-big-losses/index.html A pure WebAssembly / JavaScript port of FFmpeg - ffmpegwasm.github.io Florida mosquitoes: 750 million genetically modified insects to be released - bbc.com/news/world-us-canada-53856776

rev.ng/index.html bonus YouTube-dl has received a DMCA - bleepingcomputer.com/news/software/youtube-dl-removed-from-github-after-riaa-dmca-notice/ T-Mobile screwups caused nationwide outage, but FCC isn’t punishing carrier - arstechnica.com/tech-policy/2020/10/fcc-not-punishing-t-mobile-for-outage-that-ajit-pai-called-unacceptable/ The fastest and easiest way to check, copy and edit CSS - cssspider.fresalabs.com/ TwitGrid - github.com/nuket/TwitGrid Ethereum set to become first blockchain to settle $1 trillion in one year - cointelegraph.com/news/ethereum-set-to-become-first-blockchain-to-settle-1-trillion-in-one-year 700 leadi…

https://arstechnica.com/information-technology/2020/10/googles-project-zero-discloses-windows-0day-thats-been-under-active-exploit/ " CVE-2020-117087 stems from a buffer overflow in a part of Windows used for cryptographic functions. Its input/output controllers can be used to pipe data into a part of Windows that allows code execution. Friday's post indicated the flaw is in Windows 7 and Windows 10, but made no reference to other versions. “The Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures,” Friday’s Project Zero post said. “It constitutes a…