Geek Squad MRI

On

VulnTrack 1.1 by Ogma Released

My friend sent his computer to best buy to get a software problem fixed and they couldn't fix it, so he gave the computer to my brother to fix and he fixed it. My brother told me that the "dumb**''s at Geek Squad left there MRI Cd in his computer" this was like a month ago. Best Buy MRI Geek Squad 5.10.2 Boot Disk: Best Buy MRI Geek Squad 5.10.2 Boot Disk MRI Geek Squad Untouched * NOT CRACKED! - 1.3 GB This is the Best Buy geek squad repair disc – Code Name MRI – for internal use only, confidential, and a trade secret.

27 April, 2019 - 14:51 — Ogma

VulnTrack provides monitoring and alerting of security vulnerabilities and exploits based on a provided rule set. In version 1.1 VulnTrack-gtk has been replaced with vulntrack-cli, which is works on both Windows and Linux. Includes new features such as Acknowledge, Remove, and showing vulnerabilities with known exploits available. The database comes pre populated with all exploits from 2017 to 4/24/19. As always, any feedback or feature requests are greatly appreciated.

SX Corrects Climate Change by Hacking Weather Dominator

1 April, 2019 - 00:01 — RaT


We're proud to announce that after years of research, we've finally utilized our backdoor into Cobra's network to hack the SCADA system that controls their weather dominator. As such, we've decided to use this hack to correct climate change - effective immediately. You're welcome.

Note: Cobra Commander could not be reached for comment.

Call For Testing: Cross-DSO CFI in HardenedBSD

20 July, 2018 - 14:44 — lattera

Over the past year, HardenedBSD has been hard at work in integrating the Cross-DSO CFI implementation in llvm. We have reached a point where we can release an early (pre-alpha) public Call For Testing (CFT) of this work.

For reasons which will be described below, we recommend this CFT be used by those using root-on-ZFS with boot environments. We recommend testing in a dedicated boot environment.

This initial round of testing is best suited for development server installations. Production servers and desktops/laptops are not advised for testing at this time. We're looking for feedback on what works and doesn't work.

Introduction

Control Flow Integrity, or CFI, is an exploit mitigation that aims to make it harder for an attacker to hijack the control flow of an executable image. llvm's CFI implementation provides forward-edge protection, meaning it protects call sites and non-return code branches. llvm includes basic and incomplete backward-edge protection via SafeStack.

CFI in llvm consists of two flavors:

1. Non-Cross-DSO CFI
2. Cross-DSO CFI

For over a year now, HardenedBSD has adopted non-Cross-DSO CFI in 12-CURRENT/amd64. Support for non-Cross-DSO CFI was added for 12-CURRENT/arm64 on 01 July 2018. Non-Cross-DSO CFI applies CFI to the applications themselves, but not on the shared objects they depend on. Cross-DSO CFI applies CFI to both applications and shared objects, enforcing CFI across shared object boundaries.

When an application or shared object is compiled, its source files typically get compiled first to intermediate object files. Enabling Cross-DSO CFI requires compiling and linking both static and shared libraries with Link Time Optimization (LTO). When LTO is enabled, these object files are no longer ELF object files, but rather LLVM IR bitcode object files.

SX at Defcon 26 and Mojave Phone Booth

13 July, 2018 - 10:04 — RaT

As usual, many of the crew members of soldierx.com will be at Defcon 26. Blake has also informed me that the chat software (for anonymous conversations) that is heavily used by folks at Defcon is feature complete. There's more information about this at https://en.wikipedia.org/wiki/Mojave_phone_booth. I would like to point out that the Mojave Phone Booth is in no way ran by soldierx.com despite some of the rumors online. The only relationship is that one of our crew members, Blake, wrote the software that powers the SMS and Signal portions of it. If you want to join it, please send SUBSCRIBE <ALIAS> to 760-733-9969 via SMS or Signal. <ALIAS> should be replaced with your desired alias.

If you're going to Defcon 26 and you'd like to meet up with members of soldierx.com, please follow this. You can also track us down in IRC and get more information that way. We look forward to seeing new and old faces in the desert this year.

Durandal Spotted Trying to Pick Up Kids Dressed as Pickle Surprise

1 April, 2018 - 03:29 — RaT

Yesterday afternoon, children at a mall in Ohio where shocked to find that instead of the Easter Bunny - they found a man dressed as the pickle from the now infamous Pickle Surprise video (directed by Tom Rubnitz) was waiting for them. For a ten minute period, the individual, who has since been identified as Durandal, did nothing but yell 'Pickle Surprise' and 'HAI2U' at the children. He was also offering 'free candy' before he fled the facility once mall security arrived. When asked about the incident, mall-goer Chad Newsom stated that, 'I had no clue what was going on and thought it had something to do with Adult Swim.' Currently, no charges are planned on being filed as despite the disturbing event that took place, no children were abducted thanks to mall security. A photo was captured of Durandal in his getup, which can be seen below:
If you happen to see him in your area, please contact the local authorities.

lattera to speak at Thotcon 0x9

24 January, 2018 - 10:45 — lattera

My Thotcon presentation has been accepted! Below is the presentation abstract:

Without exploit mitigations and with an insecure-by-default design, writing malware for FreeBSD is a fun task, taking us back to 1999-era Linux exploit authorship.

Several members of FreeBSD's development team have claimed that Capsicum, a capabilities/sandboxing framework, prevents exploitation of applications. Our in-depth analysis of the topics below will show that in order to be effective, applying Capsicum to existing complex codebases lends itself to wrapper-style sandboxing. Wrapper-style sandbox is a technique whereby privileged operations get wrapped and passed to a segregated process, which performs the operation on behalf of the capsicumized process. With a new libhijack payload, we will demonstrate that wrapper-style sandboxing requires ASLR and CFI for effectiveness. FreeBSD supports neither ASLR nor CFI.

Tying into the wrapper-style Capsicum defeat, we'll talk about advances being made with libhijack, a tool announced at Thotcon 0x4. The payload developed in the Capsicum discussion will be used with libhijack, thus making it easy to extend.

We will also learn the Mandatory Access Control (MAC) framework in FreeBSD. The MAC framework places hooks into several key places in the kernel. We'll learn how to abuse the MAC framework for writing efficient rootkits.

Attendees of this presentation should walk away with the knowledge to skillfully and artfully write offensive code targeting both the FreeBSD userland and the kernel.

This presentation dives in depth regarding:
1) defeating wrapper-style Capsicum sandboxing with ret2sandbox_open (re-usable template exploit provided)
2) easy runtime process infection on amd64 and arm64
3) abusing the MAC framework to write rootkits (rootkit code will be released)