Untitled attachment

Notices where this attachment appears

1. Embed this notice
   JA Westenberg (daojoan@mastodon.social)'s status on Wednesday, 02-Jul-2025 15:05:52 JST JA Westenberg

   There’s an hourglass on my desk. I flip it every morning before I start working.

   It doesn’t beep or vibrate. It doesn’t sync to a calendar. But it keeps perfect time.

   Every grain that falls is a second I don’t get back.
   https://www.linkedin.com/posts/joanwestenberg_theres-an-hourglass-on-my-desk-i-flip-it-activity-7346033073718771712-1Gqo?utm_source=share&utm_medium=member_desktop&rcm=ACoAAFsHzRgBmenrK5Y1VXU7SZD_GfSUiOE-n7Y

2. Embed this notice
   Patrick (patrickoftheg@mastodon.social)'s status on Monday, 30-Jun-2025 02:19:34 JST Patrick

   I finished the first season of #From and I am genuinely surprised by how much I like it. I thought it was going to go in about a thousand cliched and annoying directions, for a horror/suspense show, and it only went in a few of them.

   That's good.

   It also has done a good job of keeping all the mysterious mysterious and not over-explaining those items. It keeps my mind working.

   It also feels like it has been planned out more than shows of its ilk.

3. Embed this notice
   Secret Slutty S African (monsoonrains@mastodon.social)'s status on Friday, 09-May-2025 02:26:55 JST Secret Slutty S African

   in reply to

   @fesshole I don't have this problem I am content/Social media manager so I am always working.

   It is so easy to skive.

4. Embed this notice
   Will Dormann (wdormann@infosec.exchange)'s status on Wednesday, 02-Apr-2025 03:02:15 JST Will Dormann

   in reply to

   If we test with our own custom WDAC rules, we can confirm that all of the allowed properties to block by are indeed obeyed by Windows. Specifically:
   Hash, FileName, FilePath, SignedVersion, PFN, Publisher, FilePublisher, LeafCertificate, PcaCertificate, RootCertificate, WHQL, WHQLPublisher, WHQLFilePublisher

   When we test these blocking techniques individually, they all seem to work fine. Including blocking by signing cert (FilePublisher). So this suggests that WDAC blocking by signing cert is not broken, but rather there's something broken about the Microsoft recommended driver block rules list when it's not enforced by HVCI.

   However, in the process of testing individual blocking techniques, I've discovered a third vulnerability. On a system that is successfully using the FilePath WDAC blocking directive, if I enable HVCI, that block will suddenly stop blocking.

   That is, while turning on HVCI is a wise move across the board, this is a specific case where having HVCI enabled is ironically less secure than having it off. The Microsoft recommended driver block rules doesn't have any entries based on FilePath, so this block list is unaffected by this problem. But surely there's somebody out there with FilePath block rules that is unknowingly missing protection on systems with HVCI enabled.

   To eliminate variables, I got these screenshots by starting with a system that has a working FilePath WDAC block enabled, and simply enabled HVCI on that same system. The mere act of enabling HVCI on a system causes a working FilePath rule to stop working.

   It truly is bugs all the way down, but just to summarize what we've discovered after pulling a thread about blocked drivers not being blocked:

   1. If HVCI is off, then the Microsoft recommended driver block rules list will not block any entries that are present based on signing certificate (FilePublisher)
   2. The driver block list that you get by enabling the "Microsoft Vulnerable Driver Blocklist" feature in windows is not merely delayed (Microsoft reports that it's updated 1-2 times per year) from the public list, but more importantly it's a different list that you get. (Further investigation in how it differs is required)
   3. If HVCI is on, any FilePath-based blocks will be ignored.
5. Embed this notice
   Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Monday, 23-Dec-2024 10:07:23 JST Ryan Castellucci :nonbinary_flag:

   I'm trying to get a Raspberry Pi Zero W updated to Alpine Linux 3.21, and it is not so much working.

   It's supposed to be offering a console via USB gadget serial, but it doesn't seem to be booting far enough to do so. 😕

   Maybe it just needs a very long time?

6. Embed this notice
   LukeAlmighty 🇨🇿 (lukealmighty@gameliberty.club)'s status on Thursday, 10-Oct-2024 23:50:32 JST LukeAlmighty 🇨🇿

   According to Hajime Isayama, the creator of Attack on Titan, the idea for the Titans themselves came to him when he encountered a drunk customer at the internet café where he was working.

   It is seriously insane, that I heard such a huge spoiler without even realizing it. Sure... Alcohol turned the guy into a monster. :pepelol: