Conversation

Notices

1. Embed this notice
   ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Friday, 25-Apr-2025 05:00:36 JST ✧✦Catherine✦✧

   sitting next to a girl who's looking at a sample of malware. she's currently advocating "running the malware to dump the arguments to NtWriteVirtualMemory and killing it before it does the malware things"

   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Friday, 25-Apr-2025 05:01:47 JST ✧✦Catherine✦✧

     in reply to

     me: "what if it has another payload with a different [things she's setting a breakpoint for]?"
     her: "well that sucks, should've done a better job. if you don't check that your gun isn't loaded before you shoot it at yourself you've had it coming"

   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Friday, 25-Apr-2025 05:02:08 JST ✧✦Catherine✦✧

     in reply to

     i think i might be better at this "reverse engineering" thing than i previously thought,,

   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Friday, 25-Apr-2025 05:02:49 JST ✧✦Catherine✦✧

     in reply to

     her: "see, this is the peak of reversing. you know that one day you'll run malware on your system, so every day is an exciting opportunity to play malware roulette"

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 25-Apr-2025 05:02:52 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     @whitequark I once bought a laptop for the sole purpose of infecting it with malware. The guy at the shop who sold it to me acted like I was adopting a puppy to conduct medical experiments on when I mentioned what I was doing.

   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Friday, 25-Apr-2025 05:03:17 JST ✧✦Catherine✦✧

     in reply to

     • Ryan Castellucci :nonbinary_flag:

     @ryanc I mean he's got a point

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Friday, 25-Apr-2025 05:08:08 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     @whitequark The reverse engineer I was working with at the time had spent about a week trying to get it to do malware things to no avail - had server side checks including geofencing before the actual payload would run.

     I bet him I could get it to work in three hours.

     I lost the bet because I bought the cheapest shittiest laptop and it took several hours to get to a usable state out of the box.

     The malware did malware things once windows was finished doing windows things, though.