#driver
One person like that
#node.js used by #Adobe, #Logitech, #Nvidia and others can be used to #exploite #Windows 😱
Source: https://nitter.eu/Laughing_Mantis/status/1512081814994575377
So what can you do with these and how can they be abused:
You can modify the JSON and JS files mentioned in order to:
- arbitrary download binaries
- ignore download checksums
- execute commands as SYSTEM
- C2 on the behalf of applications
- perform file I/O as SYSTEM
etc.
...
A good generic tool should scan the local appdata and program file folders for instances of NODE.JS or JSON files (Maybe not Microsoft Store instances) and then have templates for trojanizing each vendor's custom #NodeJS and #JSON.
#Microsoft #warning #danger #0day #software #news #Trojan #problem #hack #hacker #driver #install #fail #security
5 Likes
Liebe macht krank
Der Regisseur Leos Carax hat ein Musical der Pop-Band Sparks verfilmt. „Annette“ ist ein furioser und albtraumhafter Trip. http://www.taz.de/Film-Annette-von-Leos-Carax-und-Sparks/!5819345/ #taz #tazgezwitscher #tageszeitung #Toxische #Männlichkeit # #Adam #Driver #Musical #Spielfilm
Driver doesn't load, shows error code 52 in device manager on Windows 10 x64
If you're automating software and drivers, sometimes it happens that Windows 10 doesn't load a driver. Since MS raised the bar for driver signing and everything security in general to unbelievable heights, there are far less problems with rootkits, but way more with drivers.
Even hardware manufacturers as Nvidia and Intel can't keep up with the current update rate and hey who needs QA when you're at one of these firms anyway and thus, from time to time, un- or wrongly signed non-production beta drivers are being published for end consumers.
You're downloading driver packages, extract them, shove them upon your test share, import them into your endpoint management server system without a problem, automate them and deploy them. Dism grabs them and imports them into the local driver store. After OSD is done, system is being patched and software is being installed, all is good. Machine ships to the end customer, user logs in. OS activates each and every security subsystem that EFI, secureboot, Driverguard etc pp. provides and loads up the drivers in the store.
Inf is readable, cab file signature is A-OK, loading driver but oh my what's that, one of the 50 driver libraries or SYS files is not signed properly, a cert in the chain is too old or there is no CA certificate because someone at Intel signed the libraries with a cert published by 'Microsoft Media' certificate used in Windows Vista (an OS published in 2007 A.D.) to sign the driver libraries. In the year 2021. Congrats, you now have n machines out there in the home offices without WLAN & without a graphics driver. Best wishes from Intel (one more reason why I prefer AMD).
There are two solutions to avoid this: either you check each and every file of each and every driver you want to use before importing & deploying them. This means that you'll check millions of files. Or you just trust the manufacturer / distributor who provides the drivers, import them and fix if any errors occur. This is what 99% of the sysadmins do and what MS recommends.
If however you want to check the driver files before importing them, here is a powershell one-liner to recursively check all binaries in the current path for non-valid signatures. It outputs any binaries in the search path which are not signed properly.
Get-ChildItem -Recurse | where {$_.extension -in ".dll", ".exe", ".sys" } | Where { ! $_.PSIsContainer } | Get-AuthenticodeSignature | Where-Object {$_.status -ne "Valid"} | Select-Object status, path
Have fun, stay healthy.
Fritz
1 Shares
There will soon be no out of work truck drivers in Texas
All you truck drivers in need of work out there need to take a second to look into this: A company called Sisu Energy has been paying experienced drivers up to $14,000 per week. It may sound too good to be true, but it’s actually the real deal.
#Texas #truck #driver #shortage #capitalist #solution
https://altdriver.com/country/texas-company-offers-drivers-14k-a-week-during-truck-driver-shortage/
3 Comments
“I don’t need to wake up. I dream with my eyes open.”
Sonu Sood as Basu: City of Life (1:27:56, Ali F. Mostafa, 2009.12.11)
#Indian #taxi #driver #immigrant #worker #hope #alone #nevergiveup #Dubai #UAE #exploitation
5 Likes
the horror, the despair...
#frog #fright #steeringwheel #driver #cape #devil #vidcap #animatedgif #1973 #circleoffear
4 Likes
you only need #PlugAndPlay to get #Admin rights under #Windows
Source: https://twitter.com/j0nh4t/status/1429049506021138437
#razor #driver #fail #security #software #news
Need local admin and have physical access?
— jonhat (@j0nh4t) August 21, 2021
- Plug a Razer mouse (or the dongle)
- Windows Update will download and execute RazerInstaller as SYSTEM
- Abuse elevated Explorer to open Powershell with Shift+Right click
Tried contacting @Razer, but no answers. So here's a freebie pic.twitter.com/xDkl87RCmz
6 Likes
4 Comments
3 Likes
1 Comments