Recent content by The other Paul in a GTR

As a security researcher I dont care what the device actually does. I only care if it's an internet connected embedded device running some form of an OS (usually *nix) that I can interact with. An IP camera, Amazon Alexa, or a wifi router are all small ARM or MIPS based linux computers to me...

I like it. While on the pricey side, I'm a fan of buying a nice tool or set once and having the proper tools for a job for life. Also, the foam cutouts in the case are very nice for organization and also tool acountability. You'll never forget to put a piece away if you see an empty spot in...

After going through 3 motherboards and still having ongoing issues with my 1700, I switched back to Intel for a 7900x based build for my home office workstation. I'm pretty bitter about being a beta tester for AMD's first wave of Ryzen chips. Should have waited for the second gen.

You're right. I know nothing. http://shadyhackerwebsite.com/wp-content/gallery/cert/MVIMG_20180321_213655.jpg

This isn't an initial compromise exploit. This is an exploit to gain an advanced persistence mechanism. Initial compromise is irrelevant to this. Fuck it. I spear phished an employee, who opened a macro enabled word doc, which called back to my malicous domain, which installed the dropper...

Because of the long game. Say I'm a hacker involved in industrial espionage and am being paid to continuously discover trade secrets from a competitor. I pop a server belonging to a company and am copying source code or hardware designs until one day they discover me or they re image the...

The comments laughing at this for "pwning a system you already pwned" aren't quite getting the full impact of something like this. This isn't about the initial compromise of a system. This exploit gives the attacker an advanced persistence mechanism that cannot be mitigated or removed through...

http://dodsioo.defense.gov/Portals/46/Documents/ATSD(IO)-IO-Presentation-2013-PDF-Version.pdf Read that before you think the NSA is just wholesale collecting on every single person in the US. Most of you are honestly not that interesting to begin with. ;)

My point is that the MAJORITY of the items listed in [H]'s spreadsheet are malware and exploit prevention measures. Defender, DEP, and UAC are hardly bloatware, they are actually doing a good job eliminating a fair portion of malware and making exploit devs expend a lot more time. Otherwise...

I get that the final spreadsheet in this post is a "hardware testing" setup, but how many folks reading here might think that would be a great setup for their daily driver gaming rig? If there are kids out there reading this news post and disabling every windows protection to try and get 3 more...

I actually rent one floor of my townhome with it's bedroom and full bathroom on Airbnb. However, I am also living in the home at the same time as doing this. I'm not running a hotel, I'm just making use of a guest bedroom more than just once a year for in-laws. Because this isn't my sole...