LainTrain

joined 9 months ago
sorted by: new top controversial old
Town urges curfew over mosquito-spread disease that kills up to 50% of people in c/[email protected]
[–] [email protected] 3 points 1 month ago

Insane. Can the mosquitos be exterminated already?

Did you sleep well? in c/[email protected]
[–] [email protected] 2 points 1 month ago

Haha or build an entire robot arm that just moves your mouse for you :)

Did you sleep well? in c/[email protected]
[–] [email protected] 2 points 1 month ago* (last edited 1 month ago)

Or you can just base64 encode/decode it. But that too is a common technique of obfuscation and I would be impressed and surprised if it didn't also trigger an alert

Running lsusb

But that's the thing. Nobody is going to be remoting into your machine and running lsusb on your computer without significant cause. If you're that paranoid you can change the VID and PID and name ez pz.

Did you sleep well? in c/[email protected]
[–] [email protected] 4 points 1 month ago (2 children)

I think if anything any command with pid (literally the word) will match a heuristic triggering an alert in EDR because disguising processor pid or manipulating pids in any way in bash doesn't have a lot of legitimate uses, similar to 'whoami' which just immediately alerts if run regardless of context because statistically it's a classic initial foothold step.

This will in fact alert security regardless of skill level. And most sec folks won't get this or understand what it means because tons and tons of people in the industry are just straight up non-technical, and those who are slightly technical will either:

  1. Trust tools more
  2. Disagree with the tool but defer to it to cover their ass

They might outsource this to IT, at which point you have an entire company up with IDR process activated in the dead of night.

You have to think a bit differently. You're not outsmarting hypothetical feds who are browsing your PC via a remote shell like it's an HtB CTF.

The point isn't to hide because hiding on a fully compromised machine is impossible, and outsmarting millions of dollars of R&D is too much of a long shot, the point is to do it in plain sight in a way no one can tell the difference between the legitimate and illegitimate.

An Arduino Leonardo will do the trick. A flipper zero, a phone app that lets you use it as a badusb to shake the mouse. You get the picture.

People use USB and Bluetooth mice all the time. You're just people. If someone says something, you say you just have a faulty mouse and stop.

What is this community's view on self-medicating? in c/[email protected]
What is this community's view on self-medicating? in c/[email protected]
What is this community's view on self-medicating? in c/[email protected]
What is this community's view on self-medicating? in c/[email protected]
What is this community's view on self-medicating? in c/[email protected]
What is this community's view on self-medicating? in c/[email protected]
What is this community's view on self-medicating? in c/[email protected]
What is this community's view on self-medicating? in c/[email protected]
view more: ‹ prev next ›