Windows Defender Is Being Used to Hack WindowsWindows Defender, the built-in antivirus running on every Windows machine, has a working zero-day exploit with full source code sitting on GitHub. No patch, no CVE, and confirmed working on fully updated Windows 10 and 11. A researcher who says Microsoft went back on their word just handed every attacker paying attention a privilege escalation that takes any low-privileged account straight to NT AUTHORITY\SYSTEM. On Windows Server the result is different but still serious: a standard user ends up with elevated administrator access. The vulnerability is called BlueHammer. On April 2nd the researcher posted the public disclosure on a personal blog, and on April 3rd the full exploit source code went live on GitHub. Both published under the alias Chaotic Eclipse, also known as Nightmare Eclipse, with a message to Microsoft's Security Response Center that comes down to: I told you this would happen.Before getting into the technical side, there is a backstory here worth knowing.In late March, the same researcher opened a blog with a single post explaining that they never wanted to come back to public research. Someone had made an agreement with them and then broke it, knowing exactly what the consequences would be. The post says it left the researcher without a home and with nothing. A week later, BlueHammer went live on GitHub with a message that specifically thanks MSRC leadership for making it necessary. That is not someone annoyed with a slow review process. That is someone with nothing left to lose.
>>532910834Now to the exploit itself, because this one is genuinely worth understanding.BlueHammer is not a traditional bug, and it does not need shellcode, memory corruption, or a kernel exploit to work. What it does is chain five completely legitimate Windows components together in a sequence that produces something their designers never intended. Those five components are Windows Defender, Volume Shadow Copy Service, the Cloud Files API, opportunistic locks, and Defender's internal RPC interface. One practical limitation worth knowing: the exploit needs a pending Defender signature update to be available at the time of the attack. Without one in the queue, the chain does not trigger. That makes it less reliable than a push-button exploit, but it does not make it safe to ignore.Here is how the attack chain works.When Defender runs an antivirus definition update, part of that process involves creating a temporary Volume Shadow Copy, which is the same snapshot mechanism Windows uses for backup and restore. That shadow copy contains files that are normally completely locked during regular operation, including the SAM database, which stores the password hashes for every local account on the machine.BlueHammer registers itself as a Cloud Files sync provider, the same kind of thing that OneDrive or Dropbox uses to sync files. When Defender touches a specific file inside that folder, the exploit gets a callback and immediately places an opportunistic lock on that file. Defender stalls, blocked, waiting for a response that is never coming. The shadow copy it just created is still mounted. The window is open.
>>532910877With Defender frozen in place, the exploit reads the SAM, SYSTEM, and SECURITY registry hives directly from the snapshot. It decrypts the stored NTLM password hashes using the boot key pulled from the SYSTEM hive, changes a local administrator account's password, logs in with that account, copies the administrator security token, pushes it to SYSTEM level, creates a temporary Windows service, and spawns a command prompt running as NT AUTHORITY\SYSTEM. Then, to cover its tracks, it puts the original password hash back. The local account password looks completely unchanged. No crash, no alert, nothing.The whole chain runs in under a minute from a normal user session.The Cloud Files provider name hardcoded in the exploit source code reads IHATEMICROSOFT. The administrator password used during the escalation is hardcoded as $PWNed666!!!WDFAIL. These are not bugs left in by accident. They are messages, written directly into the code, and there is only one intended reader.Will Dormann, principal vulnerability analyst at Tharros, tested the exploit and confirmed it works well enough to be a real threat.Microsoft has been cutting costs. Experienced analysts who knew how to look at a complex exploit and actually understand it have been replaced with staff following rigid process checklists. One of those checklist requirements is a video demonstration of the exploit. Researchers who refuse to make a video get their reports closed. Dormann said on Mastodon that he would not be surprised if Microsoft closed the case because the researcher refused to submit a video, since that has apparently become an MSRC requirement.
>>532910904Microsoft's only public response to BlueHammer has been a statement about supporting coordinated vulnerability disclosure. Take a moment with that. The whole point of this situation is that Microsoft's own process broke the coordination. Responding to that by saying you support coordination is not an answer.Microsoft pushed a Defender signature update that detects the original BlueHammer binary as Exploit:Win32/DfndrPEBluHmr.BB. That signature does not fix the vulnerability. It flags the compiled sample from the published source code. Recompile the same code with any small change and Defender does not flag it at all. The detection catches that one specific file. The technique itself, which runs entirely through normal Windows components doing exactly what they were built to do, stays completely undetected. Until Microsoft fixes the root cause, a signature is not protection.The Howler Cell research team at Cyderes fixed the bugs in the original PoC and ran the full exploit against patched Windows 10 and 11. It works. SYSTEM shell from a restricted user session in under a minute.There is still no CVE and no patch. The exploit code is public, the GitHub repository already has more than 100 forks and nearly 300 stars, multiple researchers have fixed the original bugs and confirmed it works, and ransomware groups and APT actors tend to pick up public LPE code and put it to use within days of it going live.
>>532910922Here is what to do right now. Monitor for VSS enumeration coming from regular user processes. Calls to NtQueryDirectoryObject targeting HarddiskVolumeShadowCopy objects from anything outside of backup or system tooling is a red flag with almost no innocent explanation. Watch for Cloud Files sync root registration by unknown processes. CfRegisterSyncRoot being called from anything other than OneDrive, Dropbox, or Box is worth checking immediately. That call is exactly how BlueHammer sets up its trap. Alert on low-privileged processes creating Windows services or grabbing SYSTEM-level tokens. BlueHammer uses CreateService to briefly register a malicious service during the escalation, and that shows up in EDR telemetry. Watch for quick back-to-back password changes on local administrator accounts. BlueHammer resets the password, uses it, then resets it back. Security event IDs 4723 and 4724 firing twice in quick succession on the same account does not have a normal explanation. Keep permissions tight. BlueHammer needs a local session to run, so every permission a standard user does not actually need is attack surface that can be removed. Keep watching Microsoft security advisories for a patch. When it comes, treat it as high priority.
>>532910834>windows is compromisedImagine my shock
>>532910985i just wonder why they faked the screen shot. everyone knows shitjeets can't code
>>532910965Can you just disable the cloud files service if you don't use dropbox and onedrive and be safe?
>>532910985Macbook NEO should be the final nail for microjeet, you need a $1,600 and up Windows PC to even get close to Neo performance which only costs $600, also MacOS is ininitely better in every way, more secure, etc. The only reason I have Windows is because I have 30 years of experience with it and Counter-Strike 2 is locked to it until Steam console comes out later this year
>>532910922>There is still no CVE and no patchIf Microsoft is holding out on opening a CVE, why doesn't someone not at Microsoft open a CVE for them?
>>532911226on windoots 10 maybe because you can actually get rid of spyware AI, on windoots 11 probably not. The onedrive is connected to copilot and refreshes it every time you reconnect to the internet, it might not add anything visible but your data is still being sent somewhere, no you are not protected even if you are not actively using those services >>532911178the pajeet screeches out his asshole as he talks shit to pass it off to another
>>532910834>privilege escalationyawn, nothing ever happens, dont run "D0WN10AD_SETUP_F1LE_(2026)_PAS5..zip.exe" and you will be fine
>>532911368yes shitjeets tend to do that, but doesnt explain the fake screenshot, do i need to fire up a vm to whoami output fagjeet?
>>532911537xdoubt you substantial faggot i dont use windoots you cant even reverse image search let alone prompt a scroll even if you are jewish and in isreal (boom boom)
what a gay fucking name "blue hammer"i'm glad microsoft is getting exposed for the bloated shit dei company it ishopefully iran learns of this and acts accordinglyimagine how many disgruntled parties there are within most industriesimagine a counter uniting and coordinating all of themwith iran crippling current leadershipan organic movement among citizens would be possiblepeople are so blackpilledit could all end tomorrowdont lose hopegood thread Op
>>532911671ok shitjeet. you do realize whoami is a command that doesn't list the directory
>>532911820ok poojew babydick plucker. you do realize that just because your jewish doesnt mean the internet will obey you, right?
>>532912024wow the no shitjeet is doubling down, nigger i said from the start everyone knows shitjeets can't and then you freaked out, its like a jew screaming antisemetic
>>532912102i heard that alex jones is 2 weeks away from developing a nuclear weapon
>>532911337Apple is worse than Microsoft, but not by a lot. Use linux
Appreciate the rundown. Neat
>>>/g/
>>532912322>Apple is worse than Microsoft, but not by a lot. Use linuxfuck off retard, apple worse than fucking microsoft? You faggots are still living in the 2006 anti-apple era, I was part of it back then but actually tried it out eventually, MacOS was already better 15 years ago, now it's not even comparable. Apple has the most insane work expectations of any major corpo on Earth, Steve Jobs laid out the blueprint on how to hire workers and he was brutal and severe, from what I heard it's still the same, jeets can't just come in shaking their head sideways and get a top position, they get filtered out in the hiring process
>>532910834>NT AUTHORITY\SYSTEM.If the escalation path is true all your DLL are own by us. Those protected dynamic link libraries are the first place I would put global variable parameters and sidestep across your filesystem. Coupled with the zone.identifier metatags on NTFS filesystem, its all fucked at this point.
>>532910834Imagine still being a microcuck in 2026. Their CEO is a fucking jeet, what did you think he'd do to the company?
>>532910877>in a sequence that produces something their designers never intendedkurwa you have to be a fucking moron or a yid to believe that
>>532910877Since it uses windows internal components (lolbins) and doesn't need to write out a huge payload, surely this could be executed via physical access with a BadUSB or Rubber Ducky device?
Microslop is straight up jeetware at this point. Anyone still doing business on a Microslop platform is asking to get fucked.
>>532910834>modern software is in such a state that tranny FOSS slop is actually better than jeet slopHow did we get here?
>>532910834>uses npm supply chain mcp exploit to taint entire Microsoft codebase with malicious prompts.seriously they are cooked until they forcefully remove all indians and Chinese.
Who could have predicted this?
>>532910834Joke's on them, I have Norton
>>532911368Can I disable windows defender and be safe from this
>>532913534You can do yourself a much bigger favor and disable windows entirely and use a better operating system.
If you really need Windows, just dedicate a machine to it and keep it offline.For internet, you need Linux/BSD.
>>532913534it looks like it yes
>>532910965>>532910922>>532910904>>532910877>>532910834Windows is compromised?
>>532910834i aint reading all that bro, can somebody dumb it down?
>>532910834imagine using windows in 2026
>>532910877>in a sequence that produces something their designers never intended others to discover before they themselves felt the need to use them this wayFtfy
I don't see how anyone who doesn't game still uses Windows as a personal desktop OS. Literal Kubuntu is good enough for shitposters and information addicts, although you're going to want a non-systemd OS within the next 8 or so months such as Devuan, Gentoo, Slack, MX, Hyperbola, etc.On the other hand, I have no hope for the average person to become even a tiny bit clever.
>>532913977Good sir, are you aware there is at least one decade of proprietary software that doesn't have any freetard replacement?
>>532913929We're in cyber hellSomebody hacked the windows and now they can steal your dataMy data is fake Gmail and troll accounts mostly but can it steal my credit card number
>>532910834And resident evil requiem denuvo crack without hyperviaor released same day? Very sus
>>532910834>>532910877>>532910922>>532910965
>>532914120how is this new, weren't they always able to do that? I thought the intelligence agencies admitted to have backdoors installed on every device
Common Sense 2026 defeats this. Shit design by Microslop though.
>>532912322When it's not command line hell with compat issues out the ass
>>532914298Yes but they can't use it just for shits and giggles because then the rumor becomes the reality and they have to ban it thenThis will be used by hackers for ransomware and shit on random people.
>>532914115What is it that people do that requires expensive proprietary software? And yet they can't afford a second computer for leisure. I have a T480 with 32gb ram that I bought for $200. I could do everything I need with that machine. Sure, some linux kernel software is buggy and less capable. But the alternative is to be a paypiggy for a surveillance corporation that puts White men out of a job by using scabjeet labor. I don't know, man. Can't learn new tools? Cannot make do with a little less?
>>532912577>>532912322macos is totally usable and some things I prefer over the old windows interface. The adjustment period wasn’t very long for me. The feeling of quality is night and day vs modern windows, although apple just released a new version that sucks (their windows glass/aero moment). Hardware quality is much better for laptops too, so if it’s a laptop it’s a no-brainer.Having common POSNIX terminal interfaces is also nice. The only downsides are:a.) cost (NEO solves this I guess)b.) root control of your own machine I don’t want to have a locked down iphone experience on hardware I own.Linux is for troons and is a mess. Plus the NSA already backdoored it and systemd enforces all globohomo WEF objectives.
>>532911737>opefully iran learns of this and acts accordinglyHoly fuck that would be hilarious
>>532914553>be me>want to install an OS (that piece of software that lets you use hardware)>doesn’t support any new hardware, dozens of other annoyances (audio, multi-monitor, etc)Linux troons don’t listen to user feedback and are trying to put the cart before the horse (building shit software on top of an incomplete OS) instead of building a strong foundational OS and letting companies build utility software on top of it.
>>532912554No Jew boy, because it will get banned by the Jewish Redditors who moderate blue boards, and then NOBODY will get to talk about it. >>532910834Are you the same Canuck who described the rowhammer exploit with the GPUs? Based as fuck, king!
>>532914888Go to bed, Bill. You've had enough jew cum and announcing the unironic NWO power move earlier tired you out.
GIVE ME THE TLDR EGGHEAD
>>532914978We know you Mossad pedos have your tentacles in Linux as well, it was obvious during the COVID days that you had some major blackmail on Linus.
>>532910834Where's the link to the github repo you useless leaf. No link no bump
>>532910834Pretty please mirror the code somewhere?They locked the repo.
So, wifi hard off/on switch isn't enough??? If I had disconnected the wifi chip, would it still be my fault?? Lol
>>532911337macbooks are what lesbians use when they are living in their slightly used but still comfy midsize suvs between jobs or remote working or whatever it is bulldykes do with macs and subarus. i see it all the time.
>>532915112>major blackmail on LinusWho cares about that faggot? Linux development is far more decentralized than mac or winjews.
NSA backdoored all my shit, how do I come back from it and how long will they keep hacking my shit before they fuck off?I gotta file taxes :(
>>532915120>>532915343Here is a documented version of the exploit with shell spawn capabilities (but also test features)https://github.com/atroubledsnake/SNEK_Blue-War-Hammer
>>532914553>What is it that people do that requires expensive proprietary software? For me it's mostly professional software development, 2D and 3D graphics, CAD, composite imaging and x86 PC emulation.
>>532915793I appreciate the link. I just don't get why OPs don't post links here anymore. The catalog is all spam and garbage with no link to the supporting documentation. It's really annoying. Like why bother posting all that and not a link? I'm not bumping threads that do that anymore.I will probably check that out but I want to see the original researcher's github first. I'd like it raw with no explanation and see if I can figure out what it's doing on my own.
>>532914115AI is going to make proprietary software obsolete in 6 months, haven’t you been paying attention?
>>532914553>But the alternative is to be a paypiggy for a surveillance corporationI'm using Windows developed in Ballmer era on my main PC and let's say I spent some time to ensure a long term detachment from the all modern day IT problems.
install gentoo
>>532915541Yes, that's a lot of Jewish developers working on all that stuff, especially after they used the COVID era to shut out all the White Goyim
>>532910834>No remote exploitation vectorNothing burger
>>532910834This just sounds like a bunch of anti-sikh hinduphobia from people mad about H1-Bs. They're probably antisemitisms as well desu.
>>532916531Curtis yarvin has the most serious case of toxoplasmosis brainworms I have ever seenI like the rest of these lads. I'm pretty sure peter thiel isn't even gay and karpp gets points for being a buckminster fuller fanboy thiel's husband is setting up the enhanced world games next month, athletes allowed to dope as much as they want. pretty interesting
Any company that whores itself to shit eating jeets needs to die, immediately
>>532910904>It decrypts the stored NTLM password hasheshashes are not trivially reversible. what does it do? run a brute force attack using my local GPU too? oh boy this story hangs, probably a sloppy proof-of-concept written by an AI
>>532910834there are already millions of machines infected and it becomes more widespread with every windows update
>>532910834Not my problem.
how do hackers survive having to wade through 1.5billion shitjeet accounts looking for a few rupees?
Few days ago i was searching some files , and i landed up on a log file, saying i have folders C:\JENKINS\workspace\NSU ...Or D:\JENKINS\workspace\MBAM.... or something like that. I dont have such folders or program called jenkins. Does that mean im hacked ?
@Grok is this true
>>532910834Yeah fuck MSRC, they took an entire summer to pay me a measly $1000 USD for a bug I reported in early July. Do they think security research is a charity service? Fuck you Jason and fuck M$
>>532910834Should have switched to voidlinux, artix or any other SystemD free distro. Now its too late.
>>532910834Giga based.
>>532910965>Here is what to do right now.> Monitor for VSS enumeration coming from regular user processes. Calls to NtQueryDirectoryObject targeting HarddiskVolumeShadowCopy objects from anything outside of backup or system tooling is a red flag with almost no innocent explanation.>Watch for Cloud Files sync root registration by unknown processes. CfRegisterSyncRoot being called from anything other than OneDrive, Dropbox, or Box is worth checking immediately. That call is exactly how BlueHammer sets up its trap.>Alert on low-privileged processes creating Windows services or grabbing SYSTEM-level tokens. BlueHammer uses CreateService to briefly register a malicious service during the escalation, and that shows up in EDR telemetry.Got it I will for sure monitor the enumeration and thingy targeting in addition to checking shadow copy objects or root registrations, noted.
>>532910834SIR
>>532912577Macs = Fags!Facts!
>>532910834too many words.get to the TLDR nigger
>>532917172You don't need to reverse, just find a collision. Pretty sure SAM is a step below even NTLM though. Also NTLM has gone through a lot of cope upgrades to make it less bad.
>>532913929pic related.Pray to Linusracemixingtips that you don't get gotten.
>>532917621No. The log is just logging __FILE__ which expands to the source file. Since the shitware you're looking at was built by some Jenkins CI, the C++ source files were located at that path.
>>532913929SAM db is normally unreadable while Windows is running. Some nigger found a way to exploit how filesystem snapshotting works and the shitty cloud sync API works to basically get Windows to expose it to his user space process so he could derive a security token that inevitably gives him root on windows.
>>532910834back to Windows 7
>>532910834a tv in your living room is like having a jew talk to your family all day about his crazy jew ideas. having a windows computer is like having a stinky jeet sit on your desk to sort your tax files. get rid of both.
Let me guess windows7 uneffected?
>>532910834Windows has been vulnerable for 30 goddamn years. Stop watching porn and you will be fine.
>>532910904>One of those checklist requirements is a video demonstration of the exploit.SAAR, SHOW TUTORIAL SAAR, WE NEED GOOD EXPLANATION, HARD TO READ OTHERWISE.
>>532910834Eclipse sounds pretty based desu.
>>532918899i ran win7 with zero updates for 12 years with no problems despite it being full of holesif you don't put yourself at risk nothing will happen no matter how insecure your machine is
>laughs in debian>cries in systemdSomeday I'll be a gentoo chad, I promise!
>>532918355i fucking love this video people were 9000 times funnier 20 years ago
>>532910834First off, "researcher" should be "dealt with". Second... let's all move to a PC defense system that was can verify is secure...
>>532918355Nostalgia'd
Fucking jeet-bot thread, fuck off.
No way! lolWow.
>>532910834>win11retard tax
>>532912577>Apple has the most insane work expectations of any major corpo on Earth, Steve Jobs laid out the blueprint on how to hire workers and he was brutal and severe, from what I heard it's still the same,LolHis naivity=eternal
>>532910877>chain five completely legitimate Windows components together in a sequence that produces something their designers never intended.Microslop work for the NSA, of course they intended this.
>>532919461unfortunately its not bullshit. i have a funny feeling we will see a windows defender exploit given its the most prevalent and trusted anti-virus software. also considering the whole jeet-hate wave, why wouldn't jews and epstein corrupted clientele direct more hatred toward indians. the company is essentially indian at this point.
>>532912322>troonixlol, lmao even
>>532915541>Concernfagging by NSA downplay shillFuck off.Literally every Linux OS is built on his kernal.First four letters of Linux literally come from his name.
>>532919867>I'll own the libs by using Microslop Troondows insteadBrave and stunning. Imagine paying for your own jeetification.
>>532910834Jeeted trash.I disable everything upon install including defender and change the owner and permissions of the software distribution folders for good measure.Fuck Microsoft.
Can someone explain how this is an exploit and not just another trojan?
>>532910877>What it does is chain five completely legitimate Windows components together in a sequence that produces something their designers never intended. Those five components are Windows Defender, Volume Shadow Copy Service, the Cloud Files API, opportunistic locks, and Defender's internal RPC interface.LMAOthat is what you get when you buy companies and shoehorn their tech into your OS.BUILD FROM GROUND UP DUNGHOLES
>>532918355
>>532910834enterprise /g/ chads stay winning, defender is fully disabled on the default installation.
>>532919893>First four letters of Linux literally come from his nameHoly fuck, really? You must really know your stuff, anon. I only ran linux in my "fuck microshaft" phase for 8 years so don't know this deep lore.
>>532919935dumb nigger thinks i use either of these garbage os lol. get out reddit nigger.
>>532910834Time to go back to 7 and never upgrade. Fuck you AI fags xD
bump for wtf, any documentation on this?
>>532919987Cause it is nothing but another Trojan, just have an iq above room temp and it’s nothing. Linuxfags will screech from the top of the tower though.
>>532910965>Sir, did you try uninstalling and reinstalling each program one by one and then buy a new computer because fuck you?Why would A.I. be unable to solve, foresee, and bring such a problem to attention?
>>532919987you would basically need to run something harmful to take effect, but it still means microslop has yet again another jeet-tastic exploit and its pretty serious. did everyone conveniently forget how an update from last year nuked certain hdds/ssds? this company is never not getting shittier. i have a very bad feeling their antivirus will get exploited to fulfill the wef cyberpandeic 33 spammer prophecy.
>>532910834UH OH, STINKY
my machine has no onedrive setup so that means i get to keep my medicore OS for 6 more months until i download mint if microsoft dosent take the hint. yeah i'm winning
>>532914115most if not all proprietary software can be run inside a virtual windows environment within a linux shell.
>>532912322>your options are troonix with gayland, faggple and troondowscomputers suck these days
>>532910877>One practical limitation worth knowing: the exploit needs a pending Defender signature update to be available at the time of the attack.There's one of those available like every couple of days. Not much of a limitation.
>>532910877>the Cloud Files APISo just literally remove it? I remove mine on every install of Windows.
>>532910834well, I've been trying to do what I can with my custom Windows 11, local account, debloat, paused updates, I know I have to stay up to date to vulnerabilities.it's mindblowing how simple and safe https://linuxmint.com/edition.php?id=322 is in comparison, it can run on RAM with no installation.
>>532910965If I uninstalled Onedrive a long time ago am I safe? I'm on 10 but I debloated it years ago.
>>532910834Disable Windows Defender or you're letting yourself get hacked. Better yet....
>>532920638Oh, yeah, they're such badasses. They install O&O Shutup 10 as soon as the LTSC goes on. Hackerman 6M tier. Fucking retard.
>>532926143Why Windows Defender and not Malwarebytes, Big Brain?
>>532925635Mint is pretty good but I moved to mx Linux debian because it's slightly faster. Windows is dead now, except if you hand, but fuck gamers.
>>532920944I wouldn't say that I know a damn thing about anything when it comes to an OS apart from what I like and dislike. I loved Win7 until I didn't, and now run Debian X.XX with an XFCE desktop. All I do for gaming is HoMM 3 which works wonderfully under WINE. Big differences I noticed is that Windows takes a lot more memory (double plus) just to 'do nothing' and is always scouring the HDD... makes me anxious. My Debian distro is nice and quiet, and freely available programs like GIMP are comparable to Corel Photo Paint. Audio stuff can be a bitch sometimes, but it mostly works seamlessly with my USB Roland device. I just presume my system can be compromised by someone with the means anyway - that Intel backdoor stuff... but whatever. Linux just works... until it doesn't!
>>532910834MMIWG2SLGBTQQIA
>>532910965>Here is what to do right now.gnu
>>532910834I take it not enough people have 'upgraded' to windows 11
>>532910834oh geez more stupid fearmongering about shit that not even 0.0001% of pc users are gonna notice ever. God you fucking gearmongering retards are kike tier. And besides if you use any fucking pc whatsoever you already have a backdoor that any fucking agency has access to. So shut the fuck up already
Linux Mint is retard proof, you have no excuses to still be using Windows for a simple everyday driver.>inb4 muh troonixveery good saar i will not redeem diffrent OS u have convince
>>532927912>Linux MintLinux Mint uses systemd as its default init system and service manager, starting from version 18
>>532910834Everything you do on any device can be spied on by the high level agencies. We've known this since the early 2010s especially with the Snowden and Wikileaks stuff. We've just collectively decided to chicken out and do nothing.
>>532910834>>532910877>>532910904>>532910922>>532910965can't you just remove this shit and install different AV?
>>532915640They deleted my /pol/ folder, cheeky fucks.
>>532914680I've gotten into the habit of using the old major version for as long as possible so all the bugs shake out. I even skip major versions often
>>532919192True. Common sense 2011 remains the supreme anti-malware solution.
>>532928628Almost nobody gives a fuck about that.
>>532910965This reads like fantasy some jeet had ai crank out because he can't get a Microsoft interview.
>>532914120>>532913929Perks of being poor, if anyone steals my identity most they could do is spend my £1000 credit limit which id report as fraud anyway and theyd know cause the most ive used is £45 soooo
>>532926850The jeet is seething.
>>532913385Microslop is trannyware mixed with jeetcode
>>532928628Nobody cares about systemd except the most retarded tranny autists
>>532919867>I'm too stupid to use a computer without a caveman tier interfacejust use linux mint at least if you miss it that much, with proton built-in steam even games are running alright now, this isnt 2010
>>532921036Are you on a MacBook?
not my problem
>>532910834good thing I only download unknown files from faggot/tranny porn sites.
>>532929931about the most jewish thing you can said, let your masters control you that much in a thread on spying
>>532927912Running Mint on my laptop and it's fucking NICE, even though I have to chatgpt for every problem and end up copy pasting shit into terminal all night>you should learn those commandsI just want to use the computer to do simple things, I don't give a fuck about typing paragraphs of code to mount a HDDI cannot ditch my windows desktop until fusion 360 runs on linux, need for work.
>>532930146I'm pretty tarded when it comes to advance cyber security shit but I'm pretty sure if your that schizo about privacy and security the only way your gonna be 100% safe with any computer using a CPU built after like the mid 2000s is having a complete air gap and not doing any networking shit on your PC
>>532930429well wouldn't be truly wrong there but here a be of light reading on it https://www.theregister.com/2026/03/24/foss_age_verification/ as zuck the cuck is pushing it
>>532918056Artix is pretty sweet and compact, good memories with that one but i don’t think it’s systemd-free. Devuan on desktop is the experience you want.
>>532910834Deathly treachery is nothing new to the Gates Family Mafia Machine
>>532930062yet all the other zero-days are your problem
Everything just sucks these days, everything.
>>532910834
>>532910904> The Cloud Files provider name hardcoded in the exploit source code reads IHATEMICROSOFTMICROSOFT COULD BE HERE
>>532910834Nice. Microjeet and its jewish owners getting what they deserve
>>532910834just disable the "defender" ..........oh waityou need to be hackerman to do that and there is no off button
>>532912967If you have physical access to a machine, you can do many things. Security is already lost at that point, it’s one of the first things taught in basic cybersecurity
>>532927273Nigger, I lived and learned running Ubuntu on an archival filesytem, have repaired a batch su fuckup on every goddamned system folder, even broken things to the extent BIOS refused to operate. I've dismantled laptops and rigged the antennae with stripped headphone wire just to hack wifi with aircrack and pipe pass lists through JtR to play games and read books. Get fucked.
>>532910834I bypassed windows defender by just using uncommon API functions that weren't hooked. I'm pretty sure video game anticheats are more well designed.
>>532935385>Nigger, I have broken my computer so many times I lost count. Get fucked.is that supposed to make you sound expert
>>532910834>On Windows Server the result is different but still serious: a standard user ends up with elevated administrator accessDo you think the retarded giga nigger giving somebody remote access and arbitrary execution perms to a user account, is also capable of setting a safe configuration in a Linux environment?
anything that can connect to the internet is intrinsically compromised. always has beeni plan to eventually build a cheap windows 7 desktop and never hook it up to the internet, neither directly nor indirectly
>>532936515I run an airgapped computer, running both open claw, ollama local and wireshark to see what it's doing under the hood. There's some wild shit that the model is trying to reach out to sometimes locally- telemetry like wan IP checkers, regular port scanning on the local device, starting of random fucking services on ports it opens to check ingress etc. it's not hard to see how it could be tuned to seek to grant remote access and then publish the compromised ip
>>532933672>KRASHES
>>532915112>that pic>that flag
French government is switching to Linux actually.
>>532910834BlueHammer: Inside the Windows Zero-Day That Turns Defender Against Itselfhttps://www.cyderes.com/howler-cell/windows-zero-day-bluehammerBlueHammer Windows Zero-Day: Privilege Escalation Riskhttps://socradar.io/blog/bluehammer-windows-zero-day-privilege-escalation-risk/
>>532910834This is why I block incoming and outgoing connections and all Microsoft programs with a 3rd party firewall. Can't trust anything on windows anymore
>>532938714Good write ups. Thanks
>>532911380The exploit technique relies entirely on standard Windows components. It can be executed via RCE in any software running under a local user account. Pair with a sandbox-escape and it can run from a browser.
>>532912766>If the escalation path is true all your DLL are own by us.If the escalation path is true, then with NT AUTHORITY\SYSTEM access you get direct access to UEFI APIs and can use Microsoft's own Secureboot key-exchange key to inject a compromised platform key and be able to install a compromised bootloader. Which means you get to interact at a level before the kernel and can literally forever hide and persist yourself - apart from a full machine wipe.If you want to beat that as well, you'd have to get creative and flash the motherboard firmware. Or have the fortune of being able to manipulate the Windows Platform Binary Table (WPBT) and add a payload there which is automatically executed on any boot into Windows, providing reinfection and reinstallation of the compromised platform key and altered boot loader.SYSTEM access is very very bad juju once paired with the standardized UEFI APIs that offer access to the underlying hardware. This type of thing used to be much harder to pull off in the old BIOS days when everything was vendor-specific and even model-specific.
>>532910834A LPE bug is literally meaningless on a desktop system. Your user profile already has everything an attacker could ever want.>Keypresses (except for UAC dialogs)>Browser data>Screen contentOnly the most vantablack gorilla niggers use winserver for anything more than AD.
