I’ll say this: I did a small lab in college for a hardware security class and I got a scary email from IT because CrowdStrike noticed there was some program using speculative execution/cache invalidation to leak data on my account - they recognized my small scale example leaking a couple of bytes. Pretty impressive to be honest.
Those able to write and use FUD malware do not create public documentation. Crowdstrike is not impossible to bypass, but for a junior security journeyman known as a pentester, working for corporate interests with no budget and absurdly limited scopes under contract for n-hours a week for 3 weeks will never be able to do anything as simple as an EDR evasion, however if you wish to actually learn the basics the common practitioner of this art please go study the offsec evasion class. Then go read a lot of code and syscall documentation and learn assembly.
I don't understand why you were downvoted. I'm interested in what you said. When you mentioned offsec evasion class, is this what you mean? It seems pretty advanced.
What kind of code should I read? Actually, let me ask this, what kind of code should I write first before diving into this kind of evasion technique? I feel I need to write some small Windows system software like duplicating Process Explorer, to get familiar with Win32 programming and Windows system programming, but I could be wrong?
I think I do have a study path, but it's full of gap. I work as a data engineer -- the kind that I wouldn't even bother to call myself engineer /s
I know quite a few offensive security pros that are way better than I will ever be at breaking into systems and evading detections that can only barely program anything beyond simple python scripts.
It’s a great goal to eventually learn everything, but knowing the correct tools and techniques and how and when to use them most effectively are very different skillsets from discovering new vulnerabilities or writing new exploit code and you can start at any of them.
Compare for instance a physiologist, a gymnastics coach, and an Olympic gymnast. They all “know how the human body works” but in very different ways and who you’d go to for expertise depends on the context.
Similarly just start with whatever part you are most interested in. If you want to know the techniques and tools you can web search and find lots of details.
If you want to know how best to use them you should set up vulnerable machines (or find a relevant CTF) and practice. If you want to understand how they were discovered and how people find new ones you should read writeups from places like Project Zero that do that kind of research. If you’re interested in writing your own then yes you probably need to learn some system programming. If you enjoy the field you can expand your knowledge base.
That depends. A business that uses notifications for marketing isn't one I want to do business with. If there's a decent competitor I'll switch. If there isn't then I'll decide to begrudgingly put up with it (and probably complain a bit on social media) or to do without it.
So far I've never put up with it and always either switched to a competitor or abandoned the whole thing.
Yeah this works really well on Android, I'm surprised Apple hasn't taken a similar approach.
You don't want ads from Uber but still want a push when your ride arrives? Just block the ads channel in settings.
As you said I'm sure there's some bad apps out there that only have one channel, but I haven't noticed any. The big apps seem to support this quite well.
I thought quite a bit about that line. I ended up editing it to "~English" in the end, perhaps ten minutes before you commented. Don't you think that's fair? Irish English, to me, seems like a distinct/unique language. Very similar to English, sure.
I mean.. I don't think americans are speaking English, typically, if that's any help. They're speaking American, which is a fork of English from some point in time.
"They're speaking a sort of English" certainly sounds demeaning to me. The people in Ireland (and the US, and India, and Singapore) are speaking English -- different dialects of English. And FWIW, many of the divergences between American and British English, such as dropping the 'r' at the end of syllables, are actually changes on the British side after the colonies were formed.
Not agreeing with the parent commenter, but the differences are much less trivial than you’re making them out to be. I used to live with a Scottish guy, and he had to make a considerable effort to be understood at all in America. If we were out and he wanted to say something to me privately, he’d just say it in his normal Scottish English, and nobody else would have a clue what he said. “Singlish” is also very different. I’ve travelled with friends to Singapore who absolutely could not communicate with Singlish speakers.
Oh, no, don't get me wrong. I moved to the UK over a decade ago, and when I first moved here people couldn't understand me. And even after having been here for a year I still occasionally ran into people that I just couldn't understand at all. Even once you get over the accent, there's just an endless list of things that have different names.
But you have but to drop yourself in Iceland or Denmark or Germany or France to realize how close all of our languages really are.
