Discover and read the best of Twitter Threads about #cosmicstrand

Most recents (3)

Profile picture
Cory Doctorow
@doctorow
Computer security is really, really important. It was important decades ago, when computers were merely how we ran our financial system, aviation, and the power grid. 1/ A remix of Benediction of God the Father by Luca Cambiaso, c
Today, as more and more of us have our bodies inside of computers (cars, houses, etc) and computers in our body (implants), computer security is *urgent*.

Decades ago, security practitioners began a long argument about how best to address that looming urgency. 2/
The most vexing aspect of this argument was a modern, cybernetic variant on a debate that was as old as the ancient philosophers - a debate that Rene Descartes immortalized in the 17th Century.

You've doubtless heard the phrase, "I think therefore I am" (*Cogito, ergo sum*). 3/
Read 42 tweets
Profile picture
Dmytro Oleksiuk
@d_olex
So, what's wrong with #CosmicStrand UEFI implant from the first glance on its sample? What exactly lessons APT malware developers can learn from open source projects? 🧵⬇️
First, it is really trivial to detect this malware presence by patched nt!KiFilterFiberContext() function in order to disable PatchGuard. My UEFI rootkit is not interfering with PatchGuard at all, it also not using any permanent in-memory patches or callbacks, only temporary ones
Second, while #CosmicStrand is using pretty much standard set of hooks to hijack execution flow of the bootloader and kernel, like OslArchTransferToKernel() and so on, there's a lack of Hyper-V/HVCI presence checks in its boot stage code which is really bad ...
Read 7 tweets
Profile picture
Dmytro Oleksiuk
@d_olex
Enjoyed new malware report? Want similar UEFI firmware implant for your operations? Check out my Boot Backdoor: it is more reliable than #CosmicStrand, it is harder to detect, it has more deployment options and its sources available on github:
github.com/Cr4sh/s6_pcie_…
TFW your hobby stuff is more advanced and well made than state sponsored APT campaigns malware 😎
My Boot Backdoor is not state of the art UEFI implant in any mean, but it certainly defines bare minimum of reliability for such kind of malware. If something is unable to reach this bare minimum -- it doesn't looks like usable tool
Read 3 tweets

Related hashtags

#CosmicStrand

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!