Share this page!

Dmytro Oleksiuk Profile picture
Twitter logo
Jul 25 3 tweets 1 min read
Enjoyed new malware report? Want similar UEFI firmware implant for your operations? Check out my Boot Backdoor: it is more reliable than #CosmicStrand, it is harder to detect, it has more deployment options and its sources available on github:
github.com/Cr4sh/s6_pcie_…
TFW your hobby stuff is more advanced and well made than state sponsored APT campaigns malware 😎
My Boot Backdoor is not state of the art UEFI implant in any mean, but it certainly defines bare minimum of reliability for such kind of malware. If something is unable to reach this bare minimum -- it doesn't looks like usable tool

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Dmytro Oleksiuk

Dmytro Oleksiuk Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @d_olex

Dmytro Oleksiuk Profile picture
Jul 25
So, what's wrong with #CosmicStrand UEFI implant from the first glance on its sample? What exactly lessons APT malware developers can learn from open source projects? 🧵⬇️
First, it is really trivial to detect this malware presence by patched nt!KiFilterFiberContext() function in order to disable PatchGuard. My UEFI rootkit is not interfering with PatchGuard at all, it also not using any permanent in-memory patches or callbacks, only temporary ones
Second, while #CosmicStrand is using pretty much standard set of hooks to hijack execution flow of the bootloader and kernel, like OslArchTransferToKernel() and so on, there's a lack of Hyper-V/HVCI presence checks in its boot stage code which is really bad ...
Read 7 tweets
Dmytro Oleksiuk Profile picture
Jul 9
Cool project, that's how you suppose to do it right!
PS: the darkness tempts me to break my faith in the omnipotence of IDA 6.1 and Python 2.7 😂
It's not a joke, by the way. I have IDA 7.6 or something relatively recent to use plugins wrote by other people, but my main battle version is an early 6. something. On my typical test cases it did not evolved much in disassembly quality, so why bother with updates
If you going to tell me something about AArch64 support -- I'm going to tell you that IA-64 support is still unusable without custom post-processing scripts and QDSP support is still missing at all 🤓
Read 4 tweets
Dmytro Oleksiuk Profile picture
May 31
Is there any good recommendations for unofficial Apple service centers who can do complicated board-level repair of latest intel machines and accepts foreign customers? Exact country and budget doesn’t matter
This T2 chip with hardware encrypted soldered down SSD is buried few of my research projects (usually I’m not bothering to backup or preserve this crap) so I’m looking the ways to get my data back
I can spend week or two for rewriting this lost crap from the scratch but I rather want to pay the money for getting my Intel based laptop work again because now Apple is selling only useless ARM based garbage
Read 4 tweets
Dmytro Oleksiuk Profile picture
May 10, 2021
I have a new weird obsession: DAT recorders! So, here's a really long thread about this outstanding piece of obsolete tech ⬇️⬇️⬇️
DAT was introduced by Sony in 1987 as recording and playback medium for digital audio. It adopted 16-bit PCM format with 44.1, 48 or 32 kHz of sampling rate. It's like an audio CD but stored on the magnetic tape. DAT cassette is about half size of the compact cassette
Commercially available DAT cassettes was able store up to 180 minutes of stereo signal recorded with 48 kHz sample rate. Also, exactly the same cassettes was used for DDS-1 streamers to store 2 GB uncompressed or 4 GB compressed data on standard cartridge
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(