-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Soooo, something extremely funny is happening.
After the recent events, multiple researchers reached out to me and some just literally gave me free vulnerabilities...
One of them was JonasLyk, he did most work, I just did the emotional support part. But he found a way to violate secure boot trust, it's not a full secure boot bypass but it breaks the guarantees secure boot is supposed provide. We believe this be used to compromise confidential virtual machines but we're not really sure if that's possible since we don't have access to such technologies.
One thing we're sure of, is it fully bypasses bitlocker.
The bug will be released sometime in June ;)
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQRJTvAf/AWVhAKEeb7FFoRCS0/SbAUCahqAywAKCRDFFoRCS0/S
bHA+AQCILdI4RpsBgQlBXMj+AiDQAD7pY66DzWb20jqqAh1FTQEAiGtNbE8T337u
wzeziu45/o+T4PdtQw+3sTInYFf56A8=
=V+4y
-----END PGP SIGNATURE-----
This comment has been removed by the author.
ReplyDeleteperhaps you could try to host stuff on codeberg
ReplyDeleteTor makes more sense
Deletenow we can show microslop what it is like when you don't listen to your customers especially those that want to help you, bunch of lazy idiots.
ReplyDeleteyou literally have security researchers wanting to report issues yet your lazy braindead asses don't seem to comprehend it.
This comment has been removed by the author.
Deletehttps://churchofmalware.org has built you a personal git on their site. We are currently hosting all the code banned from GitHub and gitlab for you on our site, but would like you to be able to publish code whenever you like without restrictions also. We are your sanctuary. Contact info can be found on our site. Malware bless
ReplyDeleteBring it on. Can't wait to see it.
ReplyDeleteHey Nightmare, I've been following your work ever since you dropped bluehammer back in march. I have also had the exact same experience you have been having with microslop, back in 2022 late, early 2023 i reported a major zero day involving Nuget packages, and they responded by saying the exploit i found was not an exploit, but rather a feature intended by design.
ReplyDeleteI can very much relate to your struggles, both on the security research aspect and the lack of housing.
I've been in the shadows finding all kinds of way to screw up windows and nasty things i can do to the OS, so id love to connect and work with ya. I also have a vast wealth of knowledge on tips and tricks for making it on the streets for as I've been out there most of my adult life. Even hitch hiked around the USA.
You're brilliant man, and would love to share with you some of the work I've done in the past. Imagine chaining bluehammer with a nuget vuln; install blah nuget package, and watch as you get system access via RCE (yes i turned mine into an rce).
also would highly recommend looking into UAC bypasses, cause there's already many ways to get around UAC, but I'm sure there's many more as well.
Hope to hear back from you, and stay safe out there man! If youd like to contact me, feel free to ask for my cord or tg handle, or you can reach out to me via email. Looking forward to seeing you expose MS' horrible security practices even more!
I got one for you for immediate publish since MSRC is now fucking me over. Give me a comms channel :) full azure takeovers.
ReplyDeleteooooof, sounds like typical MSRC. They told me that my Nuget RCE was "intended functionality by design" and closed my report. A whole ass rce in nuget packges, like wtf smh
DeleteThis comment has been removed by the author.
DeleteI get it a bunch of bullshit. MSRC has fucked around too much.
DeleteHonestly tho, why im happy to see people like u and nightmare start showing MSRC why they need to start taking shit seriously!
DeleteI was hoping to give to him. I was going to publish tomorrow but he has the audience 😆 🤣 😂 that was it's absolutely devastating I even have msrc communicative chain videos of my submission and them saying hey it doesn't matter that's the customers fault.
DeleteWould signal or tg work?
DeleteYarp
DeleteMessage me on signal @kodarru.01, I'm interested
DeleteInterested tg @anonlugz
DeleteDear Eclipse, could you PLEASE make a Secureboot bypass so that developers can install unsigned Windows ZFS and Windows BTRFS drivers on stock Window machines with Secureboot enabled?
ReplyDeleteTry this.
Deletehttps://github.com/wesmar/BootBypass
just make a account to say, thank you for the impressive work!
ReplyDeleteHello,
ReplyDeleteMy name is André "Glazastov" Ribas. I am a cybersecurity researcher and writer. I have been closely following your story since the beginning, including the disclosures, your issues with Microsoft, and the bans on GitHub and GitLab.
I would like to understand the full story from your perspective so I can write a detailed and fair article about what happened. I am not looking for sensationalism, just to document the facts accurately.
If you are willing and comfortable, could you please contact me at andre@glazastov.com? I would greatly appreciate any response or clarification you can provide.
I fully respect your privacy and anonymity. Please reply only if you want to.
Thank you for your time and for the technical work.
Best regards,
André R.
Bro, GitLab just epstein'ed your account . You oughta establish a backup blog in case Google decides to delete this too (also plaintext copy pls, I'm tired of deleting blank spaces when I paste to check PGP sigs)
ReplyDeleteWho knows a good site on telegram that discuss exploits, the ones I have are bent on duping people always wanting to sell and not discuss
ReplyDeleteWho knows a good site on telegram that discuss exploits, the ones I have are bent on duping people always wanting to sell and not discuss
ReplyDeleteAlso can anyone confirm if undefined has been patched as of today
ReplyDelete