Inside the Windows Cache Manager

The cache is an integral part of the operating system and its hybrid kernel. Roughly speaking, it's just a virtual memory region in the kernel address space, on which the Cache Manager maps file data to provide quick access to them in the future. This access is frequently used by the File System Driver (FSD) or the Windows Memory Manager (VMM). Instead of reading file data from disk every time a user or system needs to access to it, the OS kernel calls the Cache Manager in an attempt to get this data from memory. In turn, the Cache Manager is a set of function in the kernel executable file ntoskrnl.exe, which starts with a prefix Cc. These functions are private, so to get to their names, you need to configure the symbol server settings in WinDbg or IDA.

Learning the Windows Cache Manager is quite a difficult task for beginners. This Windows kernel subsystem is closely related to the VMM, so if you don't have enough knowledge in it, try to understand the basic concepts without going into complicated technical aspects. In addition, you should have some knowledge in the field of file system drivers (FSD), because they are the most frequent clients of the Cache Manager. It's worth to note that the cache concept exists only at the level of file system, lower drivers on the device stack like the volume manager, partition manager, disk driver, and disk port driver don't use it.

https://www.linkedin.com/pulse/inside-windows-cache-manager-artem-baranov

#windows #cachemanager
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Encrypted app Signal just hired one of Big Tech’s sharpest critics

Meredith Whittaker, the former Google manager, is Signal’s first president. She is out to convince users to pay for the free app.

Signal has hired Meredith Whittaker, a former Google manager who has been outspoken about the harms of Big Tech, as its first president, adding to the roster of tech critics leading the encrypted messaging app.

In the crowded market for messaging apps, Signal stands apart. It’s committed to encryption in an industry built on collecting personal data. It’s run by a nonprofit but competes against WhatsApp and iMessage, backed by some of the richest companies in the world, Facebook parent Meta and Apple.

As president, Whittaker will help guide strategy, communications and policy. In an interview, she said she plans to focus on sustaining Signal, which hopes to support itself with small donations from millions of users. Signal announced her new role Monday at an event in Berlin.

...(...)
"An alternative to data collection only exists if the community of people who rely on it “kick in a little bit." (Meredith Whittaker)

https://www.washingtonpost.com/technology/2022/09/06/signal-meredith-whittaker/

#signal #messenger
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

New EU law amplifies risks of state over-reach and mass surveillance

The EDRi network published its position paper on the proposed Regulation on automated data exchange for police cooperation (“Prüm II”). The European Commission’s Prüm II proposal fails to put in place vital safeguards designed to protect all of us from state overreach and authoritarian mass surveillance practices. In the worst case scenario, we may no longer be able to walk freely on our streets as the new law would treat large parts of the population as a criminal before proven otherwise.

https://edri.org/our-work/new-eu-law-amplifies-risks-of-state-over-reach-and-mass-surveillance/

#surveillance #edri
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Trans activist celebrates rare victory against online trolls after Kiwi Farms deplatforming

Belfast, Northern Ireland (CNN Business) Clara Sorrenti, a trans activist who was forced to flee her home in Canada after users of a hate-filled website targeted her, has succeeded in her campaign to get the site taken offline, for now.

https://edition.cnn.com/2022/09/06/tech/kiwi-farms-clara-sorrenti-keffals/index.html

💡 Read as well:
- We won. Kiwi Farms is dead
- Kiwi Farms all but finished after bill comes due for years of trolling and harassment

#DropKiwifarms #video
🎥@cRyPtHoN_INFOSEC_IT
🎥@cRyPtHoN_INFOSEC_FR
🎥@cRyPtHoN_INFOSEC_EN
🎥@cRyPtHoN_INFOSEC_DE
🎥@BlackBox_Archiv

InterContinental Hotels Group PLC - Unauthorised access to technology systems

InterContinental Hotels Group PLC (IHG or the Company) reports that parts of the Company's technology systems have been subject to unauthorised activity. IHG's booking channels and other applications have been significantly disrupted since yesterday, and this is ongoing.

IHG has implemented its response plans, is notifying relevant regulatory authorities and is working closely with its technology suppliers. External specialists have also been engaged to investigate the incident.

IHG is working to fully restore all systems as soon as possible and to assess the nature, extent and impact of the incident. We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG's hotels are still able to operate and to take reservations directly.

A further update will be provided as and when appropriate.

https://www.londonstockexchange.com/news-article/IHG/unauthorised-access-to-technology-systems/15617013

#ihg #breach
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

About Detection Engineering

In recent months I’ve noticed several attempts to define the term detection engineering and thought I should share my thoughts on this topic in a short blog post.

This blog post tries to cover all possible purposes of detection engineering to develop a broad definition of the term, excluding only a few borderline areas.

https://cyb3rops.medium.com/about-detection-engineering-44d39e0755f0

#detection #engineering
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Don't miss out on the first-ever #ColourOfSurveillanceEurope Conference

#edri #dff #bitsoffreedom and #CntrleAltDlt are organising the conference in Amsterdam on 15-16 Sept.

👀 You can follow our Day 1 discussion LIVE here: 👀
https://edri.org/take-action/events/call-for-proposals-colour-of-surveillance-europe-conference-15-16-september-2022/

📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Twitter whistleblower reveals employees concerned China agent could collect user data

Sept 13 (Reuters) - The FBI informed Twitter Inc (TWTR.N) of at least one Chinese agent working at the company, U.S. Senator Chuck Grassley said during a Senate hearing on Tuesday where a whistleblower testified, raising new concerns about foreign meddling at the influential social media platform.

Peiter "Mudge" Zatko, a famed hacker who served as Twitter's head of security until his firing in January, said some Twitter employees were concerned the Chinese government would be able to collect data on the company's users.

Twitter has come under fire previously for lax security, most notably in 2020 when teenage hackers seized control of dozens of high-profile accounts, including the verified profile of former U.S. President Barack Obama.

On Tuesday, Zatko's testimony before the Senate Judiciary Committee revealed Twitter's security issues could be far more serious, alleging for the first time that the company was informed of agents of the Chinese government working at the social media firm.

https://www.reuters.com/legal/twitter-whistleblower-detail-dire-security-threats-ahead-musk-deal-vote-2022-09-13/

#twitter
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

About 50,000 user credentials of Indonesia's largest cryptocurrency exchange "INDODAX" were leaked to the dark web by stealer malware. Of these, 82.7% are the credentials of Indonesian users.

https://nitter.pussthecat.org/darktracer_int/status/1569969935593664512

via Twitter

#leak #indonesia #indodax
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Estado Mayor Conjunto de las Fuerza Armadas de Chile

Nearly 400,000 emails hacked by Guacamaya from the Estado Mayor Conjunto de las Fuerza Armadas de Chile (Joint Chiefs of Staff of the Chilean Armed Forces), who advise the Ministro de Defensa de Chile (Minister of Defense). They're responsible for seeing that the Directorates and Departments are properly handled for personnel, intelligence, operations and logistics.

The emails cache spans over five years, offering the most detailed looks at the leadership, operations and interests of the Chilean military.

This is the first release in a new series from Guacamaya - Fuerzas Represivas. Later Fuerzas Represivas releases will include police and military data from Mexico, Peru, Salvador, Chile, Colombia

https://enlacehacktivista.org/comunicado_guacamaya4.txt

https://ddosecrets.com/wiki/Estado_Mayor_Conjunto_de_las_Fuerza_Armadas_de_Chile

#guacamaya
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Publication review report 74 regarding automated OSINT by the AIVD and MIVD

The CTIVD investigated the use of automated Open Source Intelligence (OSINT) by the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD).

The report was published in Dutch on 8 February 2022. A summary of the report was already published in English.

Today, the CTIVD releases the full report in English.

#osint #pdf
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

America’s Open Wound - The CIA is not your friend

“Better that right counsels be known to enemies than that the evil secrets of tyrants should be concealed from the citizens. They who can treat secretly of the affairs of a nation have it absolutely under their authority; and as they plot against the enemy in time of war, so do they against the citizens in time of peace.”

― Baruch Spinoza

It hasn’t been a month since President Biden mounted the steps of Philadelphia’s Independence Hall, declaring it his duty to ensure each of us understands the central faction of his political opposition are extremists that “threaten the very foundations of our Republic.” Flanked by the uniformed icons of his military and standing atop a Leni Riefenstahl stage, the leader clenched his fists to illustrate seizing the future from the forces of “fear, division, and darkness.” The words falling from the teleprompter ran rich with the language of violence, a “dagger at the throat” emerging from the “shadow of lies.”

“What’s happening in our country,” the President said, “is not normal.”

Is he wrong to think that? The question the speech intended to raise—the one lost in the unintentionally villainous pageantry—is whether and how we are to continue as a democracy and a nation of laws. For all the Twitter arguments over Biden’s propositions, there has been little consideration of his premises.

Democracy and the rule of law have been so frequently invoked as a part of the American political brand that we simply take it for granted that we enjoy both.

Are we right to think that?

https://edwardsnowden.substack.com/p/americas-open-wound

#snowden
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Greetings Citizens of the Iran

This is a message from #Anonymous to all #Iran.

We are here and we are with you!

#OpIran Engaged. Expect Us!

💡 Read as well
https://justpaste.it/2klw1

📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Iranian people if your government blocks your internet network please follow the information !

👇🏽 Anti Censorship Package Anonymous 👇🏽
https://pastebin.com/BqWTQffT

💡Read as well ‼️

https://www.vultr.com/docs/connecting-to-a-proxy-from-os-x-windows-or-linux/

https://smartproxy.com/configuration/how-to-setup-proxy-for-iphone

https://smartproxy.com/configuration/how-to-setup-proxy-for-iphone

#OpIran #anonymous #AntiCensorship
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

There are many ways people have a voice - no one is superior !. Voices are equal - we stand with the oppressed people of #OpIran 🇮🇷! Freedoms will prevail - we call on ALL our worldwide #hacktivist #anonymous colleagues to join #OpIran ‼️

#netpolitics
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

‘They Are Watching’

A cache of nearly 160,000 files from Russia’s powerful internet regulator provides a rare glimpse inside Vladimir V. Putin’s digital crackdown.

Four days into the war in Ukraine, Russia’s expansive surveillance and censorship apparatus was already hard at work.

Roughly 800 miles east of Moscow, authorities in the Republic of Bashkortostan, one of Russia’s 85 regions, were busy tabulating the mood of comments in social media messages. They marked down YouTube posts that they said criticized the Russian government. They noted the reaction to a local protest.

Then they compiled their findings. One report about the “destabilization of Russian society” pointed to an editorial from a news site deemed “oppositional” to the government that said President Vladimir V. Putin was pursuing his own self-interest by invading Ukraine. A dossier elsewhere on file detailed who owned the site and where they lived.

Another Feb. 28 dispatch, titled “Presence of Protest Moods,” warned that some had expressed support for demonstrators and “spoke about the need to stop the war.”

The report was among nearly 160,000 records from the Bashkortostan office of Russia’s powerful internet regulator, Roskomnadzor.

Together the documents detail the inner workings of a critical facet of Mr. Putin’s surveillance and censorship system, which his government uses to find and track opponents, squash dissent and suppress independent information even in the country’s furthest reaches.

The leak of the agency’s documents “is just like a small keyhole look into the actual scale of the censorship and internet surveillance in Russia,” said Leonid Volkov, who is named in the records and is the chief of staff for the jailed opposition leader Aleksei A. Navalny.

https://www.nytimes.com/interactive/2022/09/22/technology/russia-putin-surveillance-spying.html

#surveillance #russia
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

The source code to the Intel Alder Lake has been leaked online

* Alder Lake CPU was released November 4, 2021
* Source code is 2.8GB (compressed)
* Leak (allegedly) from 4chan
* We have not reviewed the entirety of the code base, it is massive

https://nitter.pussthecat.org/vxunderground/status/1578575040647266304

via Twitter

💡 Read as well:
The BIOS Code from project C970

#leak #alderlake #intel
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

Android leaks connectivity check traffic

An ongoing security audit of our app identified that Android leaks certain traffic, which VPN services cannot prevent.

An ongoing security audit of our app identified that Android leaks certain traffic, which VPN services cannot prevent. The audit report will go public soon. This post aims to dive into the finding, called MUL22-03.

We researched the reported leak, and concluded that Android sends connectivity checks outside the VPN tunnel. It does this every time the device connects to a WiFi network, even when the Block connections without VPN setting is enabled.

We understand why the Android system wants to send this traffic by default. If for instance there is a captive portal on the network, the connection will be unusable until the user has logged in to it. So most users will want the captive portal check to happen and allow them to display and use the portal. However, this can be a privacy concern for some users with certain threat models. As there seems to be no way to stop Android from leaking this traffic, we have reported it on the Android issue tracker.

Even if you are fine with some traffic going outside the VPN tunnel, we think the name of the setting (“Block connections without VPN”) and Android’s documentation around it is misleading. The impression a user gets is that no traffic will leave the phone except through the VPN. Due to this, we have reported another issue, where we suggest improving the Android documentation.

https://mullvad.net/en/blog/2022/10/10/android-leaks-connectivity-check-traffic/

#android #leak #vpn
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv

European cable cut may impact transoceanic routes

What has happened?

We are aware of a major cable cut in the South of France that has impacted major subsea cables with connectivity to Asia, Europe, US and potentially other parts of the world. As a result of the cable cut, customers may see packet loss and or latency for websites and applications which traverse these impacted paths.

What is Zscaler doing?

Zscaler has made routing adjustments where possible to route around the problem but in certain cases we see the reverse path from the Application/Content providers which is under the control of the Application/Content Providers still traverses the impacted paths.

What can you do?

Zscaler is working with the content providers to have them influence their portion of the path. If you experience slowness with specific applications, especially applications hosted overseas, please contact the application provider and refer them to this trust post.

At this time, based on the information we have, the local authorities are investigating and repair crews are on scene but can not access the site until police complete their evidence collection.

There is currently no estimated time to repair available

We will provide an update as additional information becomes available.

Zscaler Incident# INC-000000047

Update - Wed, 19 Oct 2022 23:01:23 UTC

The following links have been identified as being cut. We have received an update that one of the links has been fixed, currently we are not able to confirm which link.

Marseille-Lyon : Team on site repair on hold due to Police intervention for investigation.

Marseille-Milano : Cable Cut Confirmed by Fiber Testing – searching of cut point in progress.

Marseille-Barcelona : Cable Cut Confirmed by Fiber Testing – searching of cut point in progress.

Update - Thu, 20 Oct 2022 01:03:15 UTC

The Zscaler Operations team have confirmed that one of the links has been fixed and we have observed a drop in packet loss and latency for some destinations. We will continue to monitor and update on any changes to the situation.

https://trust.zscaler.com/zscloud.net/posts/12256

#cablecut
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv