I can’t recommend Maldev Academy enough. It has been an amazing resource, to get into malware development. Keep in mind, however, that malware development is pretty difficult topic. You will have to eventually use WinAPI and syscalls, so learning about that even outside of malware development will help you a lot.

For example, try looking into how to execute a shellcode in memory - allocate memory as RWX, copy some data and then execute it. Try executing it in a different process, or in a different thread of another process. That’s the core of malware development you’ll probably eventually have to do anyway. Manually calling syscalls is also a skill that you’ll need, if you want to get into EDR avoidance.

Also, look into IoCs and what kind of different stuff can be used to detect the malware. Syscall hooks, signatures, AMSI, and syslog are all things that are being watched and analyze to detect malware, and knowing what exactly is your program logging and where is one of the most important and difficult skills you can get.

There probably are a lot resources for these two skills, and they are an important foundation for malware developemnt, so I’d suggest researching that. You’ll probably not get much from looking at other malware, because it tends to be really low-level, and obfuscated, exactly to avoid the IoCs I’ve mentioned above. Implementing the malware behavior after that is the easier part.

Another good resource to look into are C2s and communication, for example Mythic C2 has some interresting stuff.

And I really recommend joining the Bloodhound slack. Throughout my cybersecurity carreer as a Red Teamer, the community has helped me a lot and I’ve learned amazing stuff just by lurking.

I think it eventually got challenged and banned. The response from the SPD party was “We were just getting started, our campaing will be even more harsh.”

It is just a bunch of idiots, what can I say.

That’s not even the worst poster they have. They also have this one:

Healtcare shortcomings won’t be solved by imported ‘surgeons’

Stop the EU migration pact

I hate those pieces of shit so much. And this is a real election campaign poster.

76% of all respondents are using or are planning to use AI tools in their development process this year, an increase from last year (70%). Many more developers are currently using AI tools this year, too (62% vs. 44%).

What the fuck. That’s horrifying. I also though that every sensible workplace bans the use of AI.

A friend was telling me about a discussion between CTO’s at a conference, where they were talking about whether it’s even worth it to hire junior developers anymore, since there’s a high risk of them just being “AI-raised”, without much (or any) experience of coding without AI. And, this survey result… I can see where they are coming from. The future of programming looks pretty bleak - our job will not be replaced. It will just get worse, with good developers being more of a rarity.

And the amount of people who use vim or neovim as their IDE is surprisingly high. Is it skewed by sysadmins?

https://wbo.ophir.dev/boards/klFrzLZIyfumYW6larIfi-NKQescKcR8pMib1hlochQ-

Feel free to draw here.

I call the goth scene/genre 80s goth mostly because in the last decade, saying you listen to goth music would for most people mean Nightwish and gothic metal, which has exactly zero things in common with the 80s goth bands like The Cure or Sisters of Mercy. Calling it a trad goth may have been less confusing, though.

I though that MC means magnetic cassete, every time I shopped for them on our local version of ebay, they had MC in the name. Might be local thing, though.

I’m 27 and regularly atttlend concerts in the 80s goth/postpunk/arkwave/synthpop scene. Every band has a CD and I always get one, though if they have MCs, which they sometimes have, I preffer those. As a profesional poser, listening to MCs on a walkman just has this unique feel CDs can’t replicate, while also helping with my attnention span since I can’t just easily skip songs midway and stick to the few ones I like, instead forcing me to enjoy the whole album which eventually grows on me.

However, I’m probably not a good reference, since I also regularly host parties, DJ and help the local scene promoter with events, so music is pretty big part of my life.

Also, I don’t really listen to them much. I have my own NAS with music, and instead of paying for spotify I download what I need from a private torrent tracker (which I need mostly for DJing, which I never get paid for and always volunteer, just like we do the events with free entry, yo no income from that). That’s why I make sure to buy the CDs, while also having a budget that’s in the same range as I’d spend on Spotify, that I make sure to use every month to buy an album I liked on Bandcamp, slowly replacing everything I’ve pirated with either CDs or bought digital albums. I feel like that way a lot more of my money end up at the hands of the artists, than if I just payed for a streaming service I don’t want to support, while also not limiting me just to the few albums I can afford (and also giving me offline backup if they ever pull the songs from spotify). Pirating is not ideal and I generaly don’t endorse it, but I feel like my approach is kind of morally ok-ish in the long run. Still not excusable, but I’d say better than just paying for Spotify.

A random account on FB, with only like one or two mutual friends and a name and profile picture both being reference to Tim Burton’s movies has messaged me because of a photo of me on a local old school goth festival. We started talking and hit it off pretty well, and eventually decided to meet. No-one of my friends knew who she was, I never saw any of her real pictures or had any indication whether I’m being scammed, catfished, or who the hell it is, other than her mentioning that she was part of the local goth scene several years ago, before I started participating.

We decided to eventually meet before another party, and I went in half expecting I’ll just get a funny catfish story out of it, but I like collecting funny stories so why not. And she promised to bring alcohol, so all I was risking was one awkward afternoon I’d spend getting drunk with someone.

We both arrived already tipsy, and I was met at the train station with a really nice looking girl carrying three bottles of mead, which we’ve managed to drink on the way to the party. It was amazing experience and we hit it off immediately and it was basically love at first sight. Both of us could hold our drinks well, and we got to the party pretty drunk but nowhere near too drunk - I can drink a lot and be OK (not that I do it too often), and it’s rare when I meet someone who can keep up with me.

When we arrived, it turned out that half of the people already knows her, because she indeed was part of the scene around five years before my time, before she got into a really bad relationship she couldn’t get out of due to mortage for several years, cutting contact, but she changed her nickname so no one realized it was her I was talking about. She just got out of the relationship by moving out within a day because she found out he was cheating on her, and few months after that randomly decided to message me, because she saw me on photos with her highschool classmate - who was also my best friend who got me in the scene several years before that (I’m around 6 years younger than both of them), and her friend convinced her to just give it a try and message me.

We’ve been together for almost 6 years, moved together four years ago, and we’ve eventually started DJing and hosting our own goth parties, among other things, while also helping local promoters with their events. All in all, it’s good, but it was a pretty random luck that we’ve met.

VRAM would be 810Gb/403Gb/203Gb for FP16/FP8/INT4 for interferrence, according to their website.

I’m not sure what “FP16/FP8/INT4” means, and where would GTX 4090 fall in those categories, but the VRAM required is respectively 810Gb/403Gb/203Gb. I guess 4090 would fall under the INT4?

• OrangePi with HomeAssistant and PiHole.
• Old gaming PC turned 24/7 server with Jellyfin, V-Rising server
• Hetzner cloud with Matrix server for Messenger and Discord bridging.
• Synology NAS for SMB and sharing stuff with others through Synology Drive, which also serves as a seedbox for Redacted.ch, with Headphones and Transmission.

I wouldn’t call Crowdstrike a corporate spyware garbage. I work as a Red Teamer in cybersecurity, and EDRs are bane of my existence - they are useful, and pretty good at what they do. In the last few years, I’m struggling more and more to with engagements we do, because EDRs just get in the way and catch a lot of what would pass undetected a month ago. Staying on top of them with our tooling is getting more and more difficult, and I would call that a good thing.

I’ve recently tested a company without EDR, and boy was it a treat. Not defending Crowdstrike, to call that a major fuckup is great understatement, but calling it “corporate spyware garbage” feels a little bit unfair - EDRs do make a difference, and this wasn’t an issue with their product in itself, but with irresponsibility of their patch management.

That you should never use the same password for more than one site, especially some random Chinese eshop. I don’t get why people refuse to use password managers, ffs…

I never managed to get gamescope working on my Nobara. Any docs I should look into?

Looks like I’ll finally get a reason to cut off another website I hate using, but never found the willpower to get rid off.

Good

My favorite windows update was when I was attending an onsite coding competition hosted my Microsoft. We were all in this large meeting hall that looked like a theater, and we spent first 10 minutes or so at the start of the competition just looking at Windows update, with the Microsoft rep apologizing to us, because his pc decided to do the “Forced update restart you cant postpone any more” literally two minutes into the presentation

This is actually a great question, in the context of the Fediverse.

Usually, every social network or forum has in their ELUA that anything you post is theirs, and you can’t do anything about i.e Reddit using your data to train AIs.

Hlwever, here, we’re on private instances of regular people. We can make our own rules, can’t we? If an instance would say that anything you post is copyrighted by the author, i.e by CC, would it be enforcable if someone would decide to scrape (or repost) the content for profit?

Depends, assuming a fresh install, can you even create account on win11 without internet access? Last i checked, it wont let you start with local account and requires MS account.

Serious EVE players are something else. The mention about IT security isn’t a hyperbole, some EVE players take the espionage meta-game very seriously, and even though it’s not only against the rules but also illegal, that’s not gonna stop them. I mean, once they literally got someone to turn off electricity for a whole town just so they can win a fight (I tried to find a link to the article, because I’m 90% sure I did read about it somewhere, but I can’t manage to find it anywhere, if anyone has a link. Maybe it was just a rummor, or an unexecuted plan?)