 |
Post AtotRQ3UeBfAufX5QO by [email protected] |
 |
More posts by [email protected] |
|
Post #AtopmbbyTeFx1CVYEi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
There's a powerful (and dangerous) runtime that's been overlooked by th… |
|
|
|
Post #AtorEu25gHNeDHmS8m by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart Nice. Seems like an easy one to baseline and alert on anomalies too,… |
|
|
|
Post #AtorEu8TIYU6X4lY5Q by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w Should have a Sigma rule later today, but if you have Deno devs in your e… |
|
|
|
Post #AtorEuEUw9IyplaMTo by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart Unless your environment is small enough and you have the ability to … |
|
|
|
Post #AtorEuKAb3qH7MEtJw by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart The signature should make that pretty simple to get around though, r… |
|
|
|
Post #AtorEuPqFyNZOwtQA4 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w What signature are you imagining? |
|
|
|
Post #AtorVurbqQrJiHzTm4 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart The executable's code signing sig. It seems like a simple one to… |
|
|
|
Post #AtorgmO9h9mGc7OTRI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w If you have that visibility, yes. But be aware that the standalone compil… |
|
|
|
Post #AtosviuL1Fls7F8WqO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart Right. I think I bounced around a bit there. Yes, the visibility is … |
|
|
|
Post #Atosvj0idWsKR27cn2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w Mostly yes, but if I were using this maliciously, it would be named node.… |
|
|
|
Post #Atosvj6kH7hCjiwRBQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart But what are you signing node.exe with? It wouldn't match the ex… |
|
|
|
Post #AtotD40tnklWUtTRom by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@cR0w @mttaggart Nice article! Just checking around here in a dev-heavy enviro… |
|
|
|
Post #AtotD48LM4iiryxOQC by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@thomrstrom @mttaggart Great overview of the language, but from a threat POV, n… |
|
|
|
Post #AtotED73SKsP0Xtrlo by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w I'm not changing the sig. I'm not recompiling. The cert and filen… |
|
|
|
Post #AtotMV04pohknkaYFs by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@cR0w @thomrstrom I would contend that the FFI component can make forensic anal… |
|
|
|
Post #AtotRQ3UeBfAufX5QO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart @thomrstrom Right, not groundbreaking, but a fantastic primer to kno… |
|
|
|
Post #Atqll640H7KNNsYyae by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@mttaggart Just for the record, @GEBIRGE created a tool to extract the source c… |
