@KimDotcom Rapidshare & the others should have been arrested alongsideyou. It's like being singled out by a speed camera & given a life sentence when everyone else was driving at the same speed. It would be comical if it didn't have such a devastating impact on your life. I feel for you
@KimDotcom It was a free for all, trouble was, you bought the CLK DTM, did gumball, posted pics of the hot tub & made yourself HIGHLY visible, & they painted a target on you, the biggest they could, this is what happens..Do you deserve any of it? No. But can you get out of it, who knows...
@UK_Daniel_Card The driver analysis shows which driver is bugchecking, what someone needs to do is step through the bad version from driver entry and understand what the driver is doing with the "channel file" and named pipes etc right up until it bugchecks. The "why" is still not clear here
@actualbenprice@UK_Daniel_Card Agreed, if the channel files are not drivers (and they clearly aren't) then why is windows bugchecking...... Windbag doesn't lie. "Logic error" is bs
@davepl1968 Agree, the problem in this case is scale, enterprises world over put their eggs in one basket, then comes a perfect storm, a mandatory Elam driver and a dereferenced null pointer, av drivers have been bugchecking since time immemorial, just not at this scale in this "manner".
@hackerfantastic@yarden_shafir@CrowdStrike Exactly, it's not a valid driver image, not even marked as one so. This is the question, what are they doing with these shell "sys" files which clearly don't follow the PE format. They should be forced to explain and show their source code at this point.
@brody_n77 @_JohnHammond "faulty channel file", what on earth is a "channel" file? this is a signed Windows Driver that someone mistakenly added a pointer dereferencing bug into, which then causes the page_fault_in_non_paged_area bugcheck, which seems to have caused Armageddon.
@ImposeCost Arguable more harm than good in terms of sigint implications for fvey, current ongoing ops etc. Until critical fvey / nato intelligence infra is breached I would be sceptical of this option being on the table.
@davepl1968@SergiiKirianov Y'know the docs STILL say that: "NtQuerySystemInformation may be altered or unavailable in future versions of Windows". One day we'll run our thingamajigs and they'll have pulled that carpet out and it'll definitely be different :)
@ashoswai Why is he even there - he is not a politician, or a UN representative, he is not "in role" to be a part of this, why does he have any influence in world affairs whatsoever, it is utter madness. Step away - you are not Tony Stark, and this is not a movie.
@JamesAgombar Sabsa is semi decent general one for SecArchs , if I were focusing on cloud then I would dig into the sec certs for the cloud platforms you're specialising in. It depends to an extent on what level you're working at, Enterprise, Domain, or Solution
@mjtech01 genuine question, why not a fan of recapping things? I've only ever recapped a couple of things but it's breathed life into some sentimental dead stuff.
@BuckWoodyMSFT I was at college in 91, we used to go to the computer lab and set every single Windows 3 machine defragging, because it just looked so damn cool, I wish there were pics :(
@DebugPrivilege I remember a long time ago, when I used to write drivers, we looked at the SSDT to detect certain things, and the amount of hooking in there was crazy, some AV products would have timers to re-hook the functions, and they would overwrite each others hooks, nothing changes...