Shared posts

15 Apr 23:01

FreeBSD 13 Released

by BeauHD
"FreeBSD, the other Linux, reached version 13," writes long-time Slashdot reader undoman. "The operating system is known for its stable code, native ZFS support, and use of the more liberal BSD licenses." Phoronix highlights some of the major new improvements: FreeBSD 13.0 delivers on performance improvements (particularly for Intel CPUs we've seen in benchmarks thanks to hardware P-States), upgrading to LLVM Clang 11 as the default compiler toolchain, POWER 64-bit support improvements, a wide variety of networking improvements, 64-bit ARM (AArch64) now being a tier-one architecture alongside x86_64, EFI boot improvements, AES-NI is now included by default for generic kernel builds, the default CPU support for i386 is bumped to i686 from i486, and a variety of other hardware support improvements. Various obsolete GNU tools have been removed like an old version of GNU Debugger used for crashinfo, obsolete GCC 4.2.1 and Binutils 2.17 were dropped from the main tree, and also switching to a BSD version of grep. The release announcement can be found here.

Read more of this story at Slashdot.

15 Apr 17:46

1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them

by (Ravie Lakshmanan)
Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble.
15 Apr 17:45

Bright Cellars' personalized wine club turned this beer drinker into a wine person

by Boing Boing's Shop

I consider myself a beer person. My go-to order at the bar is a Miller High Life or Stella Artois. I know the difference between an ale and a lager, and I frequent the local microbrewery. It's not that I only like beer; I just haven't found another drink I like quite as much. — Read the rest

15 Apr 17:30

US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

by (Ravie Lakshmanan)
The U.S. and U.K. on Thursday formally attributed the supply chain attack of IT infrastructure management company SolarWinds with "high confidence" to government operatives working for Russia's Foreign Intelligence Service (SVR). "Russia's pattern of malign behaviour around the world – whether in cyberspace, in election interference or in the aggressive operations of their intelligence services
15 Apr 10:47

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

by (Ravie Lakshmanan)
Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a Remote Access Trojan (RAT) capable of carrying out a wide range of attacks. The attack works by leveraging searches for business forms such as invoices, templates, questionnaires, and receipts as a stepping stone toward infiltrating the systems.
15 Apr 00:50

Metro Exodus Launches For Linux But Off To Bumpy Start

As scheduled, Metro Exodus saw its native Linux port debut today. This first person shooter from 4A Games launched on Windows and consoles in 2019 while the 4A Engine powered game only debuted today for macOS and Linux. Previously it would work with Steam Play but now there is a native Linux port albeit with some kinks still to work out...
14 Apr 23:37

A look at UFO, Gerry Anderson's first live-action TV show in 1970

by Gareth Branwyn

We've talked about the work of Gerry and Sylvia Anderson and their supermarionation shows here on Boing Boing over the years, and we've discussed UFO, their first live action series, on the BBS, but it doesn't appear anything has ever been blogged about the show. — Read the rest

14 Apr 20:57

What's so Special About Angus Beef?

by Claire Lower on Skillet, shared by Claire Lower to Lifehacker

The word “Angus” conjures up the spirit of quality American beef, and it’s used by restaurants and grocery stores alike to push their products. When I was a tween, my favorite food was beef, and my favorite “grown-up” restaurant was Black Angus, a mid-level steakhouse chain that served a savory steak soup with sweet…


14 Apr 12:04

NVIDIA Confirms That The Majority of PC Gamers Won’t Be Able To Buy A Gaming Graphics Card This Year, Shortages To Persist Throughout 2021

by Hassan Mujtaba

NVIDIA has issued a new statement on the ongoing gaming GPU shortages which confirms that it will be hard for gamers to get their hands on brand new gaming graphics cards till next year. The company's CFO, Colette Kress, stated this during NVIDIA's annual investors day earlier this week & well, 2021 can't get any worse for PC gamers.

NVIDIA Says That GPU Demand Will Continue To Exceed Supply For Much of 2021 Making It Hard For PC Gamers To Find A Brand New Graphics Card

Ever since the launch of the GeForce RTX 30 series, NVIDIA & its CEO, Jensen Huang, has issued multiple statements regarding the persistent GPU shortages. The company stated that shipping and logistics along with shortages of components are resulting in poor supply for their next-gen graphics cards, resulting in price hikes by various retailers. To make matter worse, the crypto boom has resulted in miners gobbling up large quantities of gaming graphics cards leaving dust for actual PC gamers.

The largest contributing factors to the low supply are the lack of raw materials, outsourcing, the pandemic, and the revival of the crypto craze. Another factor that isn't affecting the supply, but is affecting the price is the lack of tariff exemptions. This has even led hardware manufactures to raise the prices of their components.

NVIDIA GeForce RTX 3060 Ti, RTX 3060, RTX 3050 Graphics Cards

The first three factors can all be combined because resources and outsourcing go hand in hand. The pandemic has limited the production process. NVIDIA is a fabless semiconductor developer meaning that they do not have the capacity to produce their own cards on a mass scale. In order to make the cards, NVIDIA outsources the production of the graphics card to TSMC and Samsung. The lack of raw materials to manufacture the cards goes further up the supply chain.

“We expect demand to continue to exceed supply for much of this year,” CFO Colette Kress said during Nvidia's annual investors day on Monday.

“Our operations team is agile and executing fantastically. We expect our supplies to increase as the year progresses,” she added.


NVIDIA did launch countermeasures to revert a portion of the supply back in the hands of PC gamers in the form of limiting crypto hash rate on its new gaming graphics cards & launching crypto mining dedicated CMP series GPUs but that didn't work in NVIDIA's favor. Not only were miners able to bypass the hash rate limit but the CMP cards currently listed on retail are priced ridiculously high and don't deliver the same benefits as a gaming graphics card does.

For example, the CMP cards feature a 3-month warranty compared to a full 3-year warranty which the gaming graphics cards do. Furthermore, the CMP cards don't offer the mining value as GPUs do. Even the older GeForce cards output a much higher hash rate compared to the CMP cards at a lower price. However, NVIDIA recently increased its CMP mining GPU revenue estimate by $100 Million which means that there are indeed large orders being made by miners for CMP offerings.

Now things aren't all grim and NVIDIA expects the supply to get better as the year progresses but even if the company can increase its gaming graphics card inventory eventually, crypto miners are still a hurdle in between for PC gamers. We have also seen scalpers taking advantage of the whole situation and buying up entire seconds in literal seconds of launch and then proceeding to sell the same cards on 3rd party websites for exorbitant rates. These are definitely hard times to be a PC gamer whether you want an AMD or NVIDIA gaming graphics card for your PC and things look like they won't be changing till 2022.

The post NVIDIA Confirms That The Majority of PC Gamers Won’t Be Able To Buy A Gaming Graphics Card This Year, Shortages To Persist Throughout 2021 by Hassan Mujtaba appeared first on Wccftech.

13 Apr 21:05

This Week I Played (April 2021)

by Shamus

Factorio. I played Factorio. A reasonable person could say that perhaps I played too much Factorio. I don’t know. I’m not a reasonable person and I don’t have time to argue about it because I’m too busy trying to scale up my power plant and solve the traffic jams my trains keep creating.


I've downloaded a mod that lets you hook numeric panels to the circuit network. You can see I've launched 178 rockets so far.
I've downloaded a mod that lets you hook numeric panels to the circuit network. You can see I've launched 178 rockets so far.

I’ve been messing around with various cheat mods, and I’ve found the game to be more engrossing than ever. It’s a lot like my recent obsession with Cities Skylines. Sometimes cheats can make a game more interesting by allowing you to focus more time on the parts that most interest you. I wouldn’t want to have these cheats when I’m learning the game, but once you’ve mastered the systems it’s nice to skip the early game and small-scale stuff so you can focus on the large throughput and optimization challenges.

I’ve also been using mods that add more conveyor belts to the game. In the base game, there are three tiers of conveyor belts:

  • Lame, worthless, and stupidly slow yellow belts that can deliver 15 items per second.
  • Tolerable red belts that deliver 30 items per second.
  • Nice cyan belts that deliver 45 items per second.

The mod I’m using adds 5 more tiers that go all the way up to a brain-melting 270 items per second. That sounds game-breaking, but I discovered that it really just delays the inevitable. No matter how fast your belts get, you’ll quickly scale up and hit the new limit. Just like internet speeds, hard drives, and CPU speeds in the 90s, it doesn’t take long for your fancy new tech to become the new bottleneck.

270 seems fast, but once you have multiple cargo trains delivering items and trying to pump them through the base on a single conveyor, you'll start to wonder if maybe there's a mod for 320 or even 400.
270 seems fast, but once you have multiple cargo trains delivering items and trying to pump them through the base on a single conveyor, you'll start to wonder if maybe there's a mod for 320 or even 400.

It’s a bit like this Jon Blow talk I’ve linked to before:

Link (YouTube)

Blow talks about how our software is getting worse as our machines get faster. Instead of making programs better, the extra power ends up being consumed by poor engineering. As an example he compares different versions of Adobe Photoshop. In the 90s, it took several seconds to load the program off of your slow-ass hard drive. Then 20 years later we have computers that are literally thousands of times faster, but the program is somehow even less responsive.

In short, you can make massive improvements to throughput in Factorio, but you can’t get them by just making the individual parts operate faster. You need to attack the problem on an engineering level and think about your production on a macro scale.

I love this game.


This is some classic Valve-style level design. At the start of the level there's a weapon off to one side. The player naturally moves to pick it up. Then the door in the distance opens to reveal some snipers. This makes sure you're looking in the right direction so you understand what's happening.
This is some classic Valve-style level design. At the start of the level there's a weapon off to one side. The player naturally moves to pick it up. Then the door in the distance opens to reveal some snipers. This makes sure you're looking in the right direction so you understand what's happening.

This is another entry in the recent trend of 90s retro shooters. Like contemporaries Dusk, STRAFE, Ion Fury, Amid Evil, Devil Daggers, WRATH: Aeon of Ruin, and (to a lesser extent) Get to the Orange Door, this game rummages through the big toybox of classic 90s gameplay, looking for what elements it wants to preserve and what it wants to change.

A lot of these games have the “problem” that they re-create the frantic pace of the original games. That’s not a problem if you’re into non-stop action, but 25 years later I find the relentless tempo of the old games to be exhausting. In 2004 Half-Life 2 featured crucial moments of deliberate quiet time, and that changed how I think about shooters.

Link (YouTube)

Sure, there were quiet moments in DOOM and Quake, but those moments were probably the result of you taking a wrong turn or getting lost. Spending five minutes running around at breakneck speed looking for the RED keycard isn’t really quiet time, even if the shooting has stopped. Half-Life 2 gave us moments of quiet time that had been deliberately crafted by the designer. There would be some slow, forlorn music playing. You’d hear some ominous sounds in the distance like crows or groaning metal. The game would create a sense of isolation while you explored the space to solve a puzzle and catch your breath. Those moments of downtime made it so that you could really feel the impact when things slammed into high gear again.

That sensation of “calm before the storm” didn’t exist in the 90s. And it seems to have fallen out of favor with modern shooters as well. These days “quiet time” just means you get locked in a room while someone takes an exposition dump on you. That’s not quiet time, that’s a movie. (And usually, a bad movie.)

So I find a lot of these old games to be too tiring to play for extended periods of time. Those old games were half my life ago, so maybe that’s my age talking. But maybe Half-Life 2 ruined the old games for me. In any case, I can only play these modern throwbacks for about thirty minutes before I’m numb from the endless screaming and gunfire.

These snipers are super-annoying. You need to play peek-a-boo with them for the whole level, before you finally get in behind them for some sweet retribution.
These snipers are super-annoying. You need to play peek-a-boo with them for the whole level, before you finally get in behind them for some sweet retribution.

Prodeus doesn’t quite have Half-Life 2 style quiet time, but the game does have some variation in its pacing. It’s not just an endless maze full of repetitive gunfights. Most levels are built around an idea. Maybe you need to make a long climb. Or maybe the area starts out as a linear series of rooms, but as you go you keep opening doors to previous rooms, opening up the layout until it’s kind of a large arena. Some levels will take you through the same room several times, but the room will feature a new twist every time you enter.

My favorite level is Marksman, where there’s a huge tower in the middle of the level. There are snipers in the tower, and they hound you constantly as you work your way around and then ascend to finally get in behind them. It made for some interesting 2-axis fights. I need to keep moving to deal with the foes in front of me, but I also need to manage my line-of-sight to the tower on my right.

The constant twists and variations in level design made the game feel like more than an endless series of rooms to circle-strafe in. And the game does have deliberate quiet moments here and there.  Often you’ll emerge from the base / caves / tunnels into the daylight and you’ll have a vista to take in rather than another gunfight. The whole experience is a masterclass in level design.

I’ve gone through all of the existing levels (the game is currently in early access) for now. I’m really looking forward to the next batch of content. Highly recommended.

What Happened to all the Porno?

You might remember I played one of these games back in 2017. It was... an experience. Click to read about it.

You might remember I played one of these games back in 2017. It was... an experience. Click to read about it.

In the middle of last year, I noticed that there were always two or three adult titles in the top 20 best-sellers on Steam. That stood out to me. Nobody talks about these games, yet they were topping the charts. At the same time, people in other countries were saying that they hadn’t observed a surge in adult titles. Was this a fluke? Did it have something to do with the pandemic?

So I subscribed to a VPN. I had this idea for a post / series where I was going to look at the best-selling lists on Steam in different countries and see where these games were selling. But then I put it off while I finished up my series on Jedi Fallen Order, and then I put it off some more because I was working on the Book.

And then I noticed that the craze seems to have ended. A couple of weeks ago I checked in and there weren’t any adult games on the charts. Weird. I don’t know enough about this genre / subculture to make sense of this.

What Have You Been Playing?

So what’s going on these days? Catching up on new stuff? Retro stuff? Indie? AAA? What’s good? What games should we avoid?

13 Apr 20:44

Nylon mesh zipper bags are great for organizing

by Mark Frauenfelder

I have a few dozen of these nylon mesh zipper bags and use them to organize small things: charging cables, USB flash drives, pens and pencils, travel gear, small tools, etc. They're see-through so you don't have to unzip a bag to see what's inside. — Read the rest

13 Apr 20:38

The 28 best documentaries to binge on Netflix - CNET

by Mark Serrels
Netflix has a ton of great documentaries. Here are our picks...
13 Apr 20:33

FreeBSD 13.0 Brings Better Performance, LLVM Clang 11, Obsolete GNU Bits Removed

FreeBSD 13.0-RELEASE is now officially available as the debut of the big FreeBSD 13 feature update...
13 Apr 19:53

Small Kansas Water Utility System Hacking Highlights Risks

by Associated Press

A former Kansas utility worker has been charged with remotely tampering with a public water system’s cleaning procedures, highlighting the difficulty smaller utilities face in protecting against hackers.

read more

13 Apr 19:51

CISA Details Malware Found on Hacked Exchange Servers

by Ionut Arghire

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week published details on additional malware identified on compromised Microsoft Exchange servers, namely China Chopper webshells and DearCry ransomware.

read more

13 Apr 18:44

You Should Poke a Hole in Your Eggs Before Boiling Them

by Claire Lower on Skillet, shared by Claire Lower to Lifehacker

Most hard-boiled egg recipes will tell you to cover your eggs with cold water, bring them to a boil, then cover and move them off the heat for 12 minutes or so. In my experience, this has always resulted in eggs that are impossible to peel.


13 Apr 18:39

Detecting the "Next" SolarWinds-Style Cyber Attack

by (The Hacker News)
The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, the perpetrators were also able to infiltrate many other organizations, looking for intellectual
13 Apr 18:39

Far Cry 2 Modernized HD Mod is now available for download

by John Papadopoulos

In 2019, we informed you about Far Cry 2 Redux. And today, modder ‘PuppyUnicorn’ released a reworked version of it. This is a mod for those that want to replay this classic FC game, and we highly recommend downloading it. Far Cry 2: Modernized is essentially a game overhaul; prioritizing graphical fidelity, realism, and consistency. … Continue reading Far Cry 2 Modernized HD Mod is now available for download →

The post Far Cry 2 Modernized HD Mod is now available for download appeared first on DSOGaming.

13 Apr 18:32

Subnautica: Below Zero Finally Leaves PC Early Access and Hits Consoles in May

by Nathan Birch

Subnautica Below Zero

Subnautica: Below Zero, which takes the alien underwater survival of the original game to a frosty new planet, is finally arriving in full form after over two years in Steam Early Access. On top of that, the game is also launching on both current and next-gen consoles and the Nintendo Switch. Here’s a new cinematic trailer for Subnautica: Below Zero…

Fun stuff! Of course, the real game doesn’t look quite so good, but the trailer provides a pretty good idea of the many challenges you’ll face. Haven’t been keeping up with Subnautica: Below Zero? Do check out Wccftech's full hands-on preview and the following official description:

From Unknown Worlds Entertainment, presents the return to the world of 4546B with Subnautica: Below Zero. Dive into a freezing underwater adventure on an alien planet. Set one year after the original Subnautica, Below Zero challenges you to survive the icy biomes both above and below the surface. Craft tools scavenge for supplies and unravel the next chapter in the Subnautica story.

Key Features

  • Survival is Key – Gather valuable materials, craft tools, manage your hunger and thirst, all while evading the dangerous wildlife that sees you as its next meal
  • The Mysteries Submerged – You came here in search of answers. You risked everything to get here
  • Exploration – Delve into unique aquatic and terrain biomes that will unlock not only materials, but the answers that you seek
  • Build your Habitat – Crafting and building the comforts of home here. These bases will be integral for your survival from not only the wildlife, but also the harsh environment around you

Subnautica: Below Zero swims onto PC (via Steam and Epic), Xbox One, Xbox Series X/S, PS4, PS5, and Switch on May 14, and pre-orders are open now. The Switch is also getting the original Subnautica for the first time as well as a combo pack that includes the first game and Below Zero.

The post Subnautica: Below Zero Finally Leaves PC Early Access and Hits Consoles in May by Nathan Birch appeared first on Wccftech.

13 Apr 18:28

Things You Should Be Buttering (But Probably Aren't)

by Claire Lower on Skillet, shared by Claire Lower to Lifehacker

My household is always stocked with least two different kinds of butter: I have cooking butter for sautéing and baking, which is mostly a cheap store brand, and a separate eating butter, usually Kerrygold, for slathering.


13 Apr 18:23

Counter Strike' Bug Allows Hackers To Take Over a PC With a Steam Invite

by msmash
Hackers could take control of victims' computers just by tricking them into clicking on a Steam invite to play Counter Strike: Global Offensive, Motherboard reports, citing a bug filing review. From a report: A bug in the game engine used in Counter Strike: Global Offensive could be exploited by hackers to take full control of a target's machine. A security researcher alerted Valve about the bug in June of 2019. Valve is the maker of Source Engine, which is used by CS:GO, Team Fortress 2, and several other games. The researcher, who goes by the name Florian, said that while that the bug has been fixed in some games that use the Source engine, it is still present in CS:GO, and he demonstrated it in a call with Motherboard. Florian's correspondence with Valve occurred on HackerOne, the bug bounty platform used by the company to get reports about vulnerabilities. Valve admitted that it was being slow to respond, even though it classified the bug as "critical" in the thread with the researchers, which Motherboard reviewed. "I am honestly very disappointed because they straight up ignored me most of the time," Florian said in an online chat.

Read more of this story at Slashdot.

13 Apr 18:00

This Witcher 3 mod adds a new standalone quest to wrap up Blood and Wine

by Carrie Talbot
This Witcher 3 mod adds a new standalone quest to wrap up Blood and Wine

If you've bested The Witcher 3 - and by Witcher 3, I mean the RPG game's full experience, two expansions and all - you'll have encountered Orianna's quest, Blood Simple. Featured as a possible main quest in the game's second DLC, Blood and Wine, it ends with something of a loose end - but now a new standalone quest mod aims to tell the tale to its end. Spoilers ahead, folks.

Nikich340's Witcher 3 new quest mod is called A Night To Remember, and it continues Orianna's questline beyond where Blood and Wine stops - so, after the point at which Geralt lets the vampire go, having vowed to deal with her should they ever cross paths again. It's described as a "completely new adventure featuring characters new and old", with "new writing, cutscenes, voice acting, assets, a special reward, and some difficult decisions..." Gulp.

What this new adventure - and these tricky new decisions - might bring exactly aren't detailed on the mod's page, but you can get a flavour of the quest in the clip below. Plus, the creator notes in the mod's comments that "after completing the quest you may try [...]other variants in main dialogue scenes to get another ending", so it sounds like there'll be different outcomes at its conclusion. Neat.

RELATED LINKS: The Witcher 3 mods, The Witcher 4 news, Play The Witcher 3
13 Apr 18:00

GTA 5 modder brings the Cayo Perico heist to single-player

by Iain Harris
GTA 5 modder brings the Cayo Perico heist to single-player

While GTA Online offers plenty of hustle and bustle, some people prefer the solace of single-player. You can still live amongst Los Santos and go about your day-to-day grind, though chances are you won't be blown to bits by a rocket from a flying motorbike. While GTA Online's heists are one of the few things that tempt me to break stride, even those are coming to single-player thanks to the work of modders.

HKH191 managed to bring the crime game's most recent outing, the Cayo Perico heist, to GTA 5's offline mode, finally allowing me to rob El Rubio as Trevor. You're even getting the Kosatka, a chonking giant submarine with missiles that features in the Cayo Percio update.

The heist comes with five startup missions and one big finale. Much like GTA Online, you can do this one solo, but you can get a team of AI teammates if you fancy tackling this with a gang. The way you approach the finale still comes down to decisions you make, such as what vehicle you want to kick things off with.

13 Apr 17:59

Nier: Automata’s Steam version is getting an upgrade

by Iain Harris
Nier: Automata’s Steam version is getting an upgrade

Square Enix is giving Nier: Automata's Steam version some TLC. The publisher took to Twitter to tell fans that an "upgrade patch" for the sombre RPG is currently in development. That's all the details we have right now, but Square Enix says it'll have more information to share with you at a "later date".

This all follows Nier: Automata's Become As Gods edition coming to Game Pass on PC after being available on Xbox One. Fans reckon it's a much better version of the game on Steam, so they started review bombing the one that's available on Valve's storefront.

When the game was initially released in 2017, people came across UI problems, awkward controls, a locked framerate, and other issues. As such, a mod called Fix Automata Resolution swiftly became the recommended way to play one of Yoko Taro's best games on PC. The Become as Gods version that Game Pass has got, meanwhile, comes with a borderless window mode, runs smoother, and has upscaled textures, which the Steam version owners would quite like.

12 Apr 21:52

Microsoft Releases a Cyberattack Simulator

by Sharon Nelson

Bleeping Computer reported on April 8 that Microsoft has released an open-source cyberattack simulator which permits security researchers and data scientists to create simulated network environments and see how they operate against AI-controlled cyber agents.

The project is named 'CyberBattleSim' built using a Python-based Open AI Gym interface.

The Microsoft 365 Defender Research team created CyberBattleSim to model how a threat actor spreads laterally through a network after its initial compromise. Nice graphics included in the link above.

The Microsoft Defender Research Team, in new blog post, says "The environment consists of a network of computer nodes. It is parameterized by a fixed network topology and a set of predefined vulnerabilities that an agent can exploit to laterally move through the network. The simulated attacker's goal is to take ownership of some portion of the network by exploiting these planted vulnerabilities. While the simulated attacker moves through the network, a defender agent watches the network activity to detect the presence of the attacker and contain the attack."

To build their simulated environment, researchers will create various nodes on the network and indicate that services are running on each node, their vulnerabilities, and how the device is protected.

Automated cyber agents (threat actors) are then deployed in the environment, where they randomly select actions to perform against the various nodes to take control over them.

While many of these activities may trigger alerts in an XDR or SIEM system, Microsoft hopes that the security community can use this simulator to better understand how AI can analyze post-breach movements and better defend against them.

Microsoft said, "With CyberBattleSim, we are just scratching the surface of what we believe is a huge potential for applying reinforcement learning to security. We invite researchers and data scientists to build on our experimentation. We're excited to see this work expand and inspire new and innovative ways to approach security problems."

Shall we play a game?

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology

12 Apr 21:50

Get Free Beer Money from Sam Adams for Being Vaccinated

by Sam Blum on Two Cents, shared by Sam Blum to Lifehacker

There is no greater incentive for getting vaccinated than doing your part to end the pandemic that has singularly redefined our lives over the past year. And as a show of appreciation for your efforts, Sam Adams wants to give you your first post-jab brew on the house.


11 Apr 02:28

On #DFIR Analysis, pt II - Describing Artifact Constellations

by Unknown

 I've been putting some serious thought into the topic of a new #DFIR model, and in an effort to extend and expand upon my previous post a bit, I wanted to take the opportunity to document and share some of my latest thoughts.

I've discussed toolmarks and artifact constellations previously in this blog, and how they apply to attribution. In discussing a new #DFIR model, the question that arises is, how do we describe an artifact or toolmark constellation in a structured manner, so that it can be communicated and shared?  

Of course, the next step after that, once we have a structured format for describing these constellations, is automating the sharing and "machine ingestion" of these constellation descriptions. But before we get ahead of ourselves, let's discuss a possible structure a bit more. 

The New #DFIR Model

First off, to orient ourselves, figure 1 illustrates the proposed "new" #DFIR model from my previous blog post. We still have the collect, parse, and enrich/decorate phases prior to the output and data going to the analyst, but in this case, I've highlighted the "enrich/decorate" phase with a red outline, as that is where the artifact constellations would be identified.

Fig 1: New DFIR Model 
We can assume that we would start off by applying some known constellation descriptions to the parsed data during the "enrich/decorate" phase, so the process of identifying a toolmark constellation should also include some means of pulling information from the constellation, as well as "marking" or "tagging" the constellation in some manner, or facilitating some other means of notifying the analyst. From there, the expectation would be that new constellations would be defined and described through analysis, as well as through open sources, and applied to the process.

We're going to start "small" in this case, so that we can build on the structure later. What I mean by that is that we're going to start with just DFIR data; that is, data collected as either a full disk acquisition, or as part of triage response to an identified incident. We're going to start here because the data is fairly consistent across Windows systems at this point, and we can add EDR telemetry and input from a SIEM framework at a later date. So, just for the sake of  this discussion, we're going to start with DFIR data.

Describing Artifact Constellations

Let's start by looking a common artifact constellation, one for disabling Windows Defender. We know that there are a number of different ways to go about disabling Windows Defender, and that regardless of the size and composition of the artifact constellation they all result in the same MITRE ATT&CK sub-technique. One way to go about disabling Windows Defender is through the use of Defender Control, a GUI-based tool. As this is a GUI-based tool, the threat actor would need to have shell-based access to the system, such through a local or remote (Terminal Services/RDP) login. Beyond that point, the artifact constellation would look like:
  • UserAssist entry in the NTUSER.DAT indicating Defender Control was launched
  • Prefetch file created for Defender Control (file system/MFT; not for Windows server systems)
  • Registry values added/modified in the Software hive
  • "Microsoft-Windows-Windows Defender%4Operational.evtx" event records generated
Again, this constellation is based solely on DFIR or triage data collected from an endpoint. Notice that I point out that one artifact in the constellation (i.e., the Prefetch file) would not be available on Windows server systems. This tells us that when working with artifact constellations, we need to keep in mind that not all of the artifacts may be available, for a variety of reasons (i.e., version of Windows, system configuration, installed applications, passage of time, etc.). Other artifacts that may be available but are also heavily dependent upon the configuration of the endpoint itself include (but are not limited to) a Security-Auditing/4688 event in the Security Event Log pertaining to Defender Control, indicating the launch of the application, or possibly a Sysmon/1 event pertaining to Defender Control, again indicating the launch of the application. Again, the availability of these artifacts depends upon the specific nature and configuration of the endpoint system.

Another means to achieve the same end, albeit without requiring shell-based access, is with a batch file that modifies the specific Registry values (Defender Control modifies two Registry values) via the native LOLBIN, reg.exe. In this case, the artifact constellation would not need to (although it may be) be preceded by a Security-Auditing/4624 (login) event of either type 2 (console) or type 10 (remote). Further, there would be no expectation of a UserAssist entry (no GUI tool needs to be launched), and the Prefetch file creation/modification would be for reg.exe, rather than Defender Control.  However, the remaining two artifacts in the constellation would likely remain the same.

Fig 2: WinDefend Exclusions
Of course, yet another means for "disabling Windows Defender" could be as simple as adding an exclusion to the tool, in any one or more of the five subkeys illustrated in figure 2. For example, we've seen threat actors create exceptions for any file ending in ".exe", found in specific paths, or any process such as Powershell.

The point is that while there are different ways to achieve the same end, each method has its own unique toolmark constellation, and the constellations could then be used to apply attribution.  For example, the first method for disabling Windows Defender described above was observed being used by the Snatch ransomware threat actors during several attacks in May/June 2020. Something like this would not be exclusive, of course, as a toolmark constellation could be applied to more than one threat actor or group. After all, most of what we refer to as "threat actor groups" are simply how we cluster IOCs and TTPs, and a toolmark constellation is a cluster of artifacts associated with the conduct of particular activity. However, these constellations can be applied to attribution.

A Notional Description Structure

At this point, a couple of thoughts or ideas jump out at me.  First, the individual artifacts within the constellation can be listed in a fashion similar to what's seen in Yara rules, with similar "strings" based upon the source. Remember, by the time we're to the "enrich/decorate" phase, we've already normalized the disparate data sources into a common structure, perhaps something similar to the five-field TLN format used in (my) timelines. The time field of the structure would allow us to identify artifacts within a specified temporal proximity, and each description field would need to be treated or handled (that is, itself parsed) differently based upon the source field. The source field from the normalized structure could be used in a similar manner as the various 'string' identifiers in Yara (i.e., 'ascii', 'nocase', 'wide', etc.) in that they would identify the specific means by which the description field should be addressed. 

Some elements of the artifact constellation may not be required, and this could easily be addressed through something similar to Yara 'conditions', in that the various artifacts could be grouped with parens, as well as 'and' and 'or', identifying those artifacts that may not be required for the constellation to be effective, although not complete. From the above examples, the Registry values being modified would be "required", as without them, Windows Defender would not be disabled. However, a Prefetch file would not be "required", particularly when the platform being analyzed is a Windows server. This could be addressed through the "condition" statement used in Yara rules, and a desirable side effect of having a "scoring value" would be that an identified constellation would then have something akin to a "confidence rating", similar to what is seen on sites such as VirusTotal (i.e., "this sample was identified as malicious by 32/69 AV engines"). For example, from the above bulleted artifacts that make up the illustrated constellation, the following values might be applied:

  • Required - +1
  • Not required - +1, if present
  • +1 for each of the values, depending upon the value data
  • +1 for each event record
If all elements of the constellation are found within a defined temporal proximity, then the "confidence rating" would be 6/6. All of this could be handled automatically by the scanning engine itself.

A notional example constellation description based on something similar to Yara might then look something like the following:


    $str1 = UserAssist entry for Defender Control
    $str2 = Prefetch file for Defender Control
    $str3 = Windows Defender DisableAntiSpyware value = 1
    $str4 = Windows Defender event ID 5010 generated
    $str5 = Windows Defender DisableRealtimeMonitoring value = 1
    $str6 = Windows Defender event ID 5001 generated


    $str1 or $str2 and ($str3 and $str4 and $str5 and $str6);

Again, temporal proximity/dispersion would need to be addressed (most likely within the scanning engine itself), either with an automatic 'value' set, or by providing a user-defined value within the rule metadata. Additionally, the order of the individual artifacts would be important, as well. You wouldn't want to run this rule and in the output find that $str1 was found 8 days after the conditions for $str3 and $str5 being met. Given that the five-field TLN format includes a time stamp as its first field, it would be pretty trivial to compute a temporal "Hamming distance", of sorts, a well as ensure proper sequencing of the artifacts or toolmarks themselves.  That is to say that $str1 should appear prior to $str3, rather than after it, but not so far so as to be unreasonable and create a false positive detection.

Finally, similar to Yara rules, the rule name would be identified in the output, along with a "confidence rating" of 6/6 for a Windows 10 system (assuming all artifacts in the cluster were available), or 5/6 for Windows Server 2019.


Something else that we need to account for when addressing artifact constellations is counter-forensics, even that which is unintentional, such as the passage of time. Specifically, how do we deal with identifying artifact constellations when artifacts have been removed, such as application prefetching being disabled on Windows 10 (which itself may be part of a different artifact constellation), or files being deleted, or something like CCleaner being run?

Maybe a better question is, do we even need to address this circumstance? After all, the intention here is not to address every possible eventuality or possible circumstance, and we can create artifact constellations for various Windows functionality being disabled (or enabled).

11 Apr 02:07

Here is how you can play TimeSplitters 2 HD on PC via Homefront: The Revolution

by John Papadopoulos

Now here is one of the best easter eggs we’ve ever seen in a game. In case you didn’t know, Dambuster Studios added an HD remaster of TimeSplitters 2 in Homefront: The Revolution. And below you can find a guide via which you can play all of its levels on PC. Now what’s really cool … Continue reading Here is how you can play TimeSplitters 2 HD on PC via Homefront: The Revolution →

The post Here is how you can play TimeSplitters 2 HD on PC via Homefront: The Revolution appeared first on DSOGaming.

10 Apr 01:29

TimeSplitters 2 remastered is out now on PC (inside Homefront: The Revolution)

by Dustin Bailey
TimeSplitters 2 remastered is out now on PC (inside Homefront: The Revolution)

Finally, Free Radical's cult classic, TimeSplitters 2, is available in remastered form on PC - inside Homefront: The Revolution. 2016's Homefront sequel has always had an arcade machine that let you play the first two levels of TimeSplitters 2 inside, but a developer recently revealed that the entire game was there all along, hidden behind an unlock code that had been lost to time. Now, just a few days later, players have figured out how to get access to the full game.

According to developer Matt Phillips, who implemented the TimeSplitters 2 port, the full game was meant to be unlockable through some good, old-fashioned cheat codes. "The unlock code has been lost to time," Phillips says. "I don't have the notebook with it in anymore. I once gave it to a friend to leak in some Discord channel and they called him a liar and banned his account."

With that in mind, the community immediately started working to find the code - and did so in a matter of days. The full list of codes to unlock the various TimeSplitters 2 modes are available here, and Steam community guides have even provided save files to minimise the amount of time you need to spend playing Homefront: The Revolution.

09 Apr 21:50

How to Pet-Proof Your Garden This Spring

by A.A. Newton

Pets and gardens don’t always get along. If you have both, it’s important to keep them out of each other’s business so everyone stays happy and healthy.