Ray tracing is coming back to the Resident Evil 2 and Resident Evil 3 remakes on PC, according to Capcom. That’s after the graphical option was quietly removed from both games this past week, following a recent update. Fans had been wondering if the move was deliberate or not, but Capcom’s announcement seems to confirm that it was just a mishap. So, zombie slayers should be able to go back to running around in realistically lit corridors full of shadowy corners very soon.
Microsoft is excited to announce that we are shifting to a new threat actor naming taxonomy aligned to the theme of weather. The complexity, scale, and volume of threats is increasing, driving the need to reimagine not only how Microsoft talks about threats but also how we enable customers to understand those threats quickly and with clarity.
The post Microsoft shifts to a new threat actor naming taxonomy appeared first on Microsoft Security Blog.
During the 2014 Sony E3 press conference, viewers were treated to a surprise cinematic trailer, one that has since gone down in history. The trailer featured a meat-headed jogger taking a casual dash down Venice Beach, blissfully unaware of the absolutely bombastic chaos that was exploding all around him, as hordes of flesh-eating creatures lay waste to the beautiful people of California. Ultimately becoming one of the infected himself, the jogger is eventually wiped out by a speeding minivan, before an onscreen graphic finally reveals the trailer as a preview for Dead Island 2.
That trailer debuted almost 10 years ago. And on April 21, 2023, Dead Island 2 will finally release, two console generations on from its initial announcement, and after passing through no less than three development studios. Having been mired in development hell for almost a decade, and been the subject of cancellation rumors, internet jokes, and even a reference point for other games and studios, it seems a miracle that we finally have anything in our hands. But can the talent of British developer Dambuster Studios resurrect this long-since-decayed release, or would it have been better left dead and buried?
Look, we all know the story, so there ain't nothing left to it but to do it.
Dead Island 2 (PlayStation [PS5 reviewed], PC, Xbox)
Developer: Dambuster Studios
Publisher: Deep Silver
Released: April 21, 2023
MSRP: $69.99
It must be noted that, with Dead Island 2, Dambuster Studios is not attempting to reinvent the wheel. The long-time-coming sequel essentially builds upon the general design and gameplay structure of its now-decade-old predecessor. That isn't to say that this is a case of "If it ain't broke...", because Dead Island was fucking broke. This is a title where I once kicked an inflatable beach ball, which resulted in my character screaming, keeling over, and dying on the spot. No, rather than attempting a full conceptive rebirth, Dead Island 2 is more a "Take Two" on what came before, with stronger efforts made to deliver the player experience perhaps expected of that release.
Our story concerns a party of six survivors — each one the worst person you've ever met — who crawl from the wreckage of a failed evacuation flight, crash-landing in the heart of Los Angeles, or "Hell-A" as it is now known. Beginning in media res, the outbreak is already underway, covering the City of Angels in blood and bodies while the local authorities attempt to put a band-aid on an oozing, pustulous wound. Choosing one member of the pity party, our "Slayer" is thrust into the thick of the carnage, and must utilize adaptation, improvisation, and smart-mouthed quippin' (boy howdy, the quippin') to find their way out of the city and to higher ground, away from millions of arm-munching, TikTok-filming posers.
What follows is an open world odyssey, as the Slayer treks through a million-dollar city of broken dreams — From the closed gate communities of Bel Air and the splendor of Beverly Hills, to the baking, radiant sands of Venice Beach and, of course, the star-studded avenues and alleyways of Hollywood. It goes without saying that these venues have all seen better days — less brain-encrusted days, at least — and this bizarre juxtaposition of celebrity and atrocity never fails to remain an unnervingly attractive take on a potential armageddon. I'll still take it over Florida.
https://www.youtube.com/watch?v=f70Uz0fnX7E
Initially, Dead Island 2 appears poorly plotted at best and baffling at worst — why your punk-rock character chooses to instantly do the bidding of The Rich makes zero sense whatsoever — but, as the story progresses, an evolving tale of survival and desperation unfolds, joined by elements of conspiracy, human evolution, and man's endless inhumanity to man.
And though our ensemble cast is, for the most part, intolerable, a pragmatic realization gives way; These aren't bad people, per se, they're just in a bleak and thoroughly miserable situation. As the story progresses, we come to understand the stage and its players better. Even beginning to develop an actual kinship with the same folk that we originally couldn't stand the sight of. They aren't necessarily terrible. They're just human... Except for "Who Do You Voodoo, Bitch?" singer Sam B. He is terrible.
Though disconnecting at the outset, the spirit of Dead Island 2 and its world grows on the player as they come to understand the hopelessness that faces these stragglers — From the whiskey-soaked rock stars and uptight Hollywood divas, to bronze-skinned beach bums and simple folk just trying to survive, let alone thrive. The mask of humanity is off, and the outbreak is making a monster of many, as viral outbreaks tend to do. There are no real "good guys", just different shades of survivalist.
While it's fair to say that the plot of DI2 is hardly original, it's still surprisingly compelling. By the time the final act rolled around, all of sudden, the realization dawned that the survival of this pack of awful bastards had suddenly become the most important thing in my life.
Look, I know the trailers are terrible. There's some great performances in here. Honest.
The core of Dead Island 2 is its combat. It's the decaying meat of the piece, and the melee-based carnage on offer here is brilliantly devised. Whether wielding swords, baseball bats, axes, steel pipes, or Triple H-esque sledgehammers, there is an effective, wholly satisfying weight and impact to the violence on display, bolstered by the addition of counters, parries, and gleefully explosive execution maneuvers. It's important that the melee is enjoyable, as it is ultimately 90% of the player's activities, and Dead Island 2's "crunch" is so delicious, that it actually becomes a tad detrimental to the game when guns finally do come into play, (though they do add some variety to all the home-run swingin' action).
In addition to the weaponry, Dead Island 2 has a mix-and-match build system, that affords your chosen Slayer various skills and perks, sometimes for free, sometimes at the detriment of other abilities. These range from defensive tactics such as dodges and slides, to bonuses such as damage boosts for downing zombies, or awarding health for severing undead limbs. Without giving too much away, things get pretty funky after a point, and you can make your Slayer quite the force to be reckoned with, finely tuned to your own bespoke playstyle.
Still, despite the enormous range of customizable weapons and skills on offer, Dead Island 2 remains challenging. Even as the Slayer levels up, the difficulty remains in a sweet spot that prevents the player from ever becoming too powerful. As kitted out as you become, the infected are perpetually a legitimate threat. But with clever combinations of weaponry, skills, elemental boosts, and environmental attacks, DI2 ensures that while the numbers are on the side of the undead, the wits are with the player.
A special tribute must also be paid to the most satisfying dropkick in video game history. A move that, I guarantee, will become your best friend. Especially on rooftops and in front of windows.
Dead Island 2 is a repetitive game, wholly and unashamedly. It is essentially a title that tasks the player with going on endless "Locate this person/item" quests, almost always boiling down to making your way to the location in question and slaying triple figures' worth of zombies en route. There are plenty of side quests in each district, all of which offer rewards in the form of rare weapons, blueprints, and perks, but ultimately, Dead Island 2 only has one real trick, and that is to ask the player to get to an undead infested venue and back alive.
This in itself was a major problem with the first game, and would lead to boredom just scant hours in.
While DI2 doesn't stray too far from this design path, what it does do to combat fatigue is ensure that the environments are legitimately fun to explore, while constantly drip-feeding the player new characters, fun conversations, and a wide variety of different enemies to be hacked 'n' slashed. There is also a metric ton of environmental storytelling, much of which is of the tired "audio log" variety, but some of which is executed via simple set design and in-universe audio — distant screams, abandoned radios, a wedding from hell, a strongman competition turned massacre, a frightening theme park, and a horror movie set where things got a little too meta.
Dead Island 2 has a gameplay mentality that is generations old, but it uses the benefits of modern tech to polish up its 2010's vibe. The infected are large in number, varied in design, and look gruesomely gorgeous. The world itself is well-realized and intelligently mapped. Elemental and gore effects are dazzling, and cleverly limited use of music ensures that, while the combat is relentless, the player knows when shit is really going down.
Dead Island 2, at its heart, is an old-fashioned game, but it's wearing a damn flashy new suit.
Dead Island 2 is far from an excellent title, and its flaws might turn away those without the patience to fully explore its world and mechanics. While it certainly gets better the deeper you delve into its world, this style of explorative, combat & craft-heavy action isn't going to be to everyone's tastes, especially in 2023. The endless grabbing of crafting components, audio logs, and keycards — actions that are so repetitive the Slayer themselves repeatedly rags on it — may lead some players to consider double-checking the calendar.
From a technical standpoint, the sequel is a massive improvement over the notorious original, but still suffers from choppiness — Minor frustrations such as immovable prompts, occasional clipping, failed enemy spawns, or unresponsive enemies. Strange one-off bugs, such as a character's voice remaining echoed even after they had left a building, (all of which fixed themselves after a reload). Performance-wise, however, the PS5 edition played for review was sound, maintaining its framerate in even the busiest and messiest of zombie massacres. Most importantly, I kicked a beach ball and kept breathing.
When you combine the small technical troubles with the generally Gen-7 approach to gameplay, Dead Island 2 becomes something of a divisive release. Those who perhaps crave more in the way of firearms, vehicular mayhem, or more variety in its quests and activities may struggle to persevere to the point where Hell-A opens up its vulgar box of delights. That said, those who enjoyed the original Dead Island, or similar relentless, zombie-smashing experiences — such as Capcom's Dead Rising, will think it's fucking Christmas, with perhaps the best gaming interpretation of a Zack Snyder zombie flick yet.
Rewarding player experimentation and exploration, you get out of DI2 what you put into it, and thus, it's very much a game for a specific and dedicated audience. And given its exceptionally lofty $70 price tag, "dedicated" is doing a lot of lifting in that sentence.
I'll level with you. I didn't want to review Dead Island 2, and I sure as hell didn't want to play it on my own time. If you'd had asked me to point to a 2023 release that I felt was going to be an absolute slog to play, as well as being a chore to write about, then this sequel would've probably been number one with an acid-tipped bullet. 10 minutes into playing, I still felt this way, eye-rolling and deep sighing at the characters, the setup, and the teasing of 15 hours of fetch quests and keycard searching.
But, as time passed, as Hell-A opened up, as the combat evolved, and as I met more and more denizens of Hollyweird, I warmed up immensely to this title. I became excited to explore each new district, while digging the world design, the attractively gruesome visuals, and the "Glam Apocalypse" aesthetic. I appreciated the wanton, salacious, and satisfying violence, and, most surprisingly of all, this atrocious cast of characters eventually became my friends, (except for Sam B.)
It is testament to the talent of Dambuster Studios that they picked up the remnants of the most development hell title of the past 15 years — a game that had "contractual obligation" written all over it — and have turned it into a great sequel. Dead Island 2 sports a solid world, great audio/visuals, and an excellent combat system, wrapped up in a resonant, bleakly comic story of mankind's inability to ever save itself. Is it perfect? No, it's not, but it is the redemption story Dead Island needed, as well as perhaps the greatest example of a seemingly doomed release that actually delivered when it finally crawled out of purgatory. I was wrong. I had a fine time with a game I absolutely did not want to play.
And, y'know what? I actually think I'm gonna play through it again.
It shouldn't have worked. It should have been a disaster. A decade-long internet joke ending in a comically terrible release. And yet, with Dead Island 2, Dambuster delivers a sequel that hugely improves upon the original, offering raw, no-nonsense chaos, wrapped up in a gaudy wrapper of sun, sand, and slaughter. While the old-school, repetitive gameplay won't be to everyone's taste, decadent violence, tastelessly compelling environments, and a surprising amount of heart await those who have the patience to wade through the misery of a paradise lost.
[This review is based on a retail build of the game provided by the publisher.]
The post Review: Dead Island 2 appeared first on Destructoid.
In the fall of 1979, Sam Raimi, Bruce Campbell, and the rest of the cast and crew arrived on location in the woods of Tennessee to make a movie called "The Evil Dead." It wasn't always called that; its original title was "The Book of the Dead," and there were more suggested titles along the way. Thankfully Raimi went for economy, and the title we know today matches the film: Concise, scary, and in-your-face.
It also wasn't the first time that Raimi and friends had embarked on such a project. A year earlier, the young filmmaker rustled up $1600 to make a 30-minute proof-of-concept called "Within the Woods" to showcase his team's talent and raise money for their first feature-length movie. It is only just about watchable, but it is fascinating to see some ideas and techniques that Raimi would later use taking shape in the trial run.
"Within the Woods" helped secure enough funding to make "The Evil Dead." Released in 1981 after the successes of "Halloween" and "Friday the 13th," it became a sleeper hit. At that stage, even Raimi himself probably never envisioned that his film would go on to become a cult horror franchise, with two sequels, a remake, a TV show, and a new generation of Deadite-bashing movies beginning with "Evil Dead Rise."
Raimi's film was incredibly influential, cementing the spooky cabin in the woods setting as a subgenre of its own and paving the way for "Cabin Fever," Tucker & Dale vs. Evil," and, er, "The Cabin in the Woods." As groundbreaking as "The Evil Dead" was, its concept wasn't totally original. 13 years before Raimi made "Within the Woods," another young filmmaker and his pals made "Equinox," an ultra-low budget horror movie with an uncannily similar premise.
"Equinox" opens with a young man, David (Edward Connell), frantically fleeing an unseen menace in the woods. Making it to the road, he is struck down by a car with no driver.
Exactly a year and one day later, a newspaper reporter visits the psychiatric ward to follow up on his previous story about the mysterious deaths of David's friends. David, now in a catatonic stupor, becomes violent when shown a photo of his old university professor, Dr. Watermann (Fritz Leiber).
The reporter listens to a tape of David's testimony from when he was first brought into the ward. In flashback, David tells how he received a phone call from Dr. Watermann, asking him to come urgently to his cabin in the mountains. Along for the ride was his best friend, Jim (Frank Bonner), Jim's girlfriend Vicki (Robin Christopher), and his blind date Susan (Barbara Hewitt).
They find Dr. Watermann's cabin destroyed and no sign of the professor. Exploring a nearby cave, a crazy old man gives them a strange book filled with arcane symbols and ominous illustrations. Helpfully, Dr. Watermann's notes are tucked inside, revealing how his experiments with the book unleashed demonic creatures, one of which trashed his shack.
Things get worse from there. The gang finds huge footprints in the sand outside the cave and spots a castle that appears and disappears randomly; Dr. Watermann dies after snatching the book from David, only for his body to vanish; and they encounter Asmodeus (Jack Woods), a creepy forest ranger with very suspicious eyebrows. For a finale, the kids witness the true power of the book. They're attacked by a huge gorilla-like creature and a giant caveman before Asmodeus reveals his true nature and turns into a winged demon. Running for their lives, David is the only survivor. Or is he?
"Equinox" was the pet project of young filmmaker and producer Dennis Muren, who got together with writer Mark McGee and stop-motion animator David Allen to make their own monster movie. Muren would go on to have a hugely successful career in special effects, winning eight Oscars for his work on movies like "The Empire Strikes Back," The Abyss," and "Jurassic Park."
With that kind of nascent talent behind the project, it's no surprise that the special effects are what really make "Equinox" worth watching. The stop-motion creatures wouldn't look out of place in a Ray Harryhausen movie, which is incredible considering it was made by a group of teenagers on a tiny budget. The rest of the film is fun but unremarkable, with pleasant performances and a cheerful can-do spirit. Without the benefit of lighting, Muren and friends shot during the day, giving the movie a sunny Californian vibe like the Beach Boys took a wrong turn and wound up in a horror flick.
Muren's movie was shot over two years and then lay dormant until it was picked up by Jack H. Harris, the producer best known for "The Blob." He hired editor Jack Woods to film extra footage with the original cast, re-edit, and pad it out to feature length for a theatrical release in 1970. The newer footage mostly blends in, although the length of time between the original 1965 shoot and the extra scenes results in the actors visibly aging and de-aging before your eyes.
The similarities between "Equinox" and "The Evil Dead" don't stop at the storyline and subject matter. Although Raimi's film cost considerably more, it was still a low-budget project that needed plenty of hands-on ingenuity. One that was made in far less sun-kissed circumstances.
"The Evil Dead" eventually cost $375,000, which sounds like a fortune compared to what Sam Raimi originally had to work with for his prototype. Even so, it was still an exercise in DIY-style filmmaking that put the cast and crew through a miserable 12-week shoot as winter set in. As Raimi told IGN:
"There was no running water, and it was in the 20s and 30s -- we didn't have any winter wear. It was freezing. When you're in that cold for 16 hours, you start to -- I started to die. There was no food, and everything was covered in Karo syrup in that temperature... The only water we had was in a hot water heater so you could make instant coffee. Boiling water over your hands from the tap; that's how you'd wash them, to load the film into the camera."
One of the great things about "The Evil Dead" is that you can almost see the filmmaker's fingerprints. When you feel that human touch and the passion that went into it, it's easier to overlook the moments when the budget restrictions poke through. Raimi's directorial style stands out, typified by those signature crash zooms and prowling P.O.V shots representing the evil force crashing through the woods. Those moments still look really accomplished, achieved by strapping a camera to a length of timber and running with it through the woods. The effect is so good that Raimi even snuck a slicker version into his much higher budget "Spider-Man 2." As for the gloopy makeup effects, the man responsible was Tom Sullivan, who also worked on "Within the Woods" and credits "Equinox" with influencing his career.
Given the close similarities in the storyline and subject matter, it would seem surprising if "Equinox" hadn't had some influence on "The Evil Dead." However, Sam Raimi has cited "The Night of the Living Dead" and "The Texas Chainsaw Massacre" as major inspirations instead. This makes sense, as they were also groundbreaking low-budget horrors that were largely set in a claustrophobic single location.
"Equinox" was promoted by influential editor Forrest J. Ackerman in "Famous Monsters of Filmland" magazine, bringing it to the attention of a new generation of creature feature lovers including Tom Sullivan, who oversaw the makeup effects in "Within the Woods" and "The Evil Dead." He acknowledged the film had a big impact on his career (via Criterion):
"I had seen 'Equinox' at least twice in drive-ins before making 'The Evil Dead.' I don't recall having discussed it with Sam Raimi, but the similarities are remarkable. I think they come from the low-budget nature of both films. That is, a few characters, an isolated, inexpensive location, and ambitious special effects. All in all, 'Equinox' did inspire me to continue my goal of making movies. 'If they can do it...'"
I'm not about to accuse Raimi of ripping off "Equinox" but, as they say, there is no such thing as an original idea. Whether Sullivan remembers it or not, it seems unlikely to me that the film never came up when talking about the storyline for "The Evil Dead." After all, the source of evil changed from a desecrated burial ground in "Within the Woods" to a necromantic book unleashing demons on a group of teens. Whether it had an influence or not, the charming earlier film makes a fun port of call for "Evil Dead" fans eager to check out the connections.
Read this next: Horror Remakes That Are Better Than The Originals
The post The Low-Budget Horror Cult Classic That May Have Inspired Evil Dead appeared first on /Film.
After 25 years, Netflix's original business is shutting down. The company has revealed that it will "wind down" DVD rentals (that is. DVD.com), with its last movie discs mailing on September 29th. Simply put, the shrinking demand for physical rentals is making it "increasingly difficult" to offer the quality of service the company wants.
Netflix shipped its first disc (Beetlejuice, if you're curious) in 1998. It has since mailed over 5.2 billion movies in its signature envelopes (nearly all of them before 2019) to more than 40 million customers. You likely know the story after that. The company began streaming on-demand video in 2007, and that business grew quickly enough that it became Netflix's most popular offering by 2009. After a premature attempt to spin off the mailed rentals as Qwikster in 2011, Netflix moved them to DVD.com in 2016. By that point, the company was well into producing original streaming shows and had stopped mailing DVDs on Saturdays.
There's also a financial incentive to drop disc rentals. While Netflix is recovering from a bleak 2022, its profits in the first quarter were still worse than they were a year ago. Subscriber growth was relatively modest, too, at 1.7 million new users. A decision to axe the DVD-by-mail unit could help Netflix trim costs, even if the savings are relatively small. The disc market has been on a sharp and steady decline for years, according to VideoScan/MediaPlayNews data — sales alone dropped 19 percent from 2021 to 2022.
It's nonetheless a sad moment for home video fans. Netflix played a major role in shaking up the movie rental business. Where retailers like Blockbuster dominated in the 1990s and early 2000s, Netflix helped people stay at home. Blockbuster and other rivals hopped into the market years later but fought to gain traction. While retail rentals are still available through Redbox kiosks and similar options, it's safe to say Netflix changed expectations for good.
This article originally appeared on Engadget at https://www.engadget.com/netflix-will-shut-down-its-dvd-rental-business-in-september-195213827.html?src=rss
Read more of this story at Slashdot.
Aging is a natural process that we cannot avoid. As we grow older, our health, mobility, and overall physical and mental abilities decline, which can be quite depressing. However, if you focus on life’s positive aspects, senior years can also be filled with joy, self-discovery, and memorable experiences. This blog post will discuss six practical ways to fill your aged years with happiness and excitement.
As you age, your social network tends to shrink due to fewer opportunities to meet new people or engage in new activities. Therefore, staying connected with your family, friends, and community groups is essential to maintain a sense of belonging and support. You can join a social club, volunteer in a charity, attend a senior center or participate in a hobby group to meet new people and create meaningful connections.
Another great way to maintain your social network is by attending church services. This will help you connect to a larger community and make new friends who share your values. The good news is that you don’t have to leave your home to attend church services. Many churches offer virtual Sunday services, so you can stay connected with fellow believers while enjoying the comfort of your home.
Aging does not mean giving up on your passions and interests. It is the perfect time to explore new hobbies, learn new skills, and develop your talents. If you don’t know what hobbies or activities to try, here are some ideas:
Planting a garden is an enjoyable and easy activity from home. Gardening can give you the peace of mind and satisfaction of creating something beautiful with your hands. Invite some of your family or friends to join you in your gardening venture and enjoy some quality time together.
Woodworking is an excellent activity for seniors because it stimulates the brain, enhancing physical strength and agility. It also helps you appreciate the beauty of nature and teaches patience as you watch wood transform into something useful.
Cooking has many benefits, both physical and mental. Not only will it help you stay active, but it will also elevate your mood while savoring delicious dishes. Try experimenting with new recipes or learning traditional dishes from your heritage to keep things interesting.
Nature has a therapeutic effect on the mind and body. Go for walks in the park or trails, explore nearby gardens, and admire seasonal flowers. You can also visit beach towns to appreciate the ocean’s beauty or take a road trip to seek new experiences.
Maintaining good physical health is crucial for overall well-being, especially in senior years when health can be fragile. You can include regular exercise, a healthy diet, and routine check-ups to energize your body. Walking, swimming, yoga, and dancing are great options for seniors to stay active without putting too much strain on the body.
Aging can come with higher stress, anxiety, and sleep disorders. Mindfulness and relaxation techniques, such as meditation, deep breathing, tai chi, and massage, can help improve mental and emotional well-being. These practices can also reduce inflammation, lower blood pressure, and improve sleep patterns.
Just because you are in your senior year does not mean you cannot travel or explore new places. It is the perfect time to cross some destinations from your bucket list! You can plan a trip with your loved ones, take a group tour, or travel solo to explore new cultures and make new memories.
Giving back to your community can create a sense of purpose and fulfillment while helping others in need. You can volunteer at a local charity, donate to a cause you care about, or mentor young people. This can create a sense of pride and satisfaction, knowing that your contributions positively impact other people’s lives.
In conclusion, senior years can be filled with joy, excitement, and fulfillment if we focus on the positive aspects of life. By staying connected with our social network, pursuing our passions, prioritizing our physical health, practicing mindfulness, traveling, and giving back to the community, we can create a life filled with happiness and contentment. Remember, age is just a number, and we can make the most of our senior years with a positive attitude and the desire to make each day count.
The post How to Fill Your Golden Years with Joy and Happiness appeared first on Joe Martin.
There’s a type of food writer who will insist certain recipes can’t be done without the best, most premium ingredients. I once read an article that said you shouldn’t even bother making a caprese without the finest bufula mozzarella (or, if you must, local cow’s milk mozzarella). This, in my not-so-humble but somewhat…
It was after a particularly grueling session with The Legend of Zelda: Breath of the Wild that I started to wonder: When did developers stop putting cheats into their games to help the less talented among us get through the tricky bits? When I was a kid, a little bit of Up Down Left Right A and Start together, and a little older, a little /~noclip saved me no end of bother. These days, if you look for cheats for any modern game online, the best you’ll get is to be sassily told to “git gud.”
Sorry, a little context: I play games, but I’m not a Gamer, or a Nintendo Person, so in 2023 I resolved to remedy this. So many discussions at work fly past me because while I’ve heard of Cliff Bleszinski and Hironobu Sakaguchi, I couldn’t tell you their oeuvre without Googling. Part of my self-education was to watch every Zero Punctuation compilation to speedrun the last decade of games development. Another part was to seek out some classic games that I’d never played through ignorance, weakness, or my own stupid fault.
The first step on this journey only required me to go to the bookshelves in my living room, ironically. I bought my Pokémon Go-loving wife a Nintendo Switch at the start of 2020 so she could play Let’s Go Pikachu!. Not long after, a friend handed me their copy of Breath of the Wild and said I should give it a play. But it’s been sitting on my bookshelf for three years, as I subconsciously resisted the urge to give it a go. This, I’ll admit, is because I’ve always had the notion that Nintendo games are Hard Work.
And that was my belief up until a month ago, when I thought I’d better try Breath of the Wild before Tears of the Kingdom came out. I figured I’d give it half an hour, the smallest of toes dipped into the world, so that I could say I’d tried and that it wasn’t for me. And before you can say “I need to be up at seven in the morning for work,” it was long past midnight. Since then, Breath of the Wild has consumed my every waking moment. It is, without a doubt, one of the most engrossing and immersive games I have ever played, despite my frustrations.
It’s why I felt compelled to write this, because I want to spread the gospel to non-gamers who might feel similarly like they’ve missed the bus. Especially since we can hope that the older game might fall in price as people seek out its replacement. Or, given the current situation with Nintendo persistently keeping the prices of its older first-party games high, at least it won’t get any more expensive. But, to undermine my own argument, I’d say that if Tears of the Kingdom is half as good as Breath of the Wild, it’ll probably be the first game that’s worth the $70 fee Nintendo’s trying to push consumers into accepting.
Despite its age (it is from 2017, after all), Breath of the Wild feels cutting-edge, and part of that is how deep it is. When I started playing, I worried that it would be yet another soulless open-world grind-a-thon, a feeling not soothed by the presence of Far Cry-esque towers you need to conquer to open up areas of the map. But the one thing that this game has that sets it apart from its genre-mates is a level of curation that continues to surprise me.
It plays out on a sprawling map, but it never feels like you’re traversing through an empty void. The density of what’s available means that, despite spending a month or so covering just half of Hyrule (I’ve only recently reached Goron City), I never stop finding new stuff. And there are some assets that have been reused, like the standard template for enemy camps, but you never feel that they’ve been copy-pasted to pad out the space. This Hyrule feels hand-made, with every detail sweated beyond any player’s comprehension.
Even a philistine like me can appreciate the level of craft, not just in its layout, but how it has been built. Take the chemistry engine, which seems like such a simple idea you wonder why it hasn’t been a part of open worlds forever. By giving each material its own properties, you can take advantage of more than just weight physics to help you solve puzzles. Thanks to YouTube, once I understood how Shock Traps worked, I was able to start making real progress in the shrine quests that put you face to face with a particularly murderous killbot.
And the game’s critical path is left so completely wide open as to almost not matter at all, giving you total freedom. Rather than giving you a set series of missions, you unlock the main quest line after the first hour, and then can tackle it in any way you wish. I’ve seen more than a few Straight To Ganon speed runs where expert players take a bare-footed Link to defeat the title’s big bad within minutes of being able to leave the tutorial area. I love, too, how the landscape gently nudges you toward the safer areas where you can level up before you’re let loose on the harsher climates of, say, Death Mountain.
This works so well that when you’ve gotten a little way along you start picking up weapons that aren’t total garbage. Recently, I was cornered by a Guardian Stalker, very much a one-hit kill villain you can only ever hope of running out of view from. But, trapped in the North Lomei Labyrinth, I had no option but to try and fight without dying. And I managed to hack off its legs, one by one, until it flopped on its side, unable to shoot me with its laser. The feeling of exhilaration and satisfaction after so many deaths, was one for the ages. You don’t need to git gud in the grindy sense, you just need to spend enough time in the world to gently, naturally evolve how you play the game until things get easy.
And this is when I realized there was a good reason developers don’t put cheats into their games any more. Because a good title, like Breath of the Wild, rarely prescribes how you navigate and solve its world. If you’re not a fighter, you can devote your energies to stealthily circumnavigating your foes. When you grasp the game’s physics engine, you can use a well-placed remote bomb to send a venom-spitting Lizalfo hurtling down the side of a cliff. The only thing I can’t do yet is take on a Lynel – the game’s super-tough mini-boss – and not get rinsed, because I’m not sure I’ll ever learn the art of parrying.
Now, that may be deficiency enough that I never actually finish the game, since that’s rarely an impediment to getting to the fun bits. Take the shrine quests, which (mostly) offer the most enjoyable physics puzzles since Portal, give or take the aforementioned combat trials. Part of this is because the puzzles can be hard but are never unfairly-formatted, and there’s almost always a solution that’ll come to mind if you just walk around for long enough. The fact there’s no time limit or villain trying to force you to hurry up helps matters considerably.
I have gripes, but they’re all mostly nitpicks. The Switch’s hardware limitations means that the game’s draw distance can sometimes be a problem. If you’re looking for a spot out of sight of enemies to land your glider on, it can only be once you’re inches from the ground that it’ll finally render a camouflaged Lizalfo. And Nintendo’s policy of never being entirely open with the player to encourage experimentation means you’ll need to have some YouTube tutorial channels bookmarked to help you navigate some of the more baffling bits.
Simon Parkin’s essay about Breath of the Wild in The New Yorker quoted original series creator Shigeru Miyamoto, who described Hyrule as a “miniature garden you can put into a drawer and revisit any time you like.” And this speaks to something I’ve found about the game, that it’s less of a video game and more of a place that you can choose to visit. This vast, pastoral paradise, which you can roam around on foot, climbing mountains or on horseback. A land only spoiled by the regular appearance of a zombified enemy crawling up out of the ground to ruin your reverie.
In a way, as much as I enjoyed having No Man’s Sky as my lockdown game of 2020, I wish I’d been braver and tried Zelda back then. I’d have rather spent time inside Miyamoto’s miniature garden, now lovingly tended by Hidemaro Fujibayashi and Eiji Aonuma. And I think I’m going to have to try and get this finished as quickly as possible so that I’m ready to continue my journey in Tears of the Kingdom.
This article originally appeared on Engadget at https://www.engadget.com/how-this-non-gamer-fell-in-love-with-the-legend-of-zelda-breath-of-the-wild-123054845.html?src=rss
[Update 2: Ray tracing has been reimplemented in a recent patch. This writer has confirmed that the options now once again appear in the settings.]
[Update: Capcom has stated via Twitter that they are aware of the issue with Ray Tracing not being available in the Resident Evil 2 and Resident Evil 3 remakes on PC. They say that this will be addressed in a "future update." As of writing, the patch is not available. Our original story follows.]
In a strange update that some are speculating was an accident, Capcom has removed the Ray Tracing feature from the PC ports of the Resident Evil 2 and 3 remakes. Furthermore, the Dolby Atmos feature was removed from Resident Evil 3.
The patch rolled out sometime over the weekend. This writer saw it and wondered internally what it was for. There were no patch notes included with it. Reports later came in of the feature removal.
Capcom has said nothing of the change, leading to much speculation. I did what you should never do and checked the Steam discussion forums and immediately regretted it. While there is a thread that demonstrates how you can revert to the previous patch and restore the feature, most of the comments were pure speculation, dumb jokes, or complete disinformation. I followed up on Reddit, and there, it’s much the same. No one seems to know what happened.
On April 12, Capcom reported that they were ending support of the non-Ray Tracing DirectX 11 version. What they meant by this is that the DX11 version will no longer be receiving updates – you can still access it if you want to. However, this has led some to speculate that Capcom accidentally disabled the DX12 branch. Then disputed. The theory that this was an accident is credible, if only because Capcom didn’t announce it in advance when they advised about the end-of-support for DX11. However, it seems like it would be very difficult to just do that by mistake.
Following my playthrough of Resident Evil 4, I reinstalled Resident Evil 2 for another go-round. I very quickly became distracted by other things, but I found the Ray Tracing to be well-implemented and that it ran reasonably well. While I’m not a fan of Ray Tracing’s performance relative to the visual differences it has, it does look more natural than RE2’s built-in screen space reflections. I guess I’ll wait a bit to see if another patch comes through the queue, but otherwise, I might just uninstall it and play it on console instead.
The console versions of Resident Evil 2 and 3 seem unaffected. Resident Evil 7, 8, and 4 all retain their Ray Tracing feature on PC. Destructoid will keep you posted on any comments by Capcom or reverse in the removal.
The post Ray Tracing gets removed from Resident Evil 2 and 3 remakes on PC (Update) appeared first on Destructoid.
We can all appreciate that April showers bring May flowers; but when those showers also bring dampness to your basement and water damage to your foundation, that appreciation wears thin. For those who live in parts of North America experiencing a rainy early spring, the deluge coming from the downspout might seem like…
UPDATE : July 9, 2023
The article has been updated to include new signatures added for SSL, DNS and NTLM protocols.
UPDATE : May 22, 2023
On July 18, 2023, Microsoft will be deprecating a subset of signatures found in the "NetworkSignaturesInspected" action type of Advanced Hunting. With the recent integration of Zeek providing advanced protocol parsing capabilities, which result in better visibility into full network sessions compared to the raw packet bytes found in the "NetworkSignaturesInspected" action type of Advanced Hunting today, the effort to consolidate will provide a better overall experience for our customers by reducing the signatures that serve similar functions without the added benefits provided by the new Zeek alternative. For customers currently using the "NetworkSignaturesInspected" action type, here is a list of signatures that will be deprecated, referenced alongside their alternatives available in Advanced Hunting:
|
Protocol / Signature Name |
Old Action Type |
New Action Type |
|
SSH |
NetworkSignatureInspected |
SshConnectionInspected |
|
FTP_Upload |
NetworkSignatureInspected |
FtpConnectionInspected |
|
FTP_Client |
NetworkSignatureInspected |
FtpConnectionInspected |
|
HTTP_Client |
NetworkSignatureInspected |
HttpConnectionInspected |
|
HTTP_Server |
NetworkSignatureInspected |
HttpConnectionInspected |
|
HTTP_RequestBodyParameters |
NetworkSignatureInspected |
HttpConnectionInspected |
|
HTTPS_Client |
NetworkSignatureInspected |
SslConnectionInspected |
|
DNS_Request |
NetworkSignatureInspected |
DnsConnectionInspected |
Steps you can take now:
Your organization might be using a "NetworkSignatureInspected" action type in your Advanced Hunting queries and custom detections. Particularly, you might be using a Signature Name that is going to be deprecated soon. Please update your queries with the new action types so that you can leverage this valuable data and avoid breaking your current custom detections.
An example of your old query:
DeviceNetworkEvents
| where ActionType == "NetworkSignatureInspected"
| extend AdditionalFields = todynamic(AdditionalFields)
| where AdditionalFields.SignatureName == "SSH"
Your new query:
DeviceNetworkEvents
| where ActionType == "SshConnectionInspected"
-----------
In our previous blog about hunting for network signatures in Microsoft 365 Defender, we described how we used device discovery capabilities to capture some network event information in deeper detail and expose them in advanced hunting with the NetworkSignatureInspected action type. Since then we have made several developments, the most significant being the integration with Zeek. This release has expanded what is possible for generating network detections across Microsoft Defender for Endpoint. That announcement, shared examples of detections created for PrintNightmare and NTLM password spraying attempts.
Today, we would like to share a variety of Zeek-based events in advanced hunting that will help you expand your investigation, hunting, and detection capabilities for identifying and addressing network-layer anomalies across HTTP, SSH and ICMP protocols. Using the new Zeek events, we will demonstrate how to perform network threat hunting while also covering some of the MITRE ATT&CK Matrix.
Note: As the integration with Zeek continues to mature, more action types will gradually be released over time. With the Zeek integration only supported on Windows devices, these action types will surface for connections to and from Windows device.
To identify these action types in your tenant, look for the value ConnectionInspected in the ActionType field of the DeviceNetworkEvents table of advanced hunting. The extra information is stored in the AdditionalFields column as a JSON data structure and has the commonly known Zeek fields per event, which can be parsed. These field names are identical to those that Zeek uses, which are documented on Zeek’s site. You can also check the Schema Reference flyout page on the advanced hunting pages to check for any new action types that were recently released.
DeviceNetworkEvents
| where ActionType contains 'ConnectionInspected'
| distinct ActionType
The result of this query looks something like this:
Figure 1 – Sample result upon checking for ConnectionInspected in the ActionType table
The format of the action type will follow the [Protocol_Name]ConnectionInspected standard.
The HttpConnectionInspected action type contains extra information about HTTP connections, inbound or outbound. In cases where you click on an event of the HttpConnectionInspected action type, the page flyout will parse the additional fields and present them in a format like the example below:
Figure 2 – Sample result of an HttpConnectionInspected action type
Below, you will find a complete list of fields that this action type can expose and the respective descriptions:
|
Field Name |
Description |
|
direction |
The direction of the conversation relevant to the Microsoft Defender for Endpoint-onboarded device, where the values are either ‘In’ or ‘Out’ |
|
host |
The host header content |
|
method |
The HTTP method requested |
|
request_body_len |
Length of the HTTP message body in bytes |
|
response_body_len |
Length of the HTTP response body in bytes |
|
status_code |
The HTTP response code |
|
status_msg |
The full text message of the response |
|
tags |
A set of indicators of various attributes discovered and related to a particular request/response pair. |
|
trans_depth |
Represents the pipelined depth into the connection of the request/response transaction |
|
uri |
The complete URI that was requested |
|
user_agent |
The user_agent header of the request |
|
version |
The HTTP version used |
Let’s look at a few examples of using the HttpConnectionInspected action type. In the first example, you want to look for rare user agents in the environment to identify potentially suspicious outbound web requests and cover the "T1071.001: (Application Layer Protocol) Web Protocols" technique.
// Identify rare User Agent strings used in http conversations
DeviceNetworkEvents
| where ActionType == 'HttpConnectionInspected'
| extend json = todynamic(AdditionalFields)
| extend direction = tostring(json.direction), user_agent = tostring(json.user_agent)
| where direction == 'Out'
| summarize Devices = dcount(DeviceId) by user_agent
| sort by Devices asc
Suppose you have identified a suspicious-looking user-agent named “TrickXYZ 1.0” and need to determine which user/process/commandline combination had initiated that connection. Currently, the HttpConnectionInspected events, as with all Zeek-related action types, do not contain that information, so you must execute a follow-up query by joining with events from ConnectionEstablished action type. Here’s an example of a follow-up query:
// Identify usage of a suspicious user agent
DeviceNetworkEvents
| where Timestamp > ago(1h) and ActionType == "HttpConnectionInspected"
| extend json = todynamic(AdditionalFields)
| extend user_agent = tostring(json.user_agent)
| where user_agent == "TrickXYZ"
| project ActionType,AdditionalFields, LocalIP,LocalPort,RemoteIP,RemotePort, TimeKey = bin(Timestamp, 5m)
| join kind = inner (
DeviceNetworkEvents
| where Timestamp > ago(1h) and ActionType == "ConnectionSuccess"
| extend TimeKey = bin(Timestamp, 5m)) on LocalIP,RemoteIP,LocalPort,TimeKey
| project DeviceId, ActionType, AdditionalFields, LocalIP,LocalPort,RemoteIP,RemotePort , InitiatingProcessId,InitiatingProcessFileName,TimeKey
In another example, let’s look for file downloads from HTTP, particularly files of executable and compressed file extensions to cover the "T1105: Ingress tool transfer" technique:
// Detect file downloads
DeviceNetworkEvents
| where ActionType == 'HttpConnectionInspected'
| extend json = todynamic(AdditionalFields)
| extend direction= tostring(json.direction), user_agent=tostring(json.user_agent), uri=tostring(json.uri)
| where uri matches regex @"\.(?:dll|exe|zip|7z|ps1|ps|bat|sh)$"
The new HTTP action type will unlock a variety of possibilities for detection on this protocol. We look forward to seeing the queries you come up with by sharing your contributions with the community.
The SshConnectionInspected action type will display information on SSH connections. While decrypting the entire SSH traffic is not possible, the cleartext part of the SSH session initiation can provide valuable insights. Let’s look at the data found in the AdditionalFields section.
Figure 3 - Screenshot of additional fields that SshConnectionInspected generates.
The fields depend on the activity that was observed. Some of these fields might not appear depending on the connection. For example, if the client disconnected before completing the authentication, you will not have an auth_success field populated for that event..
Below, you will find a complete list of fields that this action type can expose and the respective descriptions:
|
Field Name |
Description |
|
direction |
The direction of the conversation relevant to the Defender for Endpoint-onboarded device, where the values are either ‘In’ or ‘Out’ |
|
auth_attempts |
The number of authentication attempts until the success or failure of the attempted session. |
|
auth_success |
The success or failure in authentication, where ‘true’ means successful user authentication and ‘false’ means the user-provided credentials are incorrect. |
|
client |
The version and type of client used to authenticate to the SSH session. |
|
host_key |
Host public key value |
|
server |
SSH server information |
|
version |
SSH protocol major version used |
|
uid |
The unique ID of the SSH session attempt |
Let’s look at a few advanced hunting examples using this action type. In the first example, you want to look for potentially infected devices trying to perform "T1110: Brute-Force" against remote servers using SSH as an initial step to “T1021.004: Lateral Movement - Remote Services: SSH”.
The query below will give you a list of Local/Remote IP combinations with at least 12 failed attempts (three failed authentications on four sessions) of SSH connections in the last hour. Feel free to use this example and adapt it to your needs.
// Detect potential bruteforce/dictionary attacks against SSH
DeviceNetworkEvents
| where ActionType == 'SshConnectionInspected'
| extend json = todynamic(AdditionalFields)
| extend direction=tostring(json.direction), auth_attempts = toint(json.auth_attempts), auth_success=tostring(json.auth_success)
| where auth_success=='false'
| where auth_attempts > 3
| summarize count() by LocalIP, RemoteIP
| where count_ > 4
| sort by count_ desc
In the next example, let’s suppose you are looking to identify potentially vulnerable SSH versions and detect potentially unauthorized client software being used to initiate SSH connections and operating systems that are hosting SSH server services in your environment:
// Identify Server/Client pairs being used for SSH connections
DeviceNetworkEvents
| where ActionType == "SshConnectionInspected"
| extend json = todynamic(AdditionalFields)
| project Server = tostring(json.server),Client = tostring(json.client)
| distinct Server ,Client
Figure 4 - An example result with a short description of the different components
The results above describe breaking down the SSH banners to identify the different components. A short analysis of the banners shows that the server is Ubuntu 22.04, running OpenSSH version 8.9, and the client software is WinSCP version 5.21.3. Now, you can search these versions online to verify if they are vulnerable.
Note: The query above can be used to surface potential "T1046: Network Service Discovery" attempts, as attackers may try to search for unpatched or vulnerable SSH services to compromise.
The IcmpConnectionInspected action type will provide details about ICMP-related activity. The breadth of fields generated creates opportunities for some interesting detections. Here’s an example of the human-readable view of the event as shown on the event flyout page
Figure 5 – Sample result of an IcmpConnectionInspected action type
Below, you will find a complete list of fields that this action type can expose and the respective descriptions:
|
Field Name |
Description |
|
direction |
The direction of the conversation relevant to the Defender for Endpoint-onboarded device, where the values are either ‘In’ or ‘Out’ |
|
conn_state |
The state of the connection. In the screenshot example OTH means that no SYN packet was seen. Read the Zeek documentation for more information on conn_state. |
|
duration |
The length of the connection, measured in seconds |
|
missed_bytes |
Indicates the number of bytes missed in content gaps, representing packet loss. |
|
orig_bytes |
The number of payload bytes the originator sent. For example, in ICMP this designates the payload size of the ICMP packet. |
|
orig_ip_bytes |
The number of IP level bytes that the originator sent as seen on the wire and taken from the IP total_length header field. |
|
orig_pkts |
The number of packets that the originator sent. |
|
resp_bytes |
The number of payload bytes the responder sent. |
|
resp_ip_bytes |
The number of IP level bytes that the responder sent as seen on the wire. |
|
resp_pkts |
The number of packets that the responder sent. |
|
Uid |
Unique Zeek ID of the transaction. |
Let’s explore a few examples of hunting queries that you can use to leverage the ICMP connection information collected by Defender for Endpoint.
In the first example, you wish to look for potential data leakage via ICMP to cover the "T1048: Exfiltration Over Alternative Protocol" or "T1041: Exfiltration Over C2 Channel" techniques. The idea is to look for outbound connections and check the payload bytes a device sends in a given timeframe. We will parse the direction, orig_bytes, and duration fields and look for conversations over 100 seconds where more than 500,000 were sent. The numbers are used as an example and do not necessarily indicate malicious activity. Usually, you will see the download and upload are almost equal for ICMP traffic because most devices generate “ICMP reply” with the same payload that was observed on the “ICMP echo” request.
// search for high upload over ICMP
DeviceNetworkEvents
| where ActionType == "IcmpConnectionInspected"
| extend json = todynamic(AdditionalFields)
| extend Upload = tolong(json['orig_bytes']), Download = tolong(json['resp_bytes']), Direction = tostring(json.direction), Duration = tolong(json.duration)
| where Direction == "Out" and Duration > 100 and Upload > 500000
| top 10 by Upload
| project RemoteIP, LocalIP, Upload = format_bytes(Upload, 2, "MB"), Download = format_bytes(Download, 2, "MB"),Direction,Duration,Timestamp,DeviceId,DeviceName
Below is an example result after exfiltrating a large file over ICMP to another device on the network:
In the last example, you wish to create another hunting query that helps you detect potential Ping sweep activities in your environment to cover the "T1018: Remote System Discovery" and "T1595: Active Scanning" techniques. The query will look for outbound ICMP traffic to internal IP addresses, create an array of the targeted IPs reached from the same source IP, and display them if the same source IP has pinged more than 5 IP Addresses within a 10-minute time window.
// Search for ping scans
DeviceNetworkEvents
| where ActionType == "IcmpConnectionInspected"
| extend json = todynamic(AdditionalFields)
| extend Direction = json.direction
| where Direction == "Out" and ipv4_is_private(RemoteIP)
| summarize IpsList = make_set(RemoteIP) by DeviceId, bin(Timestamp, 10m)
| where array_length(IpsList) > 5
Identifying the origin process of ICMP traffic can be challenging as ICMP is an IP-Layer protocol. Still, we can use some OS-level indications to narrow down our search. We can use the following query to identify which process-loaded network, or even ICMP-specific, binaries:
DeviceImageLoadEvents
| where FileName =~ "icmp.dll" or FileName =~ "Iphlpapi.dll"
The SslConnectionInspected action type contains extra information about SSL connections, inbound or outbound. In cases where you click on an event of the SslConnectionInspected action type, the page flyout will parse the additional fields and present them in a format like the example below:
Figure 6 – Sample result of an SslConnectionInspected action type
Below, you will find a complete list of fields that this action type can expose and the respective descriptions ( sourced from Zeek SSL log documentation )
|
Field Name |
Description |
|
direction |
The direction of the conversation relevant to the Microsoft Defender for Endpoint-onboarded device, where the values are either ‘In’ or ‘Out’ |
|
version |
The SSL/TLS version that the server chose. |
|
cipher |
The SSL/TLS cipher suite that the server chose. |
|
curve |
The elliptic curve the server chose when using ECDH/ECDHE. |
|
server_name |
The value of the Server Name Indicator SSL/TLS extension. It indicates the server name that the client was requesting. |
|
established |
Flag which indicate if this ssl session has been established successfully, or if it was aborted during the handshake. |
|
subject |
Subject of the X.509 certificate offered by the server. |
|
issuer |
Issuer of the signer of the X.509 certificate offered by the server. |
|
resumed |
Flag to indicate if the session was resumed reusing the key material exchanged in an earlier connection. |
|
client_issuer |
Subject of the signer of the X.509 certificate offered by the client. |
|
client_subject |
Subject of the X.509 certificate offered by the client. |
In the following example query, you wish to search https connections to external IP that use self-signed certificates :
DeviceNetworkEvents
| where ActionType == "SslConnectionInspected"
| extend AdditionalFields = todynamic(AdditionalFields)
| extend issuer = tostring(AdditionalFields.issuer), direction = tostring(AdditionalFields.direction)
| where direction == "Out" and not(ipv4_is_private(RemoteIP))
| where AdditionalFields.issuer matches regex @"CN=\S+$"
The DnsConnectionInspected action type contains extra information about DNS connections, inbound or outbound. In cases where you click on an event of the DnsConnectionInspected action type, the page flyout will parse the additional fields and present them in a format like the example below:
Figure 7 – Sample result of an DnsConnectionInspected action type
Below, you will find a complete list of fields that this action type can expose and the respective descriptions (sourced from the Zeek DNS log documentation)
Using this action type we can explore and investigate the DNS traffic of each managed endpoint. In the following example we will try to identify potentially suspicious DNS traffic directed towards a DNS server that is not listed in the DNS server configuration of any managed endpoint:
let knownDnsServers =
DeviceNetworkInfo
| where isnotempty( DnsAddresses)
| mv-expand todynamic(DnsAddresses)
| where DnsAddresses !in("::", "127.0.0.1","0.0.0.0")
| distinct tostring(DnsAddresses);
DeviceNetworkEvents
| where ActionType == "DnsConnectionInspected"
| extend AdditionalFields = todynamic(AdditionalFields)
| extend Direction = tostring(AdditionalFields.direction), QueryType = tostring(AdditionalFields.qtype_name), Query = tostring(AdditionalFields.query), Answers = todynamic(AdditionalFields.answers)
| where Direction == "Out" and QueryType == "TXT" and RemoteIP !in(knownDnsServers) and isnotempty(Answers)
For network connection with NTLM authentication we’ve create “NtlmAuthenticationInspected” action type. By clicking on the AdditionalFields the page flyout will parse the additional fields and present them in a format like the example below:
Figure 2 – Sample result of an NtlmConnectionInspected action type
Below, you will find a complete list of fields that this action type can expose and the respective descriptions (sourced from the Zeek NTLM log documentation)
|
Field Name |
Description |
|
direction |
The direction of the conversation relevant to the Microsoft Defender for Endpoint-onboarded device, where the values are either ‘In’ or ‘Out’ |
|
username |
A 16-bit identifier assigned by the program that generated the DNS query. Also used in responses to match up replies to outstanding queries. |
|
hostname |
Hostname given by the client |
|
domainname |
A descriptive name for the class of the query. |
|
server_nb_computer_name |
NetBIOS name given by the server in a CHALLENGE. |
|
server_nb_domain_name
|
NetBIOS domain name given by the server in a CHALLENGE.
|
|
server_dns_computer_name |
DNS name given by the server in a CHALLENGE. |
|
server_tree_name |
Tree name given by the server in a CHALLENGE. |
|
success |
Indicate whether or not the authentication was successful. |
|
server_version |
The server NTLM version. |
|
version |
The client NTLM version. |
Using using this action type we can track NTLM authentication that were observed on managed endpoints. In the following example we will try to identify multiple failed logons in short interval against internet-facing :
let devices = DeviceInfo
|summarize arg_max(Timestamp, *) by DeviceId
| where IsInternetFacing
|distinct DeviceId;
DeviceNetworkEvents
| where ActionType == "NtlmAuthenticationInspected" and DeviceId in(devices)
| extend AdditionalFields = todynamic(AdditionalFields)
| extend Direction = tostring(AdditionalFields.direction),username = tostring(AdditionalFields.username), success = iff(isempty(AdditionalFields.success), false, tobool(AdditionalFields.success))
| where isnotempty( username) and not(success) and Direction == "In"
| summarize Attempts = make_set(username) by SourceIP = LocalIP, bin(Timestamp, 10m),DeviceId
| where array_length(Attempts) > 3
Understand which versions of the Microsoft Defender for Endpoint agent support the new integration here:
Find out more details about the integration in our ZeekWeek 2022 presentations:
View the open-source contribution in Zeek’s GitHub repository:
Previous announcements:
This post contains spoilers through the fourth episode of "Yellowjackets" season 2.
In the first few episodes of "Yellowjackets" season 1, it seems like present-day Taissa (Tawny Cypress) is doing the best out of all the known survivors. She's a rich, well-regarded politician running for a New Jersey state senate seat, with a loving wife, Simone, and a cute son named Sammy. But by this point in season 2 of "Yellowjackets," we're starting to wonder if Taissa's actually the worst off. Her sleepwalking habits have now isolated her from her family and have put her wife in a coma, and at this rate it doesn't seem like she'll be able to hold onto that senate seat for much longer. Even Natalie, staying at Lottie's purple cult, has got a new friend. But Taissa lately has no one left in her life who can understand her. At least, no one except Van.
Adult Van (Lauren Ambrose) is revealed at the end of "Old Wounds" to be the person Taissa has traveled all this way to see. They don't say anything to each other before the credits roll, but when Van sees Taissa walk into the room, she makes a face that's filled with mixed emotions. There's a lot of history between these two characters, and not all of it is good.
With the confirmation of adult Van, "Yellowjackets" has now raised the question of why she and Taissa are no longer together. They're still on good terms in the teen storyline, so what sort of dark, crazy stuff happened that would make adult Tai go fourteen episodes without ever mentioning her? Well, Cypress has her own theory.
"I think that [Taissa] has compartmentalized [Van]," Tawny Cypress told TV Line in a recent interview. "Put her away in a box when they ended their relationship. She says how many girls she f***ed in college and all this other stuff. It didn't even dawn on her to connect with Van again until the other Tai came out and told her to do so."
As fans can recall from adult Taissa's season 1 heart-to-heart with Shauna, young post-wilderness Taissa went out and did everything she'd originally planned to do, continuing along the plans she made for herself back in high school as if nothing out of the ordinary ever occurred. Throughout season 1, she clearly wants to think of those 19 months in the wilderness as some separate period of her life, one with no bearing on anything that happened to her before or after. If she has to get rid of Van in order to maintain that illusion, so be it.
"I think she is too much into making her life as perfect as possible and she's a narcissist so, she's not just thinking about old, past relationships," Cypress speculated. But as "Yellowjackets" has made abundantly clear by this point, you can never just ignore your past. Maybe that's why Bad Taissa is so much scarier and more violent than what we've seen from any of the other survivors so far. Taissa's tried the hardest to bury everything that happened, so when the past does come back to the surface, it returns with far more of a vengeance than she expected. It turns out that if you try to lock something away for 25 years, it's going to be angry at you when it finally gets out.
But now that Taissa's seems to realize that compartmentalizing isn't a great long-term strategy for dealing with trauma, it looks like she might let Van back into her life after all. But does Van want Taissa back in her life? It's not clear yet. There's still nearly a year's worth of wilderness drama for the teen characters to deal with, so there's no telling what sort of other horrible stuff will happen that might keep adult Taissa and Van apart.
On the other hand, "Yellowjackets" is currently lacking in endgame couples to root for. Sure there's Jeff and Shauna, but those two are already together, so there's not a whole lot of dramatic tension there. Taissa and Van, meanwhile, still have a lot of obstacles to go through before they can ever get back to the bliss of their happy teenage relationship in the wilderness. Adult Taissa still has a family she cares about, even if that family increasingly wants nothing to do with her. We don't know what the deal is with Van exactly, but it certainly seems like she's already got a comfortable life for herself without Taissa around.
Whatever happens with these two, we can at least trust that next week's episode will finally give us the long-awaited proper introduction to adult Vanessa Palmer. What's she been up to these past 25 years? What questionable coping mechanism has she found for herself? Next week's episode promises us some answers on this front. Taissa may have tried to put Van away in a box, but the show itself has no intention of doing the same.
Read this next: Every Yellowjackets Main Character, Ranked
The post Tawny Cypress Knows Why Tai Cut Van Out Of Her Life in Yellowjackets Season 2 appeared first on /Film.
This article contains spoilers for "Yellowjackets."
In the second season of "Yellowjackets," Misty Quigley (Christina Ricci) and her reluctant bestie Natalie Scatorccio (Juliette Lewis) have been separated — one friend being kidnapped by a cult will do that. So now, Misty has a new partner in (solving) crime, Walter Tattersall (Elijah Wood). They're both part of the "Citizen Detective" online forum (Misty's username is "AfricanGrey," Walter's is "PuttingTheSICKInForensics") and Walter is hot on the trail of the disappeared artist Adam Martin (Peter Gadiot).
Misty always downvotes his theories — for good reason, because Shauna (Melanie Lynskey), another of her semi-friends, is the one who killed Adam. Misty even helped her clean up the crime scene back in season 1. However, Walter is a longtime admirer of "AfricanGrey" and when Misty turns to the forum for help in finding Natalie, he orchestrates an in-person meeting between them — both of them show up to it having gleaned each other's real names. As of the most recent episode, "Old Wounds," they're on a road trip to upstate New York to find Natalie.
Now, Misty is maladjusted and Walter doesn't seem entirely on his rocker either — are they heading for a dark conclusion? Speaking to Harper's Bazaar, Wood was asked about Walter calling himself "a Moriarty looking for his Sherlock" and if that's a hint of his future with Misty. Wood answered:
"I don't know that [Misty and Walter] will get adversarial — not in this season, at least. Although all those hints certainly suggest that possibility. Who knows where [their relationships] could go? But it definitely crosses into darker territory than one would initially have imagined it going into."
What are some of those other hints?
Walter is enamored with Misty due to her investigative instinct and their shared love of musicals. When she accuses him of being a "Yellowjacket obsessive," Walter retorts that he actually thinks that her 19 months in the wilderness is "the least interesting thing about her." Even so, Misty isn't returning Walter's feelings. She finds him off-putting — finally, someone makes her feel the way she does everyone else.
The strongest tell that they aren't on the same page is when they check into a bed and breakfast. The clerk asks if they just want one room. Walter replies "Probably" before Misty cuts him off with a firm "No." So, he backtracks and agrees with her. When they head up the stairs to their separate rooms, she declines his offer to carry her back. Once they're in their rooms, though, the episode goes split-screen, showing how closely their actions mirror each other (such as placing the remote control in a plastic bag to not leave fingerprints).
Will these similarities bring them closer together? Or will Misty decide Walter is too accurate a reflection for comfort? Before I read Wood's interview, I wasn't expecting Walter to make it out of this season alive — he's getting dangerously close to the most unstable character on "Yellowjackets." However, Wood implies that Walter and Misty's relationship will carry on past season 2.
While he could just be saying that to conceal spoilers, I'm reminded of one of Ricci's previous roles: "The Addams Family." Morticia and Gomez are two deeply weird people, but they're the perfect match for each other. More darkness could be the very thing Misty and Walter need to come together.
New episodes of "Yellowjackets" stream on Showtime every Friday and air on television every Sunday.
Read this next: Every Yellowjackets Main Character, Ranked
The post Yellowjackets' Misty and Walter are Headed Into Dark Territory, Says Elijah Wood appeared first on /Film.
The IRS released a list of electric vehicles that still qualify for the full $7,500 federal tax credit after strict new guidelines, announced back in March, officially go into effect on April 18th. The list is very short, as just six EVs now qualify under the new terms. The updated rules pertain to EV batteries and cut out China as an approved trading partner, so we knew the vehicle list would shrink, as most electric vehicles use batteries manufactured in China or by Chinese companies.
If you want to get that full tax credit, choose from the Cadillac Lyriq, Chevy Bolt, Chevy Bolt EUV, some Tesla Model 3 versions, some Tesla Model Y versions and Ford F-150 Lightning. Many EVs lose the full credit moving forward, like the Nissan Leaf and Volkswagen ID.4. So check the full list before zeroing in on your next car purchase. $7,500 is nothing to sneeze at.
EVs shunted out of the exclusive full tax-credit club may still qualify for a half credit of $3,750, so long as they meet certain requirements. Three PHEVs also qualify for the half credit and three more qualify for the full tax credit, including models manufactured by Ford, Lincoln, Chrysler and Jeep. These credits are not about excluding hybrid technology and are all about making sure components are sourced properly.
Here's how that breaks down. Battery components that are 50 percent made or assembled in the USA qualify for the first half of $3,750 and if the company sources at least 40 percent of critical minerals from the US or free trade partners, the second $3,750 kicks in. If a company meets one or the other standard, the vehicle gets a half credit.
While the list winnowing down to just six vehicles makes for a good headline, it should beef up as automobile manufacturers make changes to meet the rules. New EVs that meet the component sourcing standards will get added to the list and other vehicles will get re-added as manufacturers open new factories in the US and other approved countries. New trade deals could also impact the list of approved vehicles as time marches forward. However, these rules grow stricter over time. Batteries must be completely made in North America by 2029 to continue to stay on the IRS’s good side and get that full $7,500 credit.
This article originally appeared on Engadget at https://www.engadget.com/starting-tomorrow-only-six-evs-will-still-qualify-for-a-7500-federal-tax-credit-185304414.html?src=rss
The retro shooter revival has certainly been a wild ride, with a lot of inventive ideas mixed into the nostalgic vibes. Prodeus is part of that trend that doesn’t try to rock the boat too much. It’s very traditional, mixing together modern arena shooter trends (in part due to the developers having worked on Bioshock Infinite and Doom 2016, among others) with classic style and flow. It also may just be one of the best of this genre due entirely to how well it executes on every single idea and concept, making up for its derivative nature with tons of gibs and violence that never fail to pump one’s blood.
The premise of the game is that mankind is at war with both the monsters of the Chaos dimension, and the powerful Prodeus AI that created the world of mortals. You are the vessel, someone who has decided to fight against both forces and kick them out. Problem is the vessel starts the game pulling a move that balances power too far in the favor of Chaos, so they need to try and fix their mistake via shoot and bang (and some punch).
Prodeus has a nearly non-existent narrative outside vague hints and a handful of set-pieces that give some context to events in a few levels. What is there does the job of setting the stage for the carnage to come, really kicking in once the first of the Prodeus forces appear and you see Prodeus possessed monsters fighting their Chaos brethren. It’s mainly an excuse plot, but not wholly ignorable as it dresses up select moments and makes the campaign stand out more as a result.
The real reason you’re here is for that campaign, and it is clearly made by people who have a strong understanding of map design (down to getting map designers from the Doom modding community). Prodeus is a mostly linear affair, with some open areas for large scale fire fights, but there’s real attention paid to making memorable moments. For example, one map will have you dodging sniping from enemies in a central tower as you make your way there towards level end, then backtrack as Prodeus units enter the field and cause mass chaos. A late game level has you infiltrating a space station, causing the flow of the level to shift from area to area. Another had you manipulating the acid fill of the area to help reach higher areas. The game never stops finding ways to make every level feel unique.
That’s an impressive accomplishment, as the game never gets too inventive with enemy types. There’s a close sticking to the usual Doom era monster types, like possessed soldiers (non-hitscan this time, but still accurate), imps, pinkies, pain elementals, ect ect. Prodeus units are also just these units again minus possessed soldiers, but with a blue and white electro look that are faster, smarter, and stronger. How these enemies are used is what keeps things exciting, as every skirmish rarely feels the same as a previous one, leaving plenty of options for getting on the offensive.
You get a lot of options too. There are three tiers of weapons for nearly every category, and they all remain useful the whole way, even your fists. Prodeus lets you rapid fire your fists by alternating your punches quickly, meaning it is perfectly viable to save ammo by duking it with lower tier enemies and turning them into gooey paste with your bare fists. Your pistol has an alt fire that has better aim with a three shot concentrated fire, allowing for headshotting options early on.
Once you get the shotgun is when you really start to realize how fun this arsenal is. The shotgun is very similar to the Doom one, with strong range, plus has an alternate charge fire that can be used for mid-range sniping that gives off a strong fire shot. It’s viable the entire game, a strong work horse weapon, and you only get crazier stuff from there. The shredders are nothing special for dual SMGs, but the grenade launcher can get tricky with sticky bombs that go off only when you take your finger off the alt fire button.
The plasma gun has a homing beacon you can shoot out for complicated arcs to spread your fire where you really want it. The auto shotgun’s alt fire can send bullets as ricochets for trick shots. You can rev up the chaingun ahead of time for more controlled firing. The arc rail is both a lightning gun and a rail gun, ideal for sniping from long distances. The swarmer is a ridiculous rocket weapon great for clearing out mobs and taking down high end enemies quickly with a swarm of smaller rockets. Heck, you even get an extremely accurate revolver weapon that can pierce multiple enemies.
What’s even cooler is that there’s added replay value via the shop. Some of the game’s best weapons require ore found in levels to buy, as do the double jump and dash, which completely change up what you can do and find in levels. It encourages you to go back to old levels and explore them more, making you practice against enemies more in the process and improve your combat prowess – which you will need.
To say things get hectic later is an understatement. The flow of levels is usually to have smaller skirmishes between open areas with large mobs of enemies every which way, especially in the back half. Things get absolutely bonkers as Prodeus units and Chaos forces go at each other, all while you make the situation more explosive. When Prodeus wants to, it will show you some of the most bloody and bombastic battles the retro shooter can provide.
Helping with this is the game’s style. At default, Prodeus uses a sort of pixel filter alongside simplistic animations to make every enemy look like a monster from the earlier years of the FPS, just cranked up on modern hardware. It’s like Doom 64 on steroids, with a cool red and blue centered color scheme to further feed you information on what enemies are around. Some effects can be a bit much, like the pixel smoke and the after flash of the plasma gun at close range, but its otherwise quite readable and exciting. It’s sort of like a 90s The Web sort of look was lightly coated over the Doom aesthetic, and it really works, especially with Marathon and Halo style grand architecture at spots. The sheer amount of blood and viscera is also greatly appreciated, and somehow never manages to get in the way of the action.
Helping is the score, done by Doom mod scene composer James Paddock and famed voice of “Triad Members” Andrew Hulshult, a solid mix of downbeat and grimy. It’s a nice collection of low down metal, taking notes from Doom 2016 while still managing their own sound. The stand out track is definitely Hulshult’s Spent Fuel, which has a hypnotic, deep beat as the song builds up and down with the carnage via absorbing guitar work. There’s a dynamic music system in here, so the score shifts in intensity based on what’s currently happening, further adding to the ability to read the situation, making good play feel as easy as breathing. The strong sound design helps, with monster sounds and crunchy noises with every action.
That not enough for you? The game also has full proper multiplayer, co-op play, and a map editor with full community support. It’s also still being updated as of writing, with new weapons being added in. The studio seems pretty focused on continuing to build the game for some time, including having mapping contests, so you can expect a healthy selection of people to play with for a good while if the campaign wets your appetite.
This is some real good shooter stuff, a great blend of modern and classic gameplay and graphical touches. Despite a lack of new ideas, Prodeus really gets what makes these sorts of shooters so fun and nails down just about every detail. The game was in development for a long while, only reaching early access in 2020. They took their time and made that time really count, resulting in a very refined experience. All of the style and the focus on support of community projects just shows how much they get their audience, what made the FPS such a long lived genre in the first place, and makes one excited for what the team does next. The forgiving checkpoint system and high selection of difficulties even makes it approachable for those new to the genre. It’s one of the easiest games in the retro FPS craze to get into, and well worth the cost of admission.
Gender has become a hot political topic, and drag shows have become the battleground for a conservative war against self-expression. Fire-and-brimstone-spewing lawmakers are creating legislation to shut down drag shows and penalize anyone who performs drag around children. The biggest point of contention seems to be drag events at libraries, where performers read age-appropriate books to children. While it's entirely possible that some parents are just afraid that their children will learn to read and think for themselves, they claim that drag queens are "indoctrinating" children.
There's just one massive flaw in that logic: drag performers have been around forever and have been a huge part of pop culture for decades, so why are they only a concern now?
Drag has existed for centuries but had a boom in mainstream popularity in the 1990s, popularized by Madonna's "Vogue," which brought the drag culture of New York City ballrooms into people's living rooms via MTV. Gender-bending was nothing new, of course, but for the first time, seeing this style of expressive performance was accessible to the masses. For a young, confused child who felt like a freak because gender roles often felt genuinely painful, seeing people who transcended the binary was life-changing. Though it may be viewed as flawed by some, seeing films like "To Wong Foo, Thanks for Everything! Julie Newmar" as a child showed me gender-non-conforming joy for the first time, and gave me hope for happiness in my own future. As drag bans continue, these movies will become even more of a lifeline for young people whose gender just doesn't fit.
Before we dig into the magic of the movies, it's important to note the difference between drag performers and transgender individuals, because the two are not one and the same. Drag is a performance, often including cross-dressing, and a form of expression that does not necessarily reflect the gender or sexuality of the person doing it. To put it simply: not all drag queens are transgender (or even queer!) and not all transgender or gender non-conforming people do drag. One of the best early examples of drag in Hollywood is "Some Like It Hot," where two cisgender, heterosexual men dress as women because they are on the run and in hiding.
They had to release it without the approval of the Hays Code because of the cross-dressing elements, but the public didn't care and made "Some Like it Hot" a hit all the way back in 1959. Drag is big in comedy, and troupes like Monty Python and the Kids in the Hall used it much like Shakespearean players of old, giving us the giggles with depictions of men in dresses.
Transgender and other gender non-conforming people might use drag as a form of self-expression, of course, and there are absolutely trans and non-binary drag queens and kings who embrace the outlet. Unfortunately, some audiences don't understand the difference, and the proliferation of drag performed by cisgender men in cinema has given people the wrong idea about transgender women. There are a lot of nuances and conflicting views even within the trans community — more than I can dig into here. For a thorough look at the impact of these kinds of films from a variety of transgender and non-binary voices (and not just my own), make sure to check out the documentary "Disclosure," streaming on Netflix.
The first time I ever saw any kind of intentional gender play, it was Robin Williams pretending to be an English nanny (with a Scottish accent) in order to spend more time with his kids during a messy divorce in "Mrs. Doubtfire." While comical, it was a means to an end for the character and not a part of who he really was. Then my babysitter rented "To Wong Foo, Thanks For Everything! Julie Newmar" and I saw true gender-bending joy. Here was Patrick freaking Swayze, a sex symbol who oozed masculinity in his other roles, playing a sweet, maternal drag queen who just wanted to help people be true to themselves and spread a little beauty in the world.
"To Wong Foo" is a drag Cinderella story with a happy ending, and though it's a little dated and lacking in drag authenticity outside of a RuPaul appearance at the beginning, it was paramount to learning to accept myself as a kid who didn't feel like a boy or a girl. While I would love to see a remake with actual drag queens and trans creators involved, "To Wong Foo" was pure cinematic joy for me as a child, with a message all about learning to accept yourself, standing up your yourself, and loving yourself. It felt like a celebration for those of us whose gender isn't neat and tidy, and such celebrations could be tough to find.
I was raised as a little girl but more often felt like I was a boy. Other than Disney's "Mulan," there weren't exactly any representations of my experience at the movies. The closest thing I could find was "Boys Don't Cry," which told the story of murdered trans man Brandon Teena, and that was as far from joyous as possible. Reality is terrifying and depressing enough when you exist outside of the gender binary, so I didn't need reminders of the potential hell I could face if I lived authentically to myself. Instead, I needed heroes, and drag performers are the colorfully costumed heroes of breaking the binary.
Other films followed pretty early in my adolescence, primarily "The Rocky Horror Picture Show" and "Hedwig and the Angry Inch." My parents introduced me to "Rocky Horror" because they were dressing as the characters for Halloween, and I could identify with creator Richard O'Brien's confusion about gender and sexuality, portrayed through the many characters. The most powerful of them all was Tim Curry's Dr. Frank-N-Furter, who strutted around in fishnet stockings and commanded the entire castle. He wasn't explicitly a drag queen but absolutely transcended gender norms. Though the language used in the film is up for debate, his incredible power from existing somewhere between masculine and feminine is still undeniable. I wanted some of that for myself and found a kind of faux-femininity through Frank that helped me fit in and feel fierce.
Because I was a suburban white kid in the southern United States prior to the streaming era, I didn't have a lot of access to international films or even most indies, but I managed to snag a copy of "Hedwig and the Angry Inch" from my local video store when I was a young teenager. Here, I was given another beautifully flawed example of someone who exists outside of the basic boy/girl dynamic. Like all of the other examples on this list, Hedwig was played by a cisgender man, though it's notable that Hedwig herself isn't exactly trans.
She decides to have gender reassignment surgery in order to escape a bleak future in East Berlin and marry a man who will take her to America, but she was perfectly happy living as a boy before. When the surgery is botched and her husband leaves, she's trapped with a body that doesn't feel right and is desperate for someone who understands. John Cameron Mitchell's Hedwig was revelatory because I knew exactly what it felt like to perform femininity as a means of survival, but the story had an even more powerful message beyond that.
Hedwig spends most of the movie seeking her other half, believing in the idea from Plato's Symposium that all humans were originally two and we were split by the gods. At the end of the film, she learns that she's a whole person without anyone else and that she isn't wrong because of her unique situation — she's a beautiful expression of the in-between. She's a complex character whose trauma left her bitter and flawed, but that complexity felt closer to reality and made me feel seen. People are messy, and gender can be messier still, and that's okay.
Digging further into drag performance in film history led me to Jennie Livingston's 1990 documentary masterpiece "Paris is Burning," following drag ballroom culture in New York City. This was drag at its most authentic, as an expression of not only gender defiance, but other marginalization due to sexuality, race, and socioeconomic status. The AIDS crisis raged and many of these incredible young people only had the ballrooms in which to feel anything other than fear and sorrow, and it's an incredibly powerful thing to see. "Paris is Burning" was fictionalized with the FX series "Pose" in 2018, and though the series was a bit soapy at times, it was heartfelt and gave some truly incredible transgender performers a moment to shine for a broader audience. "Paris is Burning" was foundational, but it was far from the only film about the trans experience that helped shape my worldview.
There were other movies, too, like "XXY," an Argentine drama about an intersex teenager, and "Tomboy," Céline Sciamma's look at trans-masculinity at an early age. The further down the rabbit hole I got in exploring films about gender, the more comfort I found in the beauty and the passion of existing as your most authentic self, even when archaic and misguided societal norms say otherwise. Drag performers were the gateway drug to self-discovery and self-expression, which I think is something everyone should be encouraged to do.
Trans and non-binary adolescents are at a much higher risk of suicidal ideation than their cisgender peers, and a big part of that is isolation. People in their communities, including their families, might not be accepting of their gender exploration, and that can be absolutely brutal. Many hide that part of themselves until they are older and can safely express who they are.
Seeing fictional depictions of joyous gender expression outside of the binary can be a lodestone, a way to experience even a bit of that joy in otherwise oppressive situations. For others, it's a way to recognize something in themselves for the first time. Even for cisgender, heterosexual people, an appreciation of drag can provide a way to step outside of social norms in a "safe" way, and can help them realize that the boundaries of the binary aren't as simple as they seem.
The crackdown on drag performances is part of a larger attack on the rights of transgender and non-binary people, with pundits asserting that drag is always sexualized and children seeing drag acts is harmful. I argue the opposite: drag and other forms of gender expression can help children feel more confident in themselves and potentially have the language to advocate for themselves. Even if it just leads to a love of the colorful world of drag culture, it can give young queer kids a home and young straight kids a better understanding of their LGBTQ+ peers.
A better understanding of ourselves and each other can lead to a better future for all of us, and drag performers are on the front lines of self-expression and understanding.
Read this next: The 20 Most Important LGBTQ+ Directors
The post Drag Roles In Movies Can Be A Lifeline For Kids Whose Gender Doesn't Fit appeared first on /Film.
This post contains spoilers for the two-episode premiere of "Barry" season 4.
Paul Rudd is a funny guy. He's funny on screen in roles in movies like "Ant-Man," "This Is 40," and "Clueless," but he's also apparently funny off-screen, where he seems to lend ideas to writers on both projects he's a part of and projects he has nothing to do with. In a recent interview, Rudd revealed that Judd Apatow used a real-life argument from Rudd's marriage in the "Knocked Up" script, and Marvel President Kevin Feige even says it was his idea to explore the quantum realm in the latest "Ant-Man" sequel.
It sounds like the actor loves to pitch ideas that might make for good comedy, and he did just that in a conversation with "Barry" co-creator and star Bill Hader that led to one of the show's most eclectic music choices. Hader appeared on The Prestige TV Podcast this week to unpack the highly anticipated return of his pitch-black HBO comedy, and Rudd's name came up in a conversation about Gene Cousineau's (Henry Winkler) ridiculous one-man show. When it came to picking the tune that would play when Vanity Fair reporter Lon O'Neil (Patrick Fischler) stepped into the theater, Rudd had the perfect idea for over-the-top mood music.
"I've gotta give Paul Rudd credit," Hader told the podcast, "because I was telling him about the sequence, and I go, 'Oh, I need good music playing when [he] comes in,' and Paul said, 'Oh, you should get that choir singing 'Desperado.'" It wasn't just any choir Rudd had in mind, either, but a children's choir. Judging by the vocals heard in the episode, the cover of the classic song by Eagles came from The Langley Schools Music Project, which posted a version of the song to YouTube back in 2013. How Rudd knew about this bizarre cover is anyone's guess, but the comedian thought it would be the perfect fit for Gene's utterly over-the-top theatrical "interview" with Vanity Fair.
"That was Paul Rudd's pitch," Hader confirmed, "And I called him after we cut it, and I was like, 'Dude, it's so funny.' And he goes, 'Oh, does it work?' and I go, 'Oh my God, it is so funny. Thank you so much.'" The filmmaker went on to explain that he initially pictured more traditional theater-going music, and cites the score from "To Kill a Mockingbird" as an example. "You know, the kind of music that's playing when you come into a theater and the lights go down," Hader explained. But Rudd, who it should be noted doesn't even work on this show and seems to have been just chatting with Hader when the idea came up, knew exactly what the situation called for.
The filmmaker laughed when he recalled Rudd's pitch, and it's easy to see why. Even the original 1973 version of "Desperado," written by Glenn Frey and Don Henley, would've been hilarious in this context. The narrator of the song is sharing some very heavy wisdom with the titular desperado, who has chosen a tough and lonely path. "You better let somebody love you/Before it's too late," Eagles sings in the soulful tune, and it's the kind of platitude that Gene probably imagines he shared with Barry in the made-up version of this story in which he's the heroic main character.
The lyrics here reveal a total misunderstanding of Barry as a person, with Gene implying -– as he does in the stage show -– that he did everything he could to save the poor soul from his darker impulses. The fact that the song plays out not with Eagles singing, but the voice of a child, makes the whole thing that much funnier. There's an unspoken punchline in the choice to have Gene, clueless and egotistical, play a song in which a young kid pretends to have the world-weary wisdom of a heroic narrator. It's a needle drop that adds yet another layer of absurdity to this story of Hollywood hangers-on trying to squeeze some fame out of a decidedly bleak situation. And apparently, as with so many great things, we somehow have Paul Rudd to thank for it.
Read this next: The 18 Best Crime Dramas In TV History
The post Barry Season 4 Features a Surprising Behind The Scenes Contribution From Paul Rudd appeared first on /Film.
This post contains spoilers for "Yellowjackets" season 2.
Everyone always wants to know who the Man With No Eyes is on "Yellowjackets" ... but does anyone ever ask how the Man With No Eyes is on "Yellowjackets"?
In all seriousness, the visually-challenged specter remains one of the biggest mysteries of Showtime's captivating horror/thriller puzzle box series part-way through its second season. Is he merely the psychological manifestation of Taissa's childhood trauma from her grandmother claiming she could see a being with no eyes shortly before her death? This was also the first time Taissa glimpsed him, although we've no idea if her grandmother saw the same individual or someone else. He's continued to haunt Taissa in season 2's '90s flashbacks, seemingly guiding her to trees with that mysterious symbol carved into them. But does he actually exist outside of Taissa's imagination? And if so, what is he ultimately after?
Maybe we're going about this the wrong way. The Man With No Eyes hasn't done anything flat-out evil so far. Okay, he sorta almost led Taissa off a cliff, but it's dark in the Canadian wilderness at night and that could've been an honest mistake. There's no need to go all J. Jonah Jameson on him and declare him a public menace just because he's tall and pale and doesn't emote very much. (Not that I can personally relate or anything.) It's not like he's out here telling children to commit horrific acts of violence against themselves, unlike certain ominous phantoms who shall remain nameless.
For now, "Yellowjackets" fans will simply have to speculate as to whom or what the Man With No Eyes really is and what's he after, if anything specific. We can, however, answer the question of why he looks the way he does, vitamin D deficiency aside.
As we all learned in kindergarten, you should never judge a book by its cover. That being said, when the "book" is an eyeless figure who only certain people seem capable of seeing (one who also wears a funeral suit and never speaks), it's not unreasonable to have some questions you'd like to ask them.
Tawny Cypress, who plays Taissa in the present-day on "Yellowjackets," was unsurprisingly tight-lipped about the Man With No Eyes while being interviewed by TVLine. Nevertheless, she confirmed "he's just as scary in real life" as he is on the show thanks to the gnarly practical effects used to bring him to life. Cypress explained:
"Yeah, it's an entire prosthetic that goes over his face and eyes that like, makes that look. Yeah. But it looks really natural. I can't figure out ... I don't know, he says he can see so, I don't know. He's so tall and thin, it's crazy, and he's in that suit, that funeral suit. It's a lot."
Similar to Din Djarin in "The Mandalorian," The Man With No Eyes is portrayed by multiple actors in "Yellowjackets." Brahm Taylor (The Uninvited in "Chilling Adventures of Sabrina") played the character in season 1 prior to Brody Logan Romhanyi (a fellow Archie-verse alum who went uncredited for portraying a demon on "Riverdale") depicting him in season 2. Cypress didn't specify which actor she was referring to during her interview, but it seems they enjoy terrifying their co-stars in-between takes (as they should!).
"He loves it. I was like, 'You need to go to conventions with this look because this is going to get people going.' He loves it," Cypress added.
New episodes of "Yellowjackets" premiere in the Showtime app and on Paramount+ on Fridays and air Sundays at 9/8c on Showtime.
Read this next: The Best TV Episodes Of 2022, Ranked
The post Yellowjackets' Horrifying Man With No Eyes is a Gnarly Practical Effect appeared first on /Film.
The low code/no code movement provides simplified app generation – but it needs to be understood to be safe.
The post The Security and Productivity Implications of Low Code/No Code Development appeared first on SecurityWeek.
Earlier this month, we informed you about a DLSS 3 Frame Generation that is in development for Elden Ring and Skyrim. And yesterday, PureDark released a video that gives us a glimpse at this DLSS 3 Mod for The Elder Scrolls V: Skyrim. In this video, PureDark simulated a CPU-bottleneck scenario in order to showcase … Continue reading First look at The Elder Scrolls V: Skyrim with DLSS 3 Frame Generation →
The post First look at The Elder Scrolls V: Skyrim with DLSS 3 Frame Generation appeared first on DSOGaming.
(Welcome to Best Action Scene Ever, a column dedicated to breaking down the best, most effective action sequences throughout the genre. In this edition, we circle back to Jackie Chan's stunt-acular action classic, "Police Story.")
Before Jackie Chan ever crossed the shores of the American mainstream during his Hollywood heyday in the 1990s, the actor/director/stuntman extraordinaire had been hard at work in Hong Kong cinema, churning out hit after hit for decades in his native country. One of his most memorable successes came only a scant handful of years before he finally crossed over into global appeal: 1985's "Police Story," directed by and starring Chan as Chan Ka-Kui, followed the rogue cop on his relentless quest to take down a drug lord, babysit a key witness played by Maggie Cheung, and subsequently clear his own name after being framed by his powerful enemies
The movie — which, quite honestly, could've had several different scenes come up as a contender for this column — kicks off with a jaw-dropping raid on the villainous Chu Tao (Yuen Chor) that crescendos with multiple cars plowing through a small hillside town, ups the ante with a frightfully risky stunt involving a runaway bus, and even throws in some deceptively complex bits of slapstick humor and complex physical comedy for good measure. Yet with so much to choose from, this action/comedy somehow manages to top itself with its concluding set piece set at a shopping mall that features a little bit of everything executed on an improbably high level.
Throughout the film, Chan's tireless cop Ka-Kui has remained in dogged pursuit of the powerful gang leader Chu Tao, going to whatever lengths necessary to arrest him and, most importantly, prove his guilt. Hilariously enough, the path to achieving that goal ends up becoming less direct than the straightforward cop would prefer. The crime boss' secretary Salina Fong (Brigitte Lin) is rounded up in the opening raid and compelled to testify at Chu Tao's upcoming trial (we're not 100% sure the legal proceedings as depicted in the movie fully check out, even for one set in 1980s Hong Kong, but just go with it), making her a prime witness and a top target from her own former employer. Naturally, Ka-Kui is recruited to serve as her personal bodyguard for the next 24 hours, which hardly goes according to plan.
Having escaped from both the police and Chu Tao's criminal racket, Salina finally regains a sense of agency from both rival organizations and sets out to take control of her own fate ... by stealing her old boss' incriminating computer data right out from under him. It's never made clear exactly what she means to do with this information, whether blackmail Chu Tao or hand it over to the police to secure her own freedom. (Again, who's to say this evidence would actually be admissible in court, but that's not exactly the point here!) But this juicy setup provides the momentum to bring the story to a head, turning the unexpected location of a shopping mall into the place where all three competing parties intersect in spectacular fashion.
Thanks to Chan's direction, incredible fight choreography, and some brazen (reckless?) stunt coordinating, this scene has since become immortal.
The ol' maxim of "Keep it simple, stupid" applies to many different aspects of life, not least of all screenwriting. Although action filmmaking in particular can get away with incredibly convoluted plots on occasion if placed in the right hands, this generally tends to be helpful advice for keeping action sequences clear, coherent, and engaging so that storytellers can focus on adding all sorts of elements to spice things up. The final set piece of "Police Story" follows this to a T, despite the considerable length of the final sequence. Clocking in at almost 15 minutes, the setup and subsequent fight at the mall carries viewers through to the ending credits. None of it would've worked if not for Chan and co-writer Edward Tang's insistence on establishing the basics of the action.
It helps that, despite her murky motivations, Salina's inciting action of stealing the data sets up a very easy-to-follow sequence of events. Ka-Kui needs the evidence and Salina (who's the only living witness who can clear his name) intact to put Chu Tao behind bars for good. Chu Tao simply can't afford to lose that data, forcing him to send in everything he's got against both of our heroes. And through it all, Ka-Kui increasingly wavers between doing his job as a police officer, doing the right thing by Salina, and losing what little control he has left -- a spiral that began when he was first framed by Chu Tao and his men for the murder of a (secretly traitorous) chief inspector.
The simplicity of the story allowed Chan and his team to go overboard with the stunt work: smashing any visible pane of glass in sight, jumping over escalators, and — famously — Chan sliding multiple stories down a pole.
Tone can be an impossibly fine line for any filmmaker to ride. Push too much in the direction of humor, and even the most death-defying stunts won't pack the punch they need in order to land with an audience. Pull back and go darker, and you risk creating an atmosphere where over-the-top action feels jarringly out of place.
"Police Story" tells its story with a noticeable amount of earnestness right from the opening scene, charting a deadly shootout between the police and Chu Tao's forces ... with a surprising amount of screen time dedicated to one police officer wracked by trauma and stress at the prospects of being in his first engagement. From there, however, Chan's Ka-Kui is depicted as an almost absentminded slacker: capable of earning commendations and promotions from his higher-ups with his bravery in the face of danger, but with no compunctions about staging a home invasion just to prove a petty point to Selina that she needs his protection. Throughout the film, Chan pokes fun at his own character (and, by extension, his rapidly ascending reputation as a movie star) as a chauvinistic pig, but manages to dial it back once the story takes a darker turn and Ka-Kui becomes much more desperate, compelled to take his own superior officer hostage to escape custody so he can prove his innocence.
The key moment comes in the movie's final seconds. Having thoroughly exhausted himself fighting off a small army of henchmen and barely managing to protect Salina, Ka-Kui survives long enough for the police to arrive and take Chu Tao into custody. But after his girlfriend May (an underused Maggie Cheung) is put into danger, our hero snaps and gives the villain the karmic beatdown he deserves. As the energetic main theme kicks in and ends things on a triumphant note, the final freeze frame tells a decidedly different story -- one that the 1988 sequel dives into further. This uncomfortable ending feels fully earned thanks to the careful setup earlier, yet still manages to coexist with scenes of Chan performing a one-man "Abbot & Costello" routine where he answers multiple phones at once at a police station.
"Police Story" is a fascinating artifact, preserving a very specific moment in Chan's career. Years later, it still holds up every bit as much as it did when its first fans got to experience its thrills and kills for the first time in theaters.
Read this next: Jackie Chan's 15 Greatest Fight Scenes Ranked
The post The Mall Sequence In Jackie Chan's Police Story Is The Best Action Scene Ever appeared first on /Film.
Learn how to secure sensitive information within your global supply chain with Netwoven Govern 365 and Microsoft Purview Information Protection.
The post Protect intellectual property with Govern 365 and Microsoft Purview appeared first on Microsoft Security Blog.
There are plenty of TV characters who are famous for lasting way longer than they were supposed to. If you're ever in any kind of trivia game, the fact that Jesse in "Breaking Bad" was supposed to die in season 1 will probably come in handy; similarly, Jack Shephard was supposed to die in the pilot of "Lost." But NoHo Hank (Anthony Carrigan) is on a whole other level: not only was he also supposed to get killed off in the pilot episode of "Barry," but realistically he probably should've died multiple times throughout each season so far. Everyone else on the show suffers from the natural consequences of their actions, but Hank charmingly slithers away from those consequences every time.
The first episode of "Barry" season 4 shows Hank enjoying the rewards of his latest escape from certain death, chilling in a nice house with his boyfriend Cristobal (Michael Irby), both of them now disconnected from the mob groups that kept them apart. Unfortunately, this peaceful existence doesn't last long: Hank finds out Barry's been arrested, so he agrees to go along with Cristobal's sand operation as part of his plan to break Barry out of prison. At the end of episode 2, things are further complicated by the discovery than Barry is now working with the FBI.
"We have to kill Barry," Hank says. Since there are still six episodes left and the show is named after Barry, it doesn't seem like Hank will pull this off any time soon. But even though the objective odds of a Barry vs. Hank showdown certainly lean in Barry's favor, history tells us that luck is on Hank's side.
Hank cheated death for the first time at the end of the pilot episode, when Barry ends up shooting him down from across the street in the middle of the night. This is the first time that the audience truly gets to see Barry's assassin skills in action, and it looks like he expertly takes out everyone in the car within a few seconds. This scene could easily have been the last we saw of NoHo Hank.
Yet not only does Hank survive, but he also leaves a functioning camera in the car, which thankfully ensures that he and Barry's storylines will be entwined for at least the rest of the season. Later on in the series, it seems like Hank will be in danger from the Bolivian mob, but in a pleasant twist Cristobal turns out to be a really cool guy. Turns out, violence was never necessary in this situation at all.
Hank gets another bit of good luck at the end of the season when he tells Barry about the other Chechens' plans to kill Fuches. Barry rescues Fuches and kills a bunch of Chechens in the process, which results in Hank taking charge of the Chechen mob. Go Hank!
Admittedly, this isn't all good news — as season 2 makes clear early on, Hank is definitely not qualified for this job — but Hank's luck still has a long way to go before it ever runs out.
"Barry" season 2 also gives us Hank's second attempt to murder Barry, and this time it's one of the funniest scenes in the whole series. Hank has his guy Akhmal (Troy Caylak) attempt to snipe Barry out from the roof of a nearby building. Akhmal misses multiple times, Barry figures out what's going on, and he ends up sneaking up on them and turning the tables. Barry isn't even that mad that Hank just tried to murder him; he's mildly annoyed, as if he'd gotten into a minor fender bender.
The scene culminates in Barry nearly shooting Hank right then and there. Hank puts on a brave face and dares Barry to do it, but luckily this is early season 2 and Barry's still trying to be a good person. Even though killing Hank is the smart, pragmatic thing to do, Barry choose to spare Hank's life.
Later in the season, Hank and his men end up constrained and left inside a bus that the Burmese mafia light on fire. Surely this will be the end of Hank, right? Wrong again. Because Barry's been training his men for the past few episodes, they're now capable of escaping the bus on their own, all while Hank monologues to himself about how he's not cut out for this life.
Going into the season 2 finale, things still don't look good for Hank: he's alive, sure, but he's lost the respect of his crew. Luckily, Barry swoops in and kills the guys for reasons that have basically nothing to do with Hank's situation, so that's not a problem anymore. After a season of ups and downs, Hank is back on top!
"Barry" season 3 was the darkest chapter so far, and not even sweet, lovable Hank was immune to its effects. Early on, he finds out that Cristobal has a wife back at home, and soon he and Cristobal are separated by the Bolivian mob, seemingly forever. Hank travels to Bolivia, gets knocked out and imprisoned, and then gets chained up in a cell in Cristobal's home. This is the part where "Barry" turns into a full horror show, as Hank is forced to listen to his friends in the other cell getting eaten alive by a panther.
Although Hank has never been what most would call tough, here he manages to break his handcuffs and wrestle a gun from a guard's hands. Admittedly, he only pulls this off because the guard is terrible at his job — he has a gun, but chooses to charge at Hank instead of shooting from a distance — but it's still pretty cool. Hank shoots his way out of his cell, then murders Cristobal's homophobic wife. It's a disturbing storyline with a happy ending, made extra surprising by the fact that this time Hank actually fights his way out of the situation, rather than letting his safety rest on the whims of those around him. Is it still insanely improbable that he survived this whole ordeal? Yes, but let's not argue with a good thing.
Really, it's Cristobal who's truly the luckiest character of season 3 (apart from being kidnapped and tortured by his wife), as the fourth episode involves him surviving a massive explosion that kills everyone else in the house. "Barry" can often be cruel to its main characters, but Hank and Cristobal always seem to get a break when they need them.
Season 4 gives Hank and Cristobal the opportunity to escape the dangerous life that has previously dictated their every move. But Fuches couldn't handle that opportunity, and neither can they. It only takes about five minutes of retirement bliss before Cristobal wants to get in touch with a bunch of mob guys to start a sketchy sand transportation business, and it only takes Hank another five minutes to start plotting a prison break.
If there's a theme to "Barry" so far, it's probably that you can never truly escape your past. Barry tried , and he ended up in prison; Sally tried, and she ended up dating an assassin and abusing her former assistant. Characters keep grasping at the chance to start a new life, but reality keeps swooping in to punish them for it. Even Cousineau, who appears to have successfully turned over a new leaf in his acting career, seems unlikely to get out of all this scot-free. (If Barry doesn't get revenge, I wouldn't be surprised if the reporter he tries to woo in the second episode ends up painting him in a bad light.)
In other words, despite the preternatural ability to escape death they've demonstrated thus far, all the signs point to a tragic ending for Hank and Cristobal in "Barry" season 4. They've had their chance at a peaceful life and they've rejected it, and even when Barry's in prison he's still not to be trifled with. Logically, realistically, and thematically, Hank should not survive this season. But then again, has logic and reason ever stopped Hank before?
New episodes of "Barry" air Sundays at 10 p.m. ET on HBO and HBO Max.
Read this next: The 18 Best Crime Dramas In TV History
The post Will NoHo Hank Make It Out of Barry Season 4 Alive? appeared first on /Film.
Increasing our attention on cybersecurity at VA is an absolutely critical component of our vision and its focus on operational excellence. Our highest priority is protecting our Veterans’ personal information and ensuring our systems and services are available to care for our Veterans, their families, and care providers. Moreover, we believe that we don’t get the right to deliver on the next set of feature improvements to our product and services unless we first create and maintain a secure environment that is shielded against cyber attacks.
The digital footprint of the Department of Veterans Affairs (VA) is vast, including over 500,000 desktops at over 2,000 locations, interfacing with over 1,000 systems. The significance of size makes the tasks of security in this environment very challenging. It’s made more difficult by the diversity of systems, the age of those systems, and the fact that they don’t share a common structure or architecture.
To address this risk and complexity, the federal government expends a lot of effort on establishing security policies, which helps establish baseline requirements for good cybersecurity practices and configurations, but policy alone is insufficient. It’s much easier to create security policies than enforce them. Policies are often created that are unrealistic to enforce. Others may not be at the right level of specificity to be actionable. Still others may be the result of an external mandate that is not aligned with the overall risk-based priorities of the organization. As a result, there’s a temptation to conclude that because you’ve defined a comprehensive set of policies and rolled them out as requirements, you’ve solved the problem; yet policies and their enforcement are only one component of a strong cybersecurity program.
VA has many security policies that drive a great number of processes around compliance checking. Even the Federal Information Security Modernization Act (FISMA) audit, conducted each year by our Office of the Inspector General (OIG), is highly focused on whether VA is adhering to our own policies. This isn’t wrong. However, auditing compliance with security policy isn’t equivalent to auditing the organization’s security. To ensure a highly secure environment, we must complement security policy with a deep technical assessment of our security posture and engineering efforts.
We need to increase our focus on risk-based assessments of our current security posture. We must constantly assess where we feel the greatest risks are that need mitigating. These assessments should ask:
Executive Order (EO) 14028 requirements provide many focus areas for improving our nation’s cybersecurity—namely, deploying secure government cloud services, implementing Zero Trust architecture government-wide, and mandating multifactor authentication and encryption. But more than simply being a federal mandate, VA embraced Zero Trust Architecture as our security framework because it is powerful. It is comprehensive yet simple to understand. At its heart, it has a simple premise: assume you’ll be breached and then ask, “What can they get their hands on?”. There should be no implicit trust by virtue of having gained access to the Intranet.
It’s easy to find recommended implementation paths for Zero Trust, but it’s not a project with a beginning and an end. Nor can you write up an execution plan that works for all organizations. Zero Trust creates a solid framework for implementing robust security in an organization, but the implementation order needs to reflect your view of the greatest risks in the organization. For us at VA, there are a number of areas we focus on:
We can and must make these multiple investments simultaneously, since most will take time to come to fruition. An example of this is achieving least privileged access, a difficult technology and business process challenge.
We must measure and track our progress relentlessly. For us, we focus on the most pressing near-term goals through our OKRs—Objectives and Key Results (OKR). We establish a set of OKRs that represent our highest priority cybersecurity efforts, drive hard to accomplish the goals we set, and edit the list as we accomplish more or the environment changes.
In my view, organizations shouldn’t be too enamored with maturity models. These models aren’t well calibrated to the degree of implementation difficulty and are generalizations, while breaches are specific. I think they’re best used as a list of potential investments to use in assessing your strategy. You still have to figure out which investments you believe will yield the greatest improvement in security per erg of energy expended.
In an organization as complex as VA, people have many competing priorities and real-time distractions that divert attention from even high priorities like cybersecurity. As a result, there must be forcing functions that drive compliance. Fortunately, there are two such gates for all projects in the federal government: Federal IT Acquisition Reform Act (FITARA) compliance and the Authorization to Operate (ATO) process. All projects must pass through these two gates. We leverage FITARA to ensure all IT projects have a good plan in place for cybersecurity and that clearly articulate the people who are accountable. We use the ATO process to assess our true level of system security—and that the project maintains a high expected security level—not just that it adheres to our cybersecurity policies. In addition to reviewing compliance against cybersecurity policies, we push for a true technical assessment of the residual cyber risks of operating the system and a discussion of whether they are acceptable risks for the organization. In the end, the Authorizing Officer (AO) must feel that they are personally signing off on the risk for the entire organization and must take that responsibility seriously.
Shadow IT is inevitable in any organization, and we have much more than I’d like at VA. We can’t fully eliminate it, but it can’t be a place where cyber risk is introduced. We need to ensure a strong cybersecurity skillset in the team that owns and manages the Shadow IT system. This isn’t easy, since the organization’s non-IT businesses often own Shadow IT, and technology is not their mission. That’s what’s most scary about Shadow IT. We need to ensure that if the business is insistent on owning the system, they understand and adhere to all cybersecurity requirements in the organization. This is a great place to use FITARA and ATO as hard gates that Shadow IT systems and services must pass through. This depends on ensuring the organization’s CIO reviews all Shadow IT investments, so that they go through these gates, and that the CIO feels personally accountable for the security of the Shadow IT system, even if he or she doesn’t have day-to-day responsibilities for managing it. It’s one of the toughest mismatches between authority and accountability in the CIO role.
As I mentioned, in an organization as vast as VA, it’s easy to focus solely on cybersecurity policy adherence rather than the technical assessment of cyber risk. The reality is that deep technical assessment and mitigation planning necessitates strong cyber skills. Even policy adherence roles benefit from a strong technical understanding of cybersecurity. With the high demand for cybersecurity skills in the market, building these skills internally is critically important. It also represents a valuable career path for an IT professional, including veterans, who represent half the OIT team. We are working to increase our focus on building strong cyber skills and career paths in the organization, driving the effort across our cyber workforce recruitment, hiring, and retainment efforts. We believe that we have a huge opportunity to onboard smart individuals, build their cyber skills, and in so doing, build a skillset that results in a rewarding and fulfilling career for them and an enduring asset for VA.
Security is a space where the adage that it’s impossible to prove a negative is particularly apt. There is no way to prove that your organization is secure from cyberthreats. Even if you could, cyber attacks are getting more sophisticated all the time. I’ve read intrusion scenarios that have left me amazed at the multi-step process to exploitation—scenarios that had to be explained to me multiple times before I truly understood them. The evolving speed and rapid adoption of AI only enhances these risks by making it easier to parse through large volumes of data to find patterns and potential vulnerabilities in software code as examples. The threats to an organization will always increase, and so too must our readiness for new threats supported by our ability to remediate and recover from them.
Reflecting on all of this, not only is it impossible to prove that your organization is secure, it’s impossible to prove your organization hasn’t already been exploited. Hackers will gain entrance to an organization, insert a vulnerability, and wait to exploit it until they have all the information they need or the time is right.
The only appropriate posture under these circumstances is to assume you’ve been breached, theorize how it’s done, and work as hard and as fast as you can to close the vulnerabilities. In short, you need to be continuously paranoid about being exploited to to give your organization a good chance that you won’t be.
My first post on this topic didn't result in a great deal of engagement, but that's okay. I wrote the first post with part II already loaded in the chamber, and I'm going to continue with this topic because, IMHO, it's immensely important.
I've see more times than I care to count findings and reports going out the door without validation. I saw an analyst declare attribution in the customer's parking lot, as the team was going on-site, only to be proven wrong and the customer opting to continue the response with another team. Engagements such as this are costly to the consulting team through brand damage and lost revenue, as well as costly to the impacted organization, through delays and additional expenses to reach containment and remediation, all while a threat actor is active on their network.
When I sat down to write the first post, I had a couple more case studies lined up, so here they are...
Case Study #3
Analysts were investigating incidents within an organization, and as part of the response, they were collecting memory dumps from Windows endpoints. They had some information going into the investigations regarding C2 IP addresses, based on work done by other analysts as part of the escalation process, as well as from intel sources and open reporting, so they ran ASCII string searches for the IP addresses against the raw memory dumps. Not getting any hits, declared in the tickets that there was no evidence of C2 connections.
What was missing from this was the fact that IP addresses are not employed by the operating system and applications as ASCII strings. Yes, you may see an IP address in a string that starts with "HTTP://" or "HTTPS://", but by the time the operating system translates and ingests the IP address for use, it's converted to 4 bytes, and as part of a structure. Tools like Volatility provide the capability to search for certain types of structures that include IP addresses, and bulk_extractor searches for other types of structures, with the end result being a *.pcap file.
In this case, as is often the case, analyst findings are part of an overall corporate-wide process, a process that includes further, follow-on findings such as "control efficacy", identifying the effectiveness of various controls and solutions within the security tech stack to address situations (prevent, detect, respond to) incidents, and simply stating in the ticket that "no evidence of communication with the C2 IP address was found" is potentially incorrect, in addition to not addressing how this was determined. If no evidence of communications from the endpoint was found, then is there any reason to submit a block for the IP address on the firewall? Is there any reason to investigate further to determine if a prevention or detection control failed?
Case Study #4
Let's look at another simple example - as a DFIR analyst, you're examining either data collected from an endpoint, or an acquired image, and you see a Run key value that is clearly malicious; you've seen this one before in open reporting. You see the same path/file location, same file name.
What do you report?
Do you report, "...the endpoint was infected with <malicious thing>...", or do you validate this finding?
Do you:
- determine if the file pointed to by the value exists
- determine if the Run key value was disabled <-- wait, what??
- review the Microsoft-Windows-Shell-Core/Operational Event Log to see if the value was processed
- review the Application Event Log, looking for crash dumps, WER or Application Popup records for the malware
- review the Security Event Log for Process Creation events (if enabled)
- review Sysmon Event Log (if available)
- review the SRUM db for indications of the malware using the network
If not, why? Is it too much of a manual process to do so? Can the playbook not be automated through the means or suite you have available, or via some other means?
But Wait, There's More...
During my time as a DFIR analyst, I've seen command lines used to created Windows services, followed by the "Service Control Manager/7045" record in the System Event Log indicating that a new service was installed. I've also seen those immediately followed by a "Service Control Manager/7009" or "Service Control Manager/7011" record, indicating that the service failed to start, rather than the "Service Control Manager/7036" record you might expect. Something else we need to look for, going beyond simply "a Windows service was installed", is to look for indications of Windows Error Reporting events related to the image executable, application popups, or application crashes.
I've seen malware placed on systems that was detected by AV, but the AV was configured to "take no action" (per AV log messages), so the malware executed successfully. We were able to observe this within the acquired image by validating the impacts on the file system, Registry, Windows Event Log, etc.
I've seen threat actors push malware to multiple systems; in one instance, the threat actor pushed their malware to six systems, but it only successfully executed on four of those systems. On the other two, the Application Event Log contained Windows Error Reporting records indicating that there was an issue with the malware. Further examination failed to reveal the other impacts of the malware that had been observed on the four systems that had been successfully infected.
I worked a PCI case once where the malware placed on the system by the threat actor was detected and quarantined by AV within the first few hours it was on the system, and the threat actor did not return to the system for six weeks. It happened that that six weeks was over the Thanksgiving and Christmas holidays, during a time of peak purchasing. The threat actor returned after Christmas, and placed a new malware executable on the system, one that was not detected by AV, and the incident was detected a week later. In the report, I made it clear that while the threat actor had access to the system, the malware itself was not running and collecting credit card numbers during those six weeks.
Conclusion
In my previous post, I mentioned that Joe Slowik referred to indicators/artifacts as 'composite objects', which is something that, as an industry, we need to understand and embrace. We cannot view artifacts in isolation, but rather we need to consider their nature, which includes both being composite objects, as well as their place within a constellation. We need to truly embrace the significance of an IP address, a Run key value, or any other artifact what conducting and reporting on analysis.
Read more of this story at Slashdot.
