Archive for the ‘en-US’ Category

Jon DiMaggio, a cyber threat intelligence expert at Analyst1, shares a gripping account of his two-year infiltration of the LockBit ransomware gang. By earning the trust of its leader, LockBitSupp, Jon unmasked the real-world identity of this elusive figure, disrupting the syndicate’s operations. His narrative blends human intelligence with cyber expertise, offering a masterclass in combating ransomware through undercover operations.

Infiltrating the LockBit Syndicate

Jon recounts his covert journey, posing as a potential affiliate to gain access to LockBit’s inner circle. Through strategic exchanges, he built rapport with LockBitSupp, navigating the dark web’s complexities. His interactions, documented in real-time, reveal the gang’s operational structure and reliance on affiliate hackers, providing a rare glimpse into the ransomware ecosystem.

Unmasking LockBitSupp

A pivotal achievement was identifying LockBitSupp’s real-world identity, a feat that challenged the narrative of his anonymity. Jon’s persistence, despite threats of retaliation, led to public exposure via an indictment, disrupting LockBit’s operations. He emphasizes that this identification required meticulous intelligence work, countering claims that LockBitSupp’s operational security was amateurish.

Impact on Ransomware Operations

Jon’s actions had unintended consequences, including a perceived breach that rattled LockBit’s infrastructure. By leaking sensitive communications, he forced the gang to divert resources, weakening their operational resilience. His work with law enforcement amplified this impact, showcasing the power of combining human intelligence with technical analysis to dismantle cybercrime networks.

Lessons for Combating Cybercrime

Concluding, Jon advocates for integrating human intelligence into cybersecurity strategies. His experience underscores the value of undercover operations in understanding and disrupting threat actors. By sharing his methodologies, Jon inspires researchers to adopt similar tactics, strengthening defenses against ransomware and safeguarding organizations worldwide.

Links:

• Jon DiMaggio on LinkedIn
• Analyst1 company website
• Ransomware Diaries Volume 5: Unmasking LockBit

At KotlinConf2024, Jake Wharton, a Kotlin enthusiast, shared his journey of running Compose UI on a smart light switch powered by embedded Linux. Sparked by a friend’s discovery of a backdoor granting root access, Jake transformed a $50 Amazon switch into a custom platform. He navigated challenges from setting up a JVM and Kotlin Native to configuring a graphics stack with Skia and handling touch inputs, culminating in a live demo of a touchable UI controlling the switch’s relay, showcasing Compose UI’s multiplatform potential.

A Side Project Ignited by a Backdoor

Jake’s project began in January 2023 when a friend revealed a smart switch’s ADB server allowed password-free root access, discovered via Home Assistant forums. The Decora-style switch, with a touchscreen, light sensor, and microphone, ran a stripped-down Linux. Jake snipped an extension cord to power it and confirmed root access via ADB, setting the stage for custom software. This accessibility, though later patched by the manufacturer, fueled his ambition to replace the Flutter-based UI with Compose UI, blending curiosity with technical challenge.

Bootstrapping the JVM and Kotlin Native

To run Compose UI, Jake first tested the JVM on the switch’s limited 150MB storage. He pushed a Linux ARM JRE and a Java “Hello World” class, confirming JVM functionality. Next, he compiled a Kotlin Native “Hello World” for Linux ARM, proving Kotlin could run natively. These steps established a foundation, but the switch’s constraints—no compiler, minimal storage—required compiling on a host machine and transferring binaries, a process complicated by the need to match the device’s library versions, like libDRM 2.4.

Wrestling with the Graphics Stack

Rendering Compose UI required a graphics stack, but the switch’s Flutter app used Linux’s Direct Rendering Manager (DRM) with OpenGL ES, not OpenGL. Jake’s initial attempt to use Compose UI Desktop failed due to missing OpenGL and X11 dependencies. He ported C-based DRM code to Kotlin Native, meticulously matching the switch’s libDRM version (2.4.87) by analyzing binaries. This process, spanning months, involved pulling headers and shared objects from the device, ensuring compatibility, and overcoming compilation hurdles, like missing toolchains for Linux ARM.

Skia: Rendering Pixels with Kotlin

To draw pixels, Jake turned to Skia, the graphics library powering Flutter and Android. JetBrains’ Skiko library, binding Skia to Kotlin, lacked Linux ARM support for OpenGL ES. Jake forked Skiko, modifying it to use EGL, and endured weeks of GitHub Actions builds to compile Skia for ARM. He integrated Skiko’s C++ and Kotlin bindings, enabling rendering of basic shapes (e.g., red backgrounds, blue circles). This step, though painful, proved Kotlin Native could handle the switch’s display, setting the stage for Compose UI.

Handling Touch Inputs

Interactivity required processing touchscreen inputs. Jake used Linux’s evtest to identify the switch’s touchscreen events, capturing X/Y positions and touch states (down/up). He implemented a single-pointer event parser in Kotlin Native, mapping raw events to a data class within the render loop. This avoided multi-touch complexity, as the switch supported only one pointer. By feeding these events to Compose UI, Jake enabled touch interactions, like button ripples, transforming the switch into a responsive interface, despite occasional crashes during live demos.

Bringing Compose UI to Life

Integrating Compose UI was surprisingly straightforward compared to prior challenges. Jake forked JetBrains’ Compose UI repository, adding a Linux ARM target and implementing expect/actual declarations for dependencies like input handling and scrolling. He replaced low-level Skiko calls with Compose UI’s entry point, passing a Skia canvas and touch events. Initial text rendering crashed due to font issues, but a simple button worked, displaying ripples on touch. Jake’s UI, controlling the switch’s relay via a Unix domain socket and Ktor, demonstrated Compose UI’s adaptability, running the same code on desktop for development.

Demo and Future Potential

Jake’s live demo, despite power converter issues, showcased a draggable switch UI toggling a light bulb, built with Compose UI and Kotlin multiplatform. An enclosure housed the switch, highlighting its real-world application. He envisioned future enhancements, like Home Assistant integration or music control, noting the project’s infancy. Community contributions, like his friend Eric’s interactive component, and public forks for Skiko and Ktor, underscore the project’s collaborative spirit. Jake cautioned against internet-connecting the switch due to security concerns, urging manufacturers to simplify hacking for innovation.

Links:

• KotlinConf website
• Kotlin website
• JetBrains website
• Skia website
• Jake Wharton’s Talk
• Kotlin on Twitter

The Pwnie Awards, a cornerstone of DEF CON, celebrate the triumphs and missteps of the cybersecurity community with a blend of reverence and humor. Hosted by Ian Roose, this annual ceremony honors groundbreaking research and notable blunders, judged by a panel of esteemed security experts. The 2024 edition, sponsored by Margin Research, Red Balloon Security, and Summercon Foundation, pays tribute to luminaries like Sophia d’Antoine, whose lifetime achievements have shaped the field.

Celebrating Cybersecurity Excellence

Ian opens the ceremony by highlighting its role in recognizing outstanding contributions. The Pwnies showcase the best exploits and research, voted on by peers, offering a unique platform for hackers to gain recognition. From novel vulnerabilities to innovative defenses, the awards reflect the community’s ingenuity, fostering a culture of excellence and accountability in cybersecurity.

Honoring Sophia d’Antoine’s Legacy

A poignant moment comes with the Lifetime Achievement Award for Sophia d’Antoine, accepted by her sister Claudia d’Antoine of Margin Research. Sophia’s work, spanning hacking, policy advocacy, and training with Binary Ninja, left an indelible mark. Ian emphasizes her ethos of curiosity and community care, inspiring attendees to continue her legacy of impactful research and collaboration.

Acknowledging Community Contributions

The ceremony acknowledges the broader community, including nominees, presenters, and sponsors like Margin Research and Red Balloon Security. Ian highlights the collective effort behind the event, from organizers like Neil Durkin and Mark Trumpour to the audience’s participation. This collaborative spirit underscores the Pwnies’ role in uniting hackers to advance the field through shared knowledge and recognition.

Looking Forward to Future Impact

Closing, Ian reflects on the Pwnies’ role in inspiring future research. By celebrating both successes and failures, the awards encourage resilience and innovation. The call to stay curious, inspired by Sophia, resonates as a guiding principle, urging attendees to push boundaries and strengthen cybersecurity through collective effort.

Links:

• Margin Research company website
• Red Balloon Security company website
• Summercon Foundation website

In a riveting exploration of one of the most sophisticated cyberattacks in recent history, Thomas Roccia, a security researcher at Microsoft, unravels the intricate tale of the XZ backdoor. Discovered by Andres Freund in March 2024, this clandestine operation compromised the open-source XZ utility, specifically its liblzma library, threatening SSH servers worldwide. Thomas’s narrative dissects the attacker’s methods, the discovery’s serendipity, and the broader implications for open-source security, urging the community to remain vigilant.

The Discovery of the XZ Backdoor

Thomas begins by recounting the fortuitous discovery by Andres Freund, a Microsoft engineer, who noticed anomalies in the XZ utility. The backdoor, orchestrated by a mysterious maintainer named Jia Tan, was embedded in the liblzma library, a critical component for SSH operations. This breach could have granted attackers remote access to countless systems. Thomas highlights the mix of luck and expertise that led to the detection, emphasizing how close the internet came to a catastrophic compromise.

The Attacker’s Modus Operandi

Delving into the operation, Thomas outlines how Jia Tan infiltrated the XZ project by gaining trust over time. The attacker, potentially backed by a nation-state, employed sophisticated techniques to insert malicious code, exploiting the project’s open-source nature. By meticulously integrating the backdoor into legitimate updates, Jia Tan evaded scrutiny until Freund’s investigation. Thomas details the technical mechanics, including how the backdoor manipulated SSH authentication, underscoring the attacker’s deep understanding of Linux systems.

Lessons for Open-Source Security

The XZ incident exposes vulnerabilities in open-source ecosystems, where trust in contributors is paramount. Thomas advocates for enhanced vetting processes and automated code analysis to detect anomalies early. He stresses the importance of community awareness, as knowledge of such attacks is a key defense. The incident redefines what constitutes a sophisticated attacker, prompting a reevaluation of how open-source projects manage contributions and verify integrity.

Future Vigilance and Community Action

Concluding, Thomas poses a haunting question: how many other Jia Tans are embedding backdoors in open-source projects? He urges researchers to study the XZ case, leveraging blogs and technical write-ups from contributors like Freund. By fostering a culture of transparency and collaboration, the community can bolster defenses, ensuring that open-source software remains a pillar of trust rather than a vector for compromise.

Links:

• Thomas Roccia on LinkedIn
• Microsoft company website
• Andres Freund’s blog on XZ backdoor

Case

In SpringBatch, a batch is scheduled in a bean JobScheduler with

[java]
@Scheduled(fixedDelay = 60000)
void doSomeThing(){…}
[/java]

.
How to have different schedules, per environment, for instance: keep the fixedDelay=60000 in prod, but schedule with a Cron expression in local dev?

Solution

Add this block to the <JobScheduler:

[java]
@Value("${jobScheduler.scheduling.enabled:true}")
private boolean schedulingEnabled;

@Value("${jobScheduler.scheduling.type:fixedDelay}")
private String scheduleType;

@Value("${jobScheduler.scheduling.fixedDelay:60000}")
private long fixedDelay;

@Value("${jobScheduler.scheduling.initialDelay:0}")
private long initialDelay;

@Value("${jobScheduler.scheduling.cron:}")
private String cronExpression;

@Scheduled(fixedDelayString = "${jobScheduler.scheduling.fixedDelay:60000}", initialDelayString = "${jobScheduler.scheduling.initialDelay:0}")
@ConditionalOnProperty(name = "jobScheduler.scheduling.type", havingValue = "fixedDelay")
public void scheduleFixedDelay() throws Exception {
if ("fixedDelay".equals(scheduleType) || "initialDelayFixedDelay".equals(scheduleType)) {
doSomething();
}
}

@Scheduled(cron = "${jobScheduler.scheduling.cron:0 0 1 * * ?}")
@ConditionalOnProperty(name = "jobScheduler.scheduling.type", havingValue = "cron", matchIfMissing = false)
public void scheduleCron() throws Exception {
if ("cron".equals(scheduleType)) {
doSomething(); }
}
[/java]

In application.yml, add:

[xml]
jobScheduler:
# noinspection GrazieInspection
scheduling:
enabled: true
type: fixedDelay
fixedDelay: 60000
initialDelay: 0
cron: 0 0 1 31 2 ? # every 31st of February… which means: never
[/xml]

(note the cron expression: leaving it empty may prevent SpringBoot from starting)

In application.yml, add:

[xml]
jobScheduler:
# noinspection GrazieInspection
scheduling:
type: cron
cron: 0 0 1 * * ?
[/xml]

It should work now ;-).

🙋‍♀️🙋‍♂️ Question

CREATE OR REPLACE TABLE sales (
    region STRING,
    amount NUMBER
);

INSERT INTO sales VALUES 
    ('North', 100),
    ('South', 200),
    ('North', NULL),
    ('East', 150);

SELECT SUM(amount) FROM sales WHERE region = 'West';

SELECT SUM(CASE WHEN amount IS NOT NULL THEN amount ELSE 0 END) AS total_sales 
FROM sales 
WHERE region = 'West'; 

SELECT COALESCE(SUM(amount), 0) AS total_sales 
FROM sales 
WHERE region = 'West'; 

Here’s a super tricky Java interview question that messes with developer intuition:

❓ Weird Question:

“What will be printed when executing the following code?”

import java.util.*;

public class TrickyJava {
 public static void main(String[] args) {
 List list = Arrays.asList("T-Rex", "Velociraptor", "Dilophosaurus");
 list.replaceAll(s -> s.toUpperCase());
 System.out.println(list);
 }
 }

The Trap:

At first glance, everything looks normal:

Arrays.asList(...) creates a List.
replaceAll(...) is a method in List that modifies elements using a function.
Strings are converted to uppercase.
Most developers will expect this output:

[T-REX, VELOCIRAPTOR, DILOPHOSAURUS]

But surprise! This code sometimes throws an UnsupportedOperationException.

✅ Correct Answer:

The output depends on the JVM implementation!

It might work and print:

[T-REX, VELOCIRAPTOR, DILOPHOSAURUS]

Or it might crash with:

Exception in thread "main" java.lang.UnsupportedOperationException
at java.util.AbstractList$Itr.remove(AbstractList.java:572)
at java.util.AbstractList.remove(AbstractList.java:212)
at java.util.AbstractList$ListItr.remove(AbstractList.java:582)
at java.util.List.replaceAll(List.java:500)


Why?

Arrays.asList(...) does not return a regular ArrayList, but rather a fixed-size list backed by an array.
The replaceAll(...) method attempts to modify the list in-place, which is not allowed for a fixed-size list.
Some JVM implementations optimize this internally, making it work, but it is not guaranteed to succeed.

Key Takeaways

Arrays.asList(...) returns a fixed-size list, not a modifiable ArrayList.
Modifying it directly (e.g., add(), remove(), replaceAll()) can fail with UnsupportedOperationException.
Behavior depends on the JVM implementation and internal optimizations.

How to Fix It?

To ensure safe modification, wrap the list in a mutable ArrayList:

List list = new ArrayList<>(Arrays.asList("T-Rex", "Velociraptor", "Dilophosaurus"));
list.replaceAll(s -> s.toUpperCase());
System.out.println(list); // ✅ Always works!


As circuits chronicle careers spanning scores, David Whitney, Director of Architecture at New Day and a prolific purveyor of programming tomes, confronts the crossroads of craft and chronology. A confessed creator of code and children’s chronicles, David delves into the dialectic of drudgery and delight, navigating the nebulous nexus of necessity and narrative in tech’s turbulent tapestry. His homily, heartfelt and humorous, harvests hard-won harmonies for enduring in an ephemeral enterprise.

David divulges dread: a talk trepidation-tinged, yet tendered to temper existential echoes. He heralds the hustle’s hollowness—monetary machinations versus meaningful makings—imploring identities intact amid instability. From fledgling forays to seasoned sojourns, David’s dispatch distills decades: delight in doing, despite detours.

Identity in the Interface: Crafting Careers Amid Chaos

Tech’s tumult tests tenacity: layoffs loom, languages lapse, yet purpose persists. David decries the drift—coding’s call versus climbing’s cachet—urging anchors in avocations: open-source odysseys, personal projects that pulse with passion.

He honors the hustle’s hybrid: salaried sustenance sustains side quests, where whimsy weaves worth. David’s dictum: diversify delights—write, teach, tinker—to transmute tenure into tapestry, resilient against redundancies.

Harmony in the Hustle: Balancing Billable with Beloved

The eternal equipoise: paid pursuits versus private passions. David dissects dilemmas—overtime’s overreach, burnout’s brink—beseeching boundaries: billable by day, beloved by dusk. His heuristic: harvest joy in journeyman jobs, channeling competence to causes cherished.

Mentorship mirrors meaning: guiding greenhorns gleans gratification, reciprocity in retrospectives. David’s dawn: embrace evolution—roles recede, relevance renews through relentless reinvention.

Optimism’s Odyssey: Growing Through the Grind

David’s denouement: optimism as ordinance. Persevere with patience—code’s camaraderie conquers crises, colleagues’ kindness kindles kinship. His litany: listen to users, laugh in logs, love the labor—error messages as endearments, PRs as partnerships.

His poem’s plea: prioritize presence—headphones in hives, grace for novices, green tickets for givers. In machines’ maw, meaning manifests in making—mindful, magnanimous, merry.

Links:

• New Day company website
• David Whitney on LinkedIn

Allan Cecil, known as dwangoAC, a prominent figure in the speedrunning community and founder of TASBot, tackles the pervasive issue of cheating in video game speedrunning. By leveraging tool-assisted speedruns (TAS), Allan exposes fraudulent records, including a long-standing Diablo speedrun in the Guinness Book of World Records. His presentation, enriched with technical insights and community-driven investigations, champions transparency and integrity in competitive gaming.

The Challenge of Speedrunning Cheating

Allan introduces the concept of tool-assisted speedruns, where emulators enable frame-by-frame precision to achieve theoretically perfect gameplay. Cheaters misuse these tools to pass off TAS runs as human efforts, undermining leaderboards. Allan’s mission, sparked by his work with TASVideos.org, is to detect such deceptions, as seen in high-profile cases like Todd Rogers’ Dragster and Maciej Maselewski’s Diablo run.

Investigating the Diablo Record

Focusing on Maselewski’s 3-minute, 12-second Diablo record, Allan and his team, including Matthew Petroff, used TASBot to recreate the run. Their analysis revealed inconsistencies in software versions, missing frames, and item anomalies, suggesting tampering. By crafting a legitimate TAS run just one second faster, Allan demonstrated that human records could surpass the fraudulent time, restoring fairness to the Diablo community.

Tool-Assisted Detection Techniques

Allan details the technical prowess behind TAS, using emulators to record precise inputs and verify gameplay on real hardware. His TASBot, a robot mimicking controller inputs, has raised over $1.5 million for charity at events like Games Done Quick. By analyzing frame data and game mechanics, Allan identifies subtle signs of splicing or unauthorized modifications, empowering moderators to uphold leaderboard integrity.

Fostering Community Integrity

Concluding, Allan advocates for clear delineation between TAS and human speedruns to prevent misuse. His open-source approach, including a detailed document at diablo.tas.bot, invites community scrutiny and collaboration. By debunking fraudulent records, Allan not only protects speedrunning’s legitimacy but also inspires researchers to apply similar rigor to cybersecurity investigations, drawing parallels between game integrity and system security.

Links:

• Allan Cecil on LinkedIn
• TASVideos.org website
• TASBot website
• Bishop Fox company website

Jamal Eason, Tor Norbye, and Ryan McMorrow present updates in Android Studio and Firebase, focusing on AI integration, performance improvements, and debugging enhancements to streamline app creation.

Roadmap and AI-Driven Enhancements

Android Studio’s evolution includes Hedgehog’s vital insights, Iguana’s baseline support, and Jellyfish’s stable release. Koala preview introduces Gemini-powered features, expanding to over 200 regions with privacy controls.

Quality focus addressed 900+ bugs, improving memory and performance by 33%. Gemini aids code generation, explanations, and refactoring, fostering efficient workflows.

Advanced Editing and Integration Tools

Koala’s IntelliJ foundation offers sticky lines for context, improved code navigation, and enhanced Compose previews with device switching. Firebase integrations include Genkit for AI workflows and Crashlytics for issue resolution.

App quality insights aggregate crashes, aiding prioritization. Android device streaming enables real-device testing via Firebase.

Debugging and Release Process Innovations

Crashlytics’ diff feature pinpoints crash origins in version history. Device streaming reproduces issues on reserved hardware, ensuring wipes for security.

Release shifts to platform-first with feature drops, doubling stable updates for better stability and predictability.

Links:

• Jamal Eason on LinkedIn
• Tor Norbye on LinkedIn