1. 17
  1.  

  2. 3

    Attribution is trivial and left as an exercise to the reader.

    Now I’m curious. Can you share the binary if you’re leaving that as an exercise to the reader?

    1. 1

      I think that was a joke. Attribution is usually the exact opposite of trivial.

      1. 6

        Apparently no. Over at the orange site: https://news.ycombinator.com/item?id=26302565

        tl;dr it looks pretty much like an exploit from Immunity.

        1. 1

          Yeah, I thought maybe the author was saying that someone was claiming credit if you looked at the strings, and for some reason didn’t want to call attention to whom.

          It works as a joke, too.

      2. 2

        Is this managing to evade the spectre mitigations in the kernel? The write-up doesn’t say.

        1. 3

          No it doesn’t.

          1. 2

            Well, that’s something I guess! Presumably this is targetting users stuck on old kernels or windows systems that pre-data spectre mitigations.

            Do you think it was accidentally uploaded to virustotal by the authors?

            1. 4

              Presumably this is targetting users stuck on old kernels or windows systems that pre-data spectre mitigations

              I’d be curious to see if it works when all the mitigations that can be disabled using boot parameters get disabled.

              There seems to be a vocal set that likes to do that. I’ve got no idea whether they’re numerous enough to give this kind of thing significant practical use.

              1. 3

                Well, that’s something I guess! Presumably this is targetting users stuck on old kernels or windows systems that pre-data spectre mitigations.

                I’ve seen a number of people assert that they disable spectre mitigations on their servers, with whatever justification.

                It’s also popular “advice” in video game circles, although that would be more directly applicable to a windows exploit rather than this windows version.