This message showed when I entered the serial specifically made for pirates. Right now feeling nothing but respect for plugin devs. Next month Imma buy this plugin 100% fixed, need it or don’t need it doesn’t matter anymore lol.

  • Cinner@lemmy.worldB
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    28
    ·
    edit-2
    1 year ago

    ====================

    Edit: Can any fellow infosec nerds chime in and say whether this is readable or not? I feel like I just wrote it incoherently because I was stoned. I hope that’s what happened anyway, and people pirating software aren’t actually this ignorant about network security.

    tl;dr: Disgruntled employee wants to make a bunch of easy crypto from the company he hates. cracks contain viruses a non-minimal amount of the time. This turned into a story about an easier way this coworker could be doing it to introduce his own ransomware and get away with it, and then I went into how I would do it if that was the intention.

    I have no idea if this is the reason or if OPs colleague really hated scrolling down and clicking Accept. Maybe he just wanted the legit version for himself.

    ====================

    This sounds like a great way to introduce your 2-year-delay ransomware on the company without it being as risky of a charge if you’re caught. Only fired for causing a ransomware infection out of neglect and stupidity if caught, just make sure you tell a few coworkers about it.

    Although it’d be easier to plug in a USB drive you found in the parking lot with folder [company name blackmail] which contains “[hot male coworkers name] NUDES.zip.ws” and “[hot female coworkers name] NUDES.zip.ws

    Just make sure you buy a throwaway laptop and install a Russian or Chinese language pack and use that as the primary system language when opening the final source code before you add some CN/RU strings in the file and compile. Use Google Lens to translate in realtime from a burner smartphone /e/OS and location disabled. Make 3 drives and toss 2 of them from your car window in hard to find places a week before, with multiple days between. Then on the day you find yours, covertly chuck it from the roadway an hour before opening in the general area you park, and show up 5 minutes early in the spot you usually park. Make sure you always show up somewhat early. Then “notice it” and walk in and plug it in.

    Ransomware starts after a 2 day delay, they being in LE and find the others that were dropped. Make sure to use neoprene gloves, as latex can pass fingerprints through.

    • Dragonish7767@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      Haha okay infosec engineer here… I think this blurb is hard to read maybe a little because you wrote it high and maybe a little because you’re overestimating what the average person knows about security.

      Your first paragraph there makes sense but it would’ve definitely benefited from a little additional explanation. I don’t think it was super clear you were referring to an insider threat scenario. People probably could’ve got that by breaking it down a little more, but naturally they jumped to the next part hoping for more context.

      But you jumped into a hypothetical alternative means to introduce ransomware to a device. And it’s not necessarily that people don’t know plugging in strange thumb drives is bad, as you suggested in another comment. It’s the jargon (maybe not really jargon but thats the best word that came to mind) you used. You talked about a lot of things a bad actor would do, but the average Joe does not know why you’d be doing most of those things. And even if they do it’s still not going to make much sense if they didn’t grasp what you were saying in the first paragraph.

      But ultimately yes, what you said does make sense if you have some Security knowledge (at least a bit more than just basic awareness training) and break down what you’re first paragraph is trying to say.

      • Cinner@lemmy.worldB
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        6
        ·
        edit-2
        1 year ago

        Seriously? 21 downvotes? Is everyone in the piracy Lemmy completely ignorant and unaware of USB drops? Do you guys not get information security training at work?

        I’m talking about https://www.osibeyond.com/blog/usb-drop-attacks-cause-cybersecurity-incidents - USB drops and how that’d be the ideal way I would do it, if I were going to.

        I was basically making a story about how OPs colleague could be using cracked programs so the ransomware he coded didn’t get him charged, but instead only fired.

        I watched Office Space recently and I was high when I wrote it so maybe it didn’t come read as well as I thought it did.

        P.S. .ws files can be as dangerous as .exe and .com/bat/PS1 if that’s what’s confusing people.

        • locuester@lemmy.zip
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          1 year ago

          I’m failing to draw a connection between what OP said about his friend, and the rant you wrote.

          • Dragonish7767@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            2
            ·
            1 year ago

            Well op said “colleague” rather than friend, which I point out only because that is presumably why they made the connection to work.They’re referring to using pirated software at work, which could introduce ransomware without you knowing it. Ransomware can remain dormant for extended periods of time, giving it a better chance to evade security controls and spread to other machines.

          • Cosmic Cleric@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            2
            ·
            edit-2
            1 year ago

            I am technically less than 49.999999999 bot.

            Take that as you will.

            That’s exactly what a bot would say.

            (I kid, I kid. Er, I think.)

      • Cinner@lemmy.worldB
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Unless he cracked it himself, he wouldn’t know for s long time if the cracks were malicious or not. When I found an uploader that had so much working software even the smaller more obscure and niche stuff, I tried to stay with him…Eventually I did malware analysis (hobby at the time) and found out he was binding his password manager stealer to the main program or some necessary .dll that was called my the main program.

        That was on IPTorrents private tracker, and he was incredibly highly regarded.

        I cum in my pants thinking about the number of different accounts he stole over all those years. I was able to access a similar dumb via ftp and hardcore username and password in the downloader, but that uploader has his bound file so crazy hidden.

        The rest was high me writing a story about what your coworker could have been doing, Office Space style.

      • Cinner@lemmy.worldB
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Many IT security guys go their whole career without touching malware analysis so I’m not one bit surprised.

        Your post insinuated this was happening at work

        Anyway if doesn’t matter. I’ll take the L for trying to share some information.

        • IHadTwoCows@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Out of “friend” , “acquaintance”, “associate”, and “colleague”, the last one seemed to fit the best.

          Maybe shoulda gone with “I know a guy”

          • Cinner@lemmy.worldB
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            lol I still would have gone on the same rant since it was him using cracked software at work after paying for it. No worries.