this post was submitted on 21 Aug 2024
697 points (97.4% liked)

Curated Tumblr

3883 readers
890 users here now

For preserving the least toxic and most culturally relevant Tumblr heritage posts.

Image descriptions and plain text captions of written content are expected of all screenshots. Here are some image text extractors (I looked these up quick and will gladly take FOSS recommendations):

-web

-iOS

-android

Please begin copied raw text posts (lacking a screenshot that makes it apparent it is from Tumblr) with:

# This has been reposted here to Lemmy as part of the "Curated Tumblr Project."

I made the icon using multiple creative commons svg resources, the banner is this.

founded 1 year ago
MODERATORS
 
top 34 comments
sorted by: hot top controversial new old
[–] [email protected] 51 points 2 months ago

My body has this great feature where if I don't get enough sleep, it starts tensing up. And if it's tensed up, I can't sleep.

[–] [email protected] 37 points 2 months ago

"Feeling good? Great! Let's think about your childhood trauma!"

[–] [email protected] 34 points 2 months ago* (last edited 2 months ago) (1 children)

……… fuck.

no the other thing

[–] [email protected] 14 points 2 months ago (1 children)

Do you fuck by lying unconscious for 8 hours? Your stamina is astounding, but you need to be a little more active.

[–] [email protected] 7 points 2 months ago (1 children)
[–] [email protected] 2 points 2 months ago

Well then you're exaggerating those 30s by a lot.

[–] [email protected] 29 points 2 months ago (1 children)

Sorry best I can do is a 2 hour nap in 30 minutes chunks to not go offline in slack and back to capitalist hell tryna survive another day.

[–] [email protected] 21 points 2 months ago (2 children)

AutoHotkey is a good way to just have your mouse move a bit every 2 mins.

Loop {
    MouseMove, 1, 1, 0, R
    MouseMove, -1, -1, 0, R
    Sleep, 120000
}
[–] [email protected] 19 points 2 months ago* (last edited 2 months ago) (4 children)

FYI I work in cybersec and if your company uses any sort of EDR like Crowdstrike on the company machine we can easily search for and find AHK running if there's cause. We don't search things unless there's a sec alert, but there are tons of false positives. I wouldn't report it if I saw but YMMV. Policies also vary.

Much better to use a hardware jiggler. I think the Flipper Zero has an app for it that makes it work over Bluetooth.

[–] [email protected] 7 points 2 months ago

I wouldn't report it if I saw

You're a G.

[–] [email protected] 6 points 2 months ago (1 children)

Can a powershell script get caught?

[–] [email protected] 6 points 2 months ago

Yeah easily could be if someone looked.

Generally it's a safe assumption that your employer machine is fully compromised by them at ring-0 level, meaning they can see anything and everything from your browser history to your RAM, though the features of Crowdstrike specifically are fairly limited in that regard.

Now whether it will trigger an alert by itself or not depends.

Crowdstrike will often fire events for unrecognised scripts that match some heuristics, e.g. on Unix likes a lot of input redirects (pipe or >) or scripts over certain char length seemingly tend to be picked up.

We often get false positives from various IDEs using long tool chains on a CLI under the hood when compiling programs on dev machines for instance. System shells (bash, ksh, zsh, powrshell, cmd.exe) tend to produce more false positives than e.g. something like Python, so I assume they have much more aggressive detection.

In that case AHK is probably better as long as it's possible to install.

I wouldn't worry too much about being caught. Most cybersec teams and IT are so stretched and we're not narcs on average.

Just keep in mind that if you do this you should be able to afford losing the job in extremely unlucky circumstances.

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago) (1 children)

Undetectable unless infosec really knows what they're doing:

#!/bin/bash

## do random mouse movement with random sleep
( while :; do
    sleep ${RANDOM:1:1};   ## single digit sleep, double digit movement
    xdotool mousemove ${RANDOM:2:2} ${RANDOM:2:2}
) &

# obscure the process with another
pid=$!
mount -B /proc/${pid}/fd /proc/123/fd
[–] [email protected] 5 points 2 months ago (1 children)

I think if anything any command with pid (literally the word) will match a heuristic triggering an alert in EDR because disguising processor pid or manipulating pids in any way in bash doesn't have a lot of legitimate uses, similar to 'whoami' which just immediately alerts if run regardless of context because statistically it's a classic initial foothold step.

This will in fact alert security regardless of skill level. And most sec folks won't get this or understand what it means because tons and tons of people in the industry are just straight up non-technical, and those who are slightly technical will either:

  1. Trust tools more
  2. Disagree with the tool but defer to it to cover their ass

They might outsource this to IT, at which point you have an entire company up with IDR process activated in the dead of night.

You have to think a bit differently. You're not outsmarting hypothetical feds who are browsing your PC via a remote shell like it's an HtB CTF.

The point isn't to hide because hiding on a fully compromised machine is impossible, and outsmarting millions of dollars of R&D is too much of a long shot, the point is to do it in plain sight in a way no one can tell the difference between the legitimate and illegitimate.

An Arduino Leonardo will do the trick. A flipper zero, a phone app that lets you use it as a badusb to shake the mouse. You get the picture.

People use USB and Bluetooth mice all the time. You're just people. If someone says something, you say you just have a faulty mouse and stop.

[–] [email protected] 2 points 2 months ago (1 children)

If keywords are a trigger, then one could run the whole script through a bash obfuscator. I hear you though, I just think testing for hardware trickery would be easier to detect than software trickery. Running lsusb would give you the device id which could be mapped back to the product page.

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago)

Or you can just base64 encode/decode it. But that too is a common technique of obfuscation and I would be impressed and surprised if it didn't also trigger an alert

Running lsusb

But that's the thing. Nobody is going to be remoting into your machine and running lsusb on your computer without significant cause. If you're that paranoid you can change the VID and PID and name ez pz.

[–] [email protected] 2 points 2 months ago (1 children)

or just get an oscillating fan and connect your mouse to it by a stick or something.

[–] [email protected] 2 points 2 months ago

Haha or build an entire robot arm that just moves your mouse for you :)

[–] [email protected] 7 points 2 months ago

The world runs on AutoHotkey

[–] [email protected] 24 points 2 months ago (1 children)

"Okay, I'm laying in bed in the dark, can you make me unconscious now?"

"Nah."

[–] [email protected] 8 points 2 months ago (1 children)

Did you do the closed eyes thing?

[–] [email protected] 7 points 2 months ago (1 children)

Instructions unclear. Poked the eyes, now they stare at me from directly above my head.

[–] [email protected] 3 points 2 months ago

Task failed successfully.

[–] [email protected] 20 points 2 months ago (2 children)

No shit, part of my therapy was sleep well, the drugs they prescribed me were mostly to knock me to sleep, and it made more good than anything that I try before.

[–] [email protected] 19 points 2 months ago

Sleep is the most important meal of the day.

[–] [email protected] 2 points 2 months ago

I have pills that let me sleep. The best things that have ever happened to me, even though some days I still don't sleep, but that's not the point.

[–] [email protected] 11 points 2 months ago

Unexpected Nathan Pyle.

[–] [email protected] 5 points 2 months ago (1 children)

Jokes on you, my brain doesn't work properly and my DNA sucks. In fact it's so broken that I have to take not only antidepressants, but something that allows my body to properly take in the antidepressants, and my brain still doesn't serotonin correctly. Just "well enough" to keep me nominally functional mostly. God help me if I miss a dose.

[–] [email protected] 3 points 2 months ago

Okay, that is fucking horrible. I hope you somehow get better soon, and fast!

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago)

I couldn't sleep longer then like 7/8 hours if i tried, I went to bed at 1 last night, woke up at like 830-9 and had to will myself back to sleep. and that was a good nights sleep

[–] [email protected] -3 points 2 months ago* (last edited 2 months ago) (2 children)

That’s why I am a big fan of ~~drugs~~ substances

Morning uppers, Evening downers and life is 2x more efficient. It’s not even about recreation or fun it’s just transhumanism. Upgrading your mortal shell, utilising all the untapped inner chemistry to your advantage whether it be hot chocolate or adderall.
Also changing your mindset, confronting your fears. You become a god. Independent from any external stimuli or standards, the only progress is measured by yourself.

[–] [email protected] 16 points 2 months ago (1 children)

That you, Elon? Those drugs aren't good for you.

[–] [email protected] -4 points 2 months ago* (last edited 2 months ago)

It’s surprisingly accurate remark. Musky has clear narcissism and I also have high traits of such personality style.
But the guy is phobic, bigoted, trump lover and total piece of shit as opposed to me so similarities are limited. Someone more fragile could even be offended by this superficial comparison but this is internet.

[–] [email protected] 5 points 2 months ago

You want your own body to work those chemicals.