wdormann wdormann

Overview

We hopefully all know the 3-2-1 backup rule:

Three copies of your data
On two different media
One copy off-site

It's this last part of the rule that usually trips people up. Nobody wants to pay for online storage until the end of time. While it's convenient, paying for this insurance storage that you may never actually use isn't the most cost effective thing to do. But there's an alternative, which I have implemented as a combination of Hyper Backup and Tailscale. The only requirement is that you have a friend with an internet connection. If you are a Synology NAS user, implementing this solution is quite easy. Other platforms can surely implement a similar strategy, but that'll be left as an exercise to the reader.

Depending on the amount of data you need to back up, and whether you want redundancy within your remote backups, you may see savings after just 1 year. When it comes to the DiskS

	#!/usr/bin/env python3
	"""
	find_retpoline_gadgets_auto.py

	Find "retpoline-style" gadgets in an uncompressed vmlinux by looking for
	call/jmp rel32 instructions that target retpoline thunks (e.g.
	__x86_indirect_thunk_rax, __x86_return_thunk). The script will attempt to
	auto-compute the KASLR slide using /proc/kallsyms and the symbols inside the
	vmlinux ELF. You can also pass an explicit --slide to override.

	import socket
	import os

	def main():
	# Create a Unix Datagram (DGRAM) socket
	sock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)

	# Bind the socket to a file
	socket_path = './sock'
	if os.path.exists(socket_path):

	rule PathSegmentLNK {
	strings:
	$lnk_header = { 4C 00 00 00 01 14 02 00 00 00 00 00 C0 00 00 00 00 00 00 46 }
	$exe_string = ".exe" nocase
	$c_drive = "c:\\" nocase
	condition:
	$lnk_header at 0 and
	for any i in (0x80..0xC0): (
	uint8(i) == 0x5C and
	for any j in (i+1..0xC0): (uint8(j) == 0x5C)

	import subprocess
	import re
	import time
	import os
	from collections import defaultdict

	# Function to get the kernel version
	def get_kernel():
	result = subprocess.Popen(['uname', '-a'], stdout=subprocess.PIPE)
	output, _ = result.communicate()

	# Ensure the profile path exists
	if (!(Test-Path -Path $PROFILE)) {
	New-Item -Type File -Path $PROFILE -Force
	}

	# Define the content to add to the profile
	$profileContent = @'
	function Invoke-CMDDir {
	$cmdArgs = @('/c', 'dir') + $args
	& cmd.exe $cmdArgs

	sc start 0023ca0ca16a62d93ef51f3df98b2f94.bin
	[SC] StartService FAILED 87:

	The parameter is incorrect.

	sc start 0067c788e1cb174f008c325ebde56c22.bin
	[SC] StartService FAILED 4551:

	Your organization used Device Guard to block this app. Contact your support person for more info.

	sc start 0023ca0ca16a62d93ef51f3df98b2f94.bin
	[SC] StartService FAILED 577:

	Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

	sc start 0067c788e1cb174f008c325ebde56c22.bin
	[SC] StartService FAILED 4551:

	Your organization used Device Guard to block this app. Contact your support person for more info.