May 2026
M	T	W	T	F	S	S
	1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Archive for the ‘Uncategorized’ Category

Ransomware gangs are loving this dumb but deadly ESXi flaw • The Register

Posted by jpluimers on 2024/07/30

Do you have your VMware ESXi hypervisor joined to Active Directory? Well, the latest news from Microsoft serves as a reminder that you might not want to do that given the recently patched vulnerability that has security experts deeply concerned.

…

Essentially, if an attacker was able to add an AD group called “ESX Admins,” any user added to it would by default be considered an admin.

https://www.theregister.com/2024/07/30/make_me_admin_esxi_flaw/

Posted in Uncategorized | Leave a Comment »

Het schoonmaken van een rolstoel. Een rolstoel moet 1x per week worden schoongemaakt voor comfortabel gebruik en voor verlengen van de levensduur.

Posted by jpluimers on 2024/07/26

Het schoonmaken van een rolstoel. Een rolstoel moet 1x per week worden schoongemaakt voor comfortabel gebruik en voor verlengen van de levensduur.

Thread met foto’s: [Wayback/Archive] Thread by @NLzorg1 on Thread Reader App

--jeroen

Posted in Uncategorized | Leave a Comment »

Automated CrowdStrike BSOD Workaround in Safe Mode using Group Policy · GitHub

Posted by jpluimers on 2024/07/19

Most affected organisations have found out the hard way why out of band management is important.

Job 1 in repairing CrowdStrike.. get access to computer. https://t.co/zHsl0zw2Tq pic.twitter.com/g8tNIK42s4
— techAU (@techAU) July 21, 2024

“Do I have the Crowdstrike?” as a question in the public domain.

I think there is such a thing as bad publicity.

And this is it.

Being (unconsciously) labelled as a virus as a security company. One would think that’s not advantageous. https://t.co/F94YoKv8uR
— Maaike (on 🟦 🌫️) (@iktwiet) July 20, 2024

Build secure out-of-band communication into your incident response plan.
— Whitney Merrill (@wbm312) July 19, 2024

Automated Workaround in Safe Mode using Group Policy

You can set up a GPO to run a script during Safe Mode. Here’s how you can do this:

Create the PowerShell Script

Create a PowerShell script that deletes the problematic CrowdStrike driver file causing BSODs and handles the Safe Mode boot and revert:

# CrowdStrikeFix.ps1
# This script deletes the problematic CrowdStrike driver file causing BSODs and reverts Safe Mode

$filePath = "C:\Windows\System32\drivers\C-00000291*.sys"
$files = Get-ChildItem -Path $filePath -ErrorAction SilentlyContinue

foreach ($file in $files) {
    try {
        Remove-Item -Path $file.FullName -Force
        Write-Output "Deleted: $($file.FullName)"
    } catch {
        Write-Output "Failed to delete: $($file.FullName)"
    }
}

# Revert Safe Mode Boot after Fix
bcdedit /deletevalue {current} safeboot

Create a GPO for Safe Mode
- Open the Group Policy Management Console (GPMC).
- Right-click on the appropriate Organizational Unit (OU) and select Create a GPO in this domain, and Link it here....
- Name the GPO, for example, CrowdStrike Fix Safe Mode.
Edit the GPO
- Right-click the new GPO and select Edit.
- Navigate to Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup/Shutdown).
- Double-click Startup, then click Add.
- In the Script Name field, browse to the location where you saved CrowdStrikeFix.ps1 and select it.
- Click OK to close all dialog boxes.

Force Safe Mode Boot Using a Script

Create another PowerShell script to force Safe Mode boot and link it to a GPO for immediate application:

# ForceSafeMode.ps1
# This script forces the computer to boot into Safe Mode

bcdedit /set {current} safeboot minimal
Restart-Computer

Create a GPO to Apply the Safe Mode Script
- Open the Group Policy Management Console (GPMC).
- Right-click on the appropriate Organizational Unit (OU) and select Create a GPO in this domain, and Link it here....
- Name the GPO, for example, Force Safe Mode.
- Right-click the new GPO and select Edit.
- Navigate to Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup/Shutdown).
- Double-click Startup, then click Add.
- In the Script Name field, browse to the location where you saved ForceSafeMode.ps1 and select it.
- Click OK to close all dialog boxes.
Apply the GPOs
- Make sure the Force Safe Mode GPO is applied to the affected computers first.
- The computer will boot into Safe Mode and execute the CrowdStrikeFix.ps1 script.
- Once the issue is fixed, the script will revert the boot settings to normal mode.

view raw CRWD-GPO.md hosted with ❤ by GitHub

Crowdstrike fix for blue screen issue
Workaround Steps:
1Boot Windows into Safe Mode or the Windows Recovery Environment
2Navigate to the C:WindowsSystem32driversCrowdStrike directory
3Locate the file matching “C-00000291*.sys”, and delete it.
4Boot the host
— SANS.edu Internet Storm Center (@sans_isc) July 19, 2024

It started on a Thursday USA time

I'm in awe of the scale of the Crowdstrike / Windows BSOD issue.

Here are the most startling images I've seen morning.

Let's start with this: at 10pm PT yesterday, famous @troyhunt notices that something odd is happening to Windows systems:https://t.co/0KWDELUycT
— Gene Kim (@RealGeneKim) July 19, 2024

The potentially faulty Crowdstrike CSagent.sys hit VT last night. Compiled on July 9th. https://t.co/yyfY0v5dJk pic.twitter.com/aHO1AGSXSp
— Costin Raiu (@craiu) July 19, 2024

For years to come, the IT admin team will bring this up whenever you ask them to install another agent on the endpoints#CrashStrike #CrowdStrike
— Florian Roth (@cyb3rops) July 19, 2024

Note "channel updates …bypassed client's staging controls and was rolled out to everyone regardless" https://t.co/UecaAmJdqc

A few IT folks who had set the CS policy to ignore latest version confirmed this was, ya, bypassed, as this was "content" update (vs. a version update)
— Patrick Wardle (@patrickwardle) July 19, 2024

"They pushed a new kernel driver out to every client without authorization to fix an issue with slowness and latency that was in the previos Falcon sensor product. They pissed over everyone's staging and rules and just pushed this to production"https://t.co/XVEJoLTBeM https://t.co/eYq3Fy0fAS
— 🦆 SchizoDuckie 🦆 (@SchizoDuckie) July 19, 2024

https://t.co/daXQLipeLv "This is going to turn out to be the biggest cyber incident ever in terms of impact, just a spoiler, as recovery is so difficult," says one expert
— The Register (@TheRegister) July 19, 2024

Am I reading this right? This news story came out _yesterday_ about how companies are getting sloppier with reviewing major app updates. The story was based on research done to promote a cybersecurity company called……. CrowdStrike https://t.co/hQ85SPEsmz
— Tom Rivlin (@TomRivlin) July 19, 2024

https://www.wired.com/story/crowdstrike-outage-update-windows/

Crazy visual: 12-hour timelapse shows plane traffic over the US with the FAA grounding Delta, United, and American Airlines flights during this morning's outage pic.twitter.com/KRuL3HjZVf
— Morning Brew ☕️ (@MorningBrew) July 19, 2024

https://threadreaderapp.com/thread/1814343502886477857.html

CrowdStrike CEO is getting pummeled for his response to the global outage.

Why everyone hates it:

1) WEAPONS-GRADE CORPO SPEAK

Let’s be clear. Legalese doublespeak is designed to dodge and obfuscate rather than inform or communicate. This statement was obviously written by a… pic.twitter.com/oLua908QR2
— Lulu Cheng Meservey (@lulumeservey) July 19, 2024

6) WOEFULLY INSUFFICIENT SH*TS GIVEN

This statement conveys that the CEO thinks you’re overreacting. Everyone calm down; it was only a global outage that took down emergency rooms and the London Stock Exchange.

In fact, not even that — it was “a defect found in a single… pic.twitter.com/5qDg8qXAJL
— Lulu Cheng Meservey (@lulumeservey) July 19, 2024

https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/

The fun of doing risk analyses. pic.twitter.com/TEDFAvATay
— Queen Fennec (@Queen_fennec) July 19, 2024

https://www.wheresyoured.at/crowdstruck-2/?ref=ed-zitrons-wheres-your-ed-at-newsletter

The smart thing in light of the Crowdstrike global outage is to look not to Crowdstrike, but your own company:

What happens when someone (anyone!) pushes code that passes all internal tests but crashes prod for most customers? When do you discover it? Is it before customers?
— Gergely Orosz (@GergelyOrosz) July 20, 2024

Here’s the thing folks. I’ve been coding 32 years. When something like this happens it’s an organizational failure. Yes, some human wrote a bad line. Someone can “git blame” and point to a human and it’s awful. But it’s the testing, the Cl/CD, the A/B testing, the metered…
— Scott Hanselman 🌮 (@shanselman) July 20, 2024

For those who don't remember, in 2010, McAfee had a colossal glitch with Windows XP that took down a good part of the internet. The man who was McAfee's CTO at that time is now the CEO of Crowdstrike. The McAfee incident cost the company so much they ended up selling to Intel. pic.twitter.com/DgWid6MSK0
— Anshel Sag (@anshelsag) July 19, 2024

Seems legit. Per LinkedIn he worked in 2010 as McAfee CTO and in April 2010 there was a faulty antivirus update that sent WinXP into a reboot loop.https://t.co/2zOyRun6P8 https://t.co/hlq45zIWIA
— biased estimator (@biasedestimator) July 20, 2024

We created a no-prompt bootable ISO with WinPE that auto-deletes the bad crowdstrike file. Then automount to VDI machines and have them boot to it. We've done hundreds this way.
— Brooks Peppin (@brookspeppin) July 19, 2024

Rebooting 3 and up to 15 or more times is working on a large percentage of machines. It appears that sometimes the network stack is up long enough and crowdstrike update mechanism is able to fix the broken .sys file. Try rebooting over and over and over and over. Seriously.
— A:a.ron (@_aarony) July 19, 2024

How we did this in the old days:
When I was on Windows, this was the type of thing that greeted you every morning. Every. Single. Morning.

You see, we all had a secondary "debug" PC, and each night we'd run NTStress on all of them, and all the lab machines. NTStress would… pic.twitter.com/rZkvpujbcr
— Dave W Plummer (@davepl1968) July 20, 2024

Don’t worry. #Crowdstrike did the same thing to RedHat Linux last month https://t.co/ljDNuj3wdt caused kernel panic https://t.co/RzttnmYnLN
— Scott Hanselman 🌮 (@shanselman) July 20, 2024

https://t.co/6v14UJjKzL
— Scott Hanselman 🌮 (@shanselman) July 20, 2024

Have you ever seen a Wiki created with 165 references about a security incident, within 12 hours?https://t.co/lPV4I2eTlh pic.twitter.com/xEF9J2Rg8B
— Packymancard (@packymancard) July 19, 2024

Yup. Config (and input data generally) is just another form of control flow, only it's chunks of your application code that are the control flow primitives. Data format interpreters are not fundamentally different to virtual machine interpreters.
— Barry Kelly (@barrkel) July 21, 2024

(Others may have mentioned this?) but we find many references "channel files" in @CrowdStrike's patents that provide more insight into their purpose, format, etc.

Search:
"channel file" assignee:(Crowdstrike, Inc.)

For example in US11822515B2 & US11645397B2: pic.twitter.com/cGMWADBe3x
— Patrick Wardle (@patrickwardle) July 21, 2024

https://threadreaderapp.com/thread/1814671109758828859.html

I worked as a Linux distro dev 25 years ago. We tried migrating the whole company to our OS, but our core business functions like sales & HR could not work so we switched them all back.
Even if you migrated only servers, business users would still be on Windows.
Stop fantasizing.
— Katie🌻Moussouris (she/her/she-ra/she-hulk) (@k8em0) July 20, 2024

So am I right in thinking the whole thing about that .sys file not being a kernel driver is bullshit because it’s a configuration file for a kernel driver?
— Mark Rendle 🇺🇦 (@markrendle) July 20, 2024

The potential attack surfaces for 3rd party windows kernel drivers is massive

https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/allocated-altitudes

All these third-party AV/EDR kernel drivers. Now if this isn't a nice attack surface… https://t.co/4kpdps3gXt pic.twitter.com/FbtZhBcGr3
— x0rz (@x0rz) July 21, 2024

IMHO the root of today's kernel issues with Windows go back to Windows NT 3.51. Then MS isolated the kernel from 3rd party drivers but the result was games, printer drivers, and AV sw stopped working & would have to be rewritten. So MS relented & changed architecture with NT 4.0
— Briain Ó hEoghanáin (Brian Honan) #BLM He/Him (@BrianHonan) July 22, 2024

Complex systems fail in complex ways.

Someone asked for my take on the root cause of the @CrowdStrike debacle.

Looking at this from the lens of systems engineering, I conclude that there's not so much a root cause as there is a cascading set of causes:

There clearly a…
— Grady Booch (@Grady_Booch) July 22, 2024

crowdstrike conspiracy theories pic.twitter.com/C6TiMK8C1Y
— Forrest Brazeal (@forrestbrazeal) July 25, 2024

Posted in Uncategorized | Leave a Comment »

/dev/null: MicrosoftDocs kills the usage of GitHub issues in favour of using the dreaded Microsoft Q&A site and a non-public tracking system

Posted by jpluimers on 2024/07/13

Sad to see @WindowsDocs ruining the best part of Microsoft docs 🤦‍♂️ https://t.co/7hX0ThLPL5 pic.twitter.com/dmjXC2EouY
— .Morten 🪁🗺💻 (@dotMorten) July 13, 2024

https://github.com/MicrosoftDocs/windows-dev-docs/issues/3258

Posted in Uncategorized | Leave a Comment »

FreeDOS turns 30 shortly after FreeBSD turns 31 • The Register

Posted by jpluimers on 2024/07/02

https://www.theregister.com/2024/07/02/freedos_30_freebsd_31/

Via

FreeDOS and FreeBSD prove old code never dies, just gets nifty updates https://t.co/UOEbB7HWn6

Anniversary time and both are going strong into their 30s

← by me on @theregister
— Liam Proven (@lproven) July 2, 2024

Posted in Uncategorized | Leave a Comment »

NASA broadcasted the solar eclipse’s shade on earth as seen from the ISS

Posted by jpluimers on 2024/04/09

International Space Station footage from the shadow that the solar eclipse projected on earth.

Ever seen a total solar #eclipse from space?

Here is our astronauts' view from the @Space_Station pic.twitter.com/2VrZ3Y1Fqz
— NASA (@NASA) April 8, 2024

Via

Thank you @NASA & ISS @Space_Station for the Solar Eclipse video from Space. These are clips recorded from @ABC sightings viewed by their anchors from New York where I'm from, Lake Chaplain, Vermont, Indianapolis, Indiana & Cleveland Ohio. #SolarEclipse2024 #SolarEclipse #NASA https://t.co/S02wrUSQIT pic.twitter.com/0lS74Xd2AE
— LLeigh_Laura 🌀 🌊 (@LeighNYC_Laura) April 9, 2024

From a GEOS

Here is a full disk view of @NOAA’s GOES East satellite capturing the moon's shadow during the total eclipse! #Eclipse2024 pic.twitter.com/VkkncwhVuI
— NWS Austin/San Antonio (@NWSSanAntonio) April 8, 2024

Twitter NASA account joke @NASAMoon  blocks @NASASun ☀️ as visible from @NASAEarth :

Oops I did it again 🤭 #TotalSolarEclipse pic.twitter.com/JXPe26qq3Q
— NASA Moon (@NASAMoon) April 8, 2024

Posted in Uncategorized | Leave a Comment »

Sixty years ago today, IBM announced the System/360, a line of computers that took over the computer industry. The big idea was that all the systems were compatible and supported all applications (a 360° range from business to scientific).

Posted by jpluimers on 2024/04/08

https://x.com/kenshirriff/status/1777022892477239724

Sixty years ago today, IBM announced the System/360, a line of computers that took over the computer industry. The big idea was that all the systems were compatible and supported all applications (a 360° range from business to scientific). 1/9 pic.twitter.com/rWydq4zmrX
— Ken Shirriff (@kenshirriff) April 7, 2024

Posted in Uncategorized | Leave a Comment »

Grady Booch (@Grady_Booch) on Twitter:There are lies, damned lies, and LLMs.

Posted by jpluimers on 2024/03/22

There are lies, damned lies, and LLMs.
— Grady Booch (@Grady_Booch) March 22, 2024

Posted in Uncategorized | Leave a Comment »

Microsoft OAuth Authentication and Thunderbird in 2024 | Thunderbird Help

Posted by jpluimers on 2024/03/22

https://support.mozilla.org/en-US/kb/microsoft-oauth-authentication-and-thunderbird-202

Via

Getting there … 😊 ActiveSync / "Exchange" support would have me remove all other e-mail clients I use on Android, Windoze, and Linux… 🤔🤘🏻

(Well, TBH, on Linux, I only use TB, and do "the other" accounts via Firefox.)
— Joaquim Homrighausen (@joho68) March 22, 2024

Posted in Uncategorized | Leave a Comment »

On the ignore list: “e/acc” Effective accelerationism – Wikipedia

Posted by jpluimers on 2024/03/22

https://en.wikipedia.org/wiki/Effective_accelerationism

Via

https://t.co/AXobCQHnw3
— Mike W (@gekido) March 21, 2024

Public service announcement

If you have e/acc in your bio, I will not engage with you; it is a waste of my time, not unlike trying to have a rational conversation with a MAGA supporter.
— Grady Booch (@Grady_Booch) March 21, 2024

this tweet keeps getting proven correct pic.twitter.com/k9a5G20wVF
— college hill (@thecollegehill) March 21, 2024

If you see something like this, prepare yourself for the stupidest opinion you've ever read in your life. pic.twitter.com/89Jee45Vde
— NecroKuma (@NecroKuma3) January 9, 2024

https://twitter.com/search?q=from%3A%40NecroKuma3%20e%20acc&src=typed_query

Posted in Uncategorized | Leave a Comment »

« Previous Entries

Next Entries »

	Jeroen Wiert Pluimer… on Arjen Lentz Crystal Ball Vulne…
	Jeroen Wiert Pluimer… on Digitale toegankelijkheid als…
	Jeroen Wiert Pluimer… on Digitale toegankelijkheid als…
	Vereniging NLUUG on Digitale toegankelijkheid als…
	jpluimers on Sony STR-DE205 Receiver…

The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

Twitter Updates

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘Uncategorized’ Category

Ransomware gangs are loving this dumb but deadly ESXi flaw • The Register

Het schoonmaken van een rolstoel. Een rolstoel moet 1x per week worden schoongemaakt voor comfortabel gebruik en voor verlengen van de levensduur.

Automated CrowdStrike BSOD Workaround in Safe Mode using Group Policy · GitHub

Automated Workaround in Safe Mode using Group Policy

/dev/null: MicrosoftDocs kills the usage of GitHub issues in favour of using the dreaded Microsoft Q&A site and a non-public tracking system

FreeDOS turns 30 shortly after FreeBSD turns 31 • The Register

NASA broadcasted the solar eclipse’s shade on earth as seen from the ISS

Sixty years ago today, IBM announced the System/360, a line of computers that took over the computer industry. The big idea was that all the systems were compatible and supported all applications (a 360° range from business to scientific).

Grady Booch (@Grady_Booch) on Twitter:There are lies, damned lies, and LLMs.

Microsoft OAuth Authentication and Thunderbird in 2024 | Thunderbird Help

On the ignore list: “e/acc” Effective accelerationism – Wikipedia

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

My Flickr Stream

Pages

All categories

Email Subscription

Archive for the ‘Uncategorized’ Category

Rate this:

Share this:

Rate this:

Share this:

Automated Workaround in Safe Mode using Group Policy

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this: