I'm sorry, I've been in this scene for a very, very long time and with experience comes balance and a holistic understanding. If you really know your shit in *nix then you can def get around better than this even in an os you're not familiar with.
Ron knew the exact folder path that holds the windows logs files. He may not know batch commands or syntax but should be able to decipher most of it's purpose.
LOL, just because the implementations of their data structures are different has nothing to do with walking the tree and manipulation. What you're referring to appears to be shell differentials and while cmd.exe/PS are different than *sh, there is enough similarity to not stumble around like a drunkard. Even more so if you use graphical mechanisms. All he had to do was to use msys2 and away he went. Ridiculous.
You've got to be kidding me. A 5 second search yields you use Event Viewer. You clearly don't know what you're talking about either. This is incredible.
I'm not an Admin. I'm a Cloud Engineer. My systems administration days are long behind me. That said, I can tell you first hand, there are many 300k Engineers that wouldn't know what to do with a batch file either as they worked almost exclusively on Macs or Linux shells for the past 30 - 40 years.
His exploration of the code and difference making was good enough for me.
A quick corollary to this, the difference between a Sys Admin and a DevOps Engineer is not what they do or do not know. Its their ability to understand and research information quickly to decipher the tech they are looking at.
I can tell you an anecdote about me right now: I don't know jack shit about Android or IOS development. Yet in the past 3 months, I have developed a cloud based mobile pipeline for the compiling and storage of both OS's for my current assignment.
Tech is so fluid that what may be the latest and greatest today, will be obsolete in a few years. The mark of a truly good Admin or Engineer is not knowing everything by heart, but researching and understanding an issue quickly and solving it.
Saying he should have 'done research' is pretty dismissive about the scale of differences from one OS to another.
No it isn't. It's common sense as I said. Would you go up in front of millions of people and "demo" something before doing some run throughs before hand?
I'm in the computer field. I have experience on both Windows and Linux platforms. I can certainly understand many on the Linux side looking down on Windows and not really being interested in knowing about that platform. However, if you're going to be presenting something which includes artifacts from the Windows platform you probably should have a cursory understanding of whatever you're going to present.
Feels like a show... they we're playing slow & dumb on purpose it felt like. They had to ask the crowd and find a random caller to help them read a batch script? Really? They did admit at the end of it though that they we're trying to baby-step through it to help the state legislators understand what doing digital forensics looks like.
With that being said... I agree, it's very painful to watch. We've already seen the 110% clear as day proof that our entire election was subverted by foreign and domestic enemies. Makes it more cringey knowing that and we just continue to look at more and more evidence, even though we don't need it... just drop the fking hammer already. If no "hammer" is coming then he needs to tell us that the USA has been successfully conquered by the CCP and rogue US Intel Agencies and to prepare.
With all due respect to them, bring up a forensic investigator and walk us through the basics of what to look for. You don't do forensics using FTK Imager. The fiddling around is causing damage because you are demonstrating to everyone who actually does IT or Cyber that you don't know what you are looking for. They could spend 5 minutes and download a poster from SANS DFIR of things to look for.
If this 3 days is meant to demonstrate to people at large they have solid evidence, this ain't it. Logs being deleted is certainly suspicious, but carve out the damn logs, throw them into ES and show the connection correlation graph with geoIP attribution and demonstrate external connectivity into the system. Also, show the SQL DB logs and the commands that were running on the DB, if in fact auditing was properly enabled.
Well, granted batch files are generally pretty easy to read and figure out. Maybe they have others there that are faster at it and he spends time finding suspicious items.
The fact he can't decipher a simple batch file is concerning. I am grossly underpaid.
Don't say that my friend, no need to put yourself down. You may be fine.
CodeMonkey, however, is grossly overpaid. That much is a given, and another matter entirely.
It's all a show. Ron's been thrown into the fire because he was admin for an anonymous internet forum? They should have had the colonel or his team there doing the investigation if they cared.
The don't put a non Windows person up as an expert if your trying to convince people of fraud. This isn't just a technical thing, it's a messaging and confidence thing. We need people who know how to express technical foundations in a graspable way for everyone else. Without that, the masses will just go back to their games and circuses
A proper tech engineer's ability to understand tech is what is important. To problem solve on the fly, and identify issues as well is the true mark of a legit Systems Admin/Engineer. CodeMoney has definitely displayed that in this presentation.
And its not unusual for an engineer to know jack about Windows. I was considered the 'PowerShell' expert in a company of 4000 that were all linux developers because I could futz around with the code a bit. This is not an unusual situation.
The very fact there have been many discoveries done by him in this presentation proves that point. The guy is legit.
You can make Windows tap dance across the table with it. But have you done the unholy: made a Powershell script run in a python script... within a WINDOWS BOX!?
LOL, or those who have used it too long and simultaneously use superior shells vs that macroshaft shit. You must be a wee toddler to say such things as you are.
I get it, I understand your point. But were talking about high stakes here, were talking about the President and Leader of the free world. If you aren't going to take the time to find a Windows System Expert to help make your point, perhaps we deserve this.
I agree. I'm not shitting on CM, he just wasn't the best choice to have going through this because he isn't familiar with it and was stumbling around. It wouldn't be a big deal but for the fact it looked unprofessional. Not sure why he was seeing this stuff for the first time either? Maybe he couldn't have looked at it earlier but if he could have, he should have.
Many of us are not winshit people, but we can get around in it 100x better than that.
I'm sorry, I've been in this scene for a very, very long time and with experience comes balance and a holistic understanding. If you really know your shit in *nix then you can def get around better than this even in an os you're not familiar with.
Ron knew the exact folder path that holds the windows logs files. He may not know batch commands or syntax but should be able to decipher most of it's purpose.
LOL, just because the implementations of their data structures are different has nothing to do with walking the tree and manipulation. What you're referring to appears to be shell differentials and while cmd.exe/PS are different than *sh, there is enough similarity to not stumble around like a drunkard. Even more so if you use graphical mechanisms. All he had to do was to use msys2 and away he went. Ridiculous.
You've got to be kidding me. A 5 second search yields you use Event Viewer. You clearly don't know what you're talking about either. This is incredible.
this
I'm not an Admin. I'm a Cloud Engineer. My systems administration days are long behind me. That said, I can tell you first hand, there are many 300k Engineers that wouldn't know what to do with a batch file either as they worked almost exclusively on Macs or Linux shells for the past 30 - 40 years.
His exploration of the code and difference making was good enough for me.
A quick corollary to this, the difference between a Sys Admin and a DevOps Engineer is not what they do or do not know. Its their ability to understand and research information quickly to decipher the tech they are looking at.
I can tell you an anecdote about me right now: I don't know jack shit about Android or IOS development. Yet in the past 3 months, I have developed a cloud based mobile pipeline for the compiling and storage of both OS's for my current assignment.
Tech is so fluid that what may be the latest and greatest today, will be obsolete in a few years. The mark of a truly good Admin or Engineer is not knowing everything by heart, but researching and understanding an issue quickly and solving it.
Well if it was me I'd probably do a bit of research on the subject before I was being watched by millions of people. Just common sense.
OK: go become a lawyer in a week.
Or be a doctor in a week.
Or general auto-mechanic in a week.
Saying he should have 'done research' is pretty dismissive about the scale of differences from one OS to another.
No it isn't. It's common sense as I said. Would you go up in front of millions of people and "demo" something before doing some run throughs before hand?
I'm in the computer field. I have experience on both Windows and Linux platforms. I can certainly understand many on the Linux side looking down on Windows and not really being interested in knowing about that platform. However, if you're going to be presenting something which includes artifacts from the Windows platform you probably should have a cursory understanding of whatever you're going to present.
I feel like CMz is there because of his reputation and following. They want as many eyes on this and people like and trust him so they'll tune in.
But he may have just lost a lot of credibility
Maybe to a few that don't understand the tech world, but not to those who do. He is legit based on what I have seen.
Many of us are.
What have you done for the audit fight lately?
I tend to agree with you on that, but I'm more focused on that batch file being on those machines in the first place.
Feels like a show... they we're playing slow & dumb on purpose it felt like. They had to ask the crowd and find a random caller to help them read a batch script? Really? They did admit at the end of it though that they we're trying to baby-step through it to help the state legislators understand what doing digital forensics looks like.
With that being said... I agree, it's very painful to watch. We've already seen the 110% clear as day proof that our entire election was subverted by foreign and domestic enemies. Makes it more cringey knowing that and we just continue to look at more and more evidence, even though we don't need it... just drop the fking hammer already. If no "hammer" is coming then he needs to tell us that the USA has been successfully conquered by the CCP and rogue US Intel Agencies and to prepare.
That being said... there are also many signs that point to us currently being in devolution.
he gets attention because of his genuine assistance enabling 8ch for Q research
If you don't interact with modern websites in a 5D hex editor on a monochrome CRT, you are not a serious anything. /shitpost /s
Take your updoot you magnificent bastard. LOL
butterflies ... If you dont get the quote you know nothing John Snow
Linux user so of course he dont much about windows system
Pure shill hate thread.
OP should send their resume from snopes. Might pay more than whatever glow farm they come from.
With all due respect to them, bring up a forensic investigator and walk us through the basics of what to look for. You don't do forensics using FTK Imager. The fiddling around is causing damage because you are demonstrating to everyone who actually does IT or Cyber that you don't know what you are looking for. They could spend 5 minutes and download a poster from SANS DFIR of things to look for.
If this 3 days is meant to demonstrate to people at large they have solid evidence, this ain't it. Logs being deleted is certainly suspicious, but carve out the damn logs, throw them into ES and show the connection correlation graph with geoIP attribution and demonstrate external connectivity into the system. Also, show the SQL DB logs and the commands that were running on the DB, if in fact auditing was properly enabled.
They are discussing the disabling the DB encryption. That is via the ForceEncryption DWORD 0 (disables database encryption) https://support.microsoft.com/en-us/topic/how-sql-server-uses-a-certificate-when-the-force-protocol-encryption-option-is-turned-on-6b709b78-24c7-fb45-cb6b-ec4cd975c824
Well, granted batch files are generally pretty easy to read and figure out. Maybe they have others there that are faster at it and he spends time finding suspicious items.
Don't say that my friend, no need to put yourself down. You may be fine.
CodeMonkey, however, is grossly overpaid. That much is a given, and another matter entirely.
It's all a show. Ron's been thrown into the fire because he was admin for an anonymous internet forum? They should have had the colonel or his team there doing the investigation if they cared.
Can't read a batch file, doesn't appear to know much about anything
The don't put a non Windows person up as an expert if your trying to convince people of fraud. This isn't just a technical thing, it's a messaging and confidence thing. We need people who know how to express technical foundations in a graspable way for everyone else. Without that, the masses will just go back to their games and circuses
A proper tech engineer's ability to understand tech is what is important. To problem solve on the fly, and identify issues as well is the true mark of a legit Systems Admin/Engineer. CodeMoney has definitely displayed that in this presentation.
And its not unusual for an engineer to know jack about Windows. I was considered the 'PowerShell' expert in a company of 4000 that were all linux developers because I could futz around with the code a bit. This is not an unusual situation.
The very fact there have been many discoveries done by him in this presentation proves that point. The guy is legit.
You can make Windows tap dance across the table with it. But have you done the unholy: made a Powershell script run in a python script... within a WINDOWS BOX!?
I have. Eeee....
PowerShell is about as fun as getting fucked in the ear by a dolphin.
LOL, or those who have used it too long and simultaneously use superior shells vs that macroshaft shit. You must be a wee toddler to say such things as you are.
So they should be putting people in position to succeed, not whatever this is
I get it, I understand your point. But were talking about high stakes here, were talking about the President and Leader of the free world. If you aren't going to take the time to find a Windows System Expert to help make your point, perhaps we deserve this.
I agree. I'm not shitting on CM, he just wasn't the best choice to have going through this because he isn't familiar with it and was stumbling around. It wouldn't be a big deal but for the fact it looked unprofessional. Not sure why he was seeing this stuff for the first time either? Maybe he couldn't have looked at it earlier but if he could have, he should have.
You will never find that guy. The people who can do that are easily 300-600k a year engineers.
And they are complete shut-ins, the kind of people you DEFINITELY don't want on a camera trying to make a case to save the world.
That is why there is a team of White Hats in the back room looking at this tech as well passing info forward... who aren't on camera.
This guy gets it.
Because batch and bash are totally the same right?
Get real