If you are a threat actor, you could get lucky and there isn't another Endpoint Detection and Response product installed, which would almost certainly intercept this.
If you are an EDR vendor, this is an obfuscated API call that EDR vendors can use to suppress or disable the Windows Firewall. CrowdStrike for example, can do either I believe, use Windows Firewall or use their implementation.
Well this is a straightforward sentiment with a real "my body, my choice" ring to it, isn't it? Until it isn't.
Perhaps your hardware, when connected to a network, has real effects on the rest of that network. What if your system joined a botnet and began DDOS activities for payment? What if your system was part of a residential proxy network, and could be rented in the grey market for any kind of use or abuse of others' systems? What if your system became a host for CSAM or copyright-violating materials, unbeknownst to you, until the authorities confiscated it?
And what if your hardware had a special privileged location on a corporate network, or you operated a VPC with some valuable assets, and that was compromised and commandeered by a state-level threat actor? Is it still "your hardware, your choice"? Or do your bad choices affect other people as well?
devrandoom|9 months ago
fransje26|9 months ago
Hilift|9 months ago
If you are an EDR vendor, this is an obfuscated API call that EDR vendors can use to suppress or disable the Windows Firewall. CrowdStrike for example, can do either I believe, use Windows Firewall or use their implementation.
xyst|9 months ago
Simple as that.
AStonesThrow|9 months ago
Perhaps your hardware, when connected to a network, has real effects on the rest of that network. What if your system joined a botnet and began DDOS activities for payment? What if your system was part of a residential proxy network, and could be rented in the grey market for any kind of use or abuse of others' systems? What if your system became a host for CSAM or copyright-violating materials, unbeknownst to you, until the authorities confiscated it?
And what if your hardware had a special privileged location on a corporate network, or you operated a VPC with some valuable assets, and that was compromised and commandeered by a state-level threat actor? Is it still "your hardware, your choice"? Or do your bad choices affect other people as well?
nicman23|9 months ago
i do not care for anyone baby sitting me telling me that netcat.exe is a no no
ahoka|9 months ago