>>91995

>>91998

Ron is doing a live first look comparison of a before a dominion employee "updated" the voting machine disk image and an after the dominion "update" disk image

they say they have gotten a hold of these images 2 days ago

Ron doesn't seem to be a Windows guy, but is still trying to look at config files and filesystem differences

they are probably doing this in part to show the audience attendee (state legislators, etc.) how it's done

unless they already know what to look for

audience is spitballing ideas, and Ron is looking for what he can

easier said then done, doing that before a live audience, without access to proper doc

a full analysis will probably take a lot more time

they say it typically takes at least 2 weeks

but they already found out that a bunch of logs went poof

does any of you guys know if there is a full video recording of yesterday's conference?

RSBN said they would upload them on their rumble, but they didn't (yet?)

they deleted the SQL Server databases too apparently

>>92005

>All data still on drive, just the "map" to the data is destroyed.

as they say, it is not certain

they could have nuked the free space when they did their "update"/wipe

it's easy to do

they could also have just dd'ed a disk image to the drives, in which case it is very likely that a lot of sectors of the drives that were holding the missing data would have then been overwritten in the process

that's one of the possibilities they were considering a few minutes ago

>>92005

>>92008

fortunately in this case, they don't need to, since they have a 'before' and an 'after' image of the disk

however, they are informing the legislature representatives from the 47 states that this could happen, and that's why they need to put create laws mandating regular backups, in particular around the dates of the election

but also everytime Dominion is doing "updates"

10/19/2020

"removing hardening of the server"

kek, removing the security protections right before the election

>>92015

written in a batch file

"SQL server dehardening" written in the script!!!

if this is confirmed, this is huge!

zoom on the script

can anyone read what's written?

I can see "restrictions disabled"

>>92020

I think they're doing this session as a demonstration for the people in attendance

it gives a chance for the non tech people to get a good impression of what the process involves, so that it's not completely incomprehensible

I'm sure they're going to do a full analysis off stage, with much more sophisticated tools

>>92016

write random data on the whole surface of a spinning HD several times in a row, and the data is gone

that's what written in the NIST security guidelines

the more iterations of random data, the less likely it becomes you can recover anything

who knows if the NSA has secret technology to still be able to recover something, but seems unlikely

SSD are different too

haha, Ron:

"RemoveRestrictions.bat, sounds bad"

>>92029

screenshot of "RemoveRestrictions.bat"

>>92031

I know what you mean

but files can be zeroed in place without formatting

a simple example

shred –zero -iterations=1 file

files can also be overwritten in place by random data without formatting

shred iterations=3 random-source=/dev/urandom file

if actor has admin access, can also byte edit filesystem transaction logs

and so on

competent hacker can remove all traces from deletion (not saying that happened here)

but in any case, I'm sure they will have very competent forensic analysts working on it

>>92043

>>92042

that symposium is as huge as Lindell promised

better than just the packet captures!

better screenshot of the batch file

>>92050

attempt at transcribing the batch file

@ECHO OFF & setlocal enablextensionsecho --Removing Security Restrictions--secedit /configure /db %temp%\temp.sdb /cfg %~dp0W52016.inf /overwrite /quietxcopy %~dp0GRO*.* %windir%\System32\GroupPolicy /s /yREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing" /f /v State /L REG_DWORD /d 0x00025...:: if %errorlevel% neq 0 pauseecho --Critical restrictions disabled--ECHO Setting Registry value that indicates the current hardening stateREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Dominion Voting Systems\EMS\Settings" /f /v Hardened /t REG_SZ /d "Dehardened WS2016"ECHO --SQL Server de-hardening--REG ADD "HKEY LOCAL MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQLServer\SuperSocketNetLib" /z /v ForceEncryption /t REG_DWORD "0"NET STOP MSSQLSERVER /yNET START MSSQLSERVERNET START SQLSERVERAGENT

>>92050

>>92053

explanation of what it does just given by Ron:

line 4 overrides config database

line 5 changes policy

line 6 sets new trusted provider for the user

line 10 disables protection on the Dominion databases

line 12 disables encryption on all the databases

line 13, 14 & 15 restarts the SQL Server

>>92054

these morons left their script on the machine POST WIPE!

deese people are stoopid

CM

https://t.me/CodeMonkeyZ/1112

Finished for now.

Im not a windows admin, but tried to get through as much of the directory tree as I could while pointing out some weird things along the way.

It is my understanding that this file is public and that there is a download link somewhere… if I find the link I will publish it here and then you guys can all start to dig in and look around too.

>>92057

>what type of forensics if left from that process?

digging really hard in case the hacker made a mistake?

some filesystem metadata that was not properly faked, indicating tampering, etc.

Time to warm up the torrent machines!

https://t.me/CodeMonkeyZ/1114

I have been told that these are the server images that I was reviewing just now during Mike Lindell's Cyber Symposium.

magnet:?xt=urn:btih:dc654b50ec08a8ad5d8f6275f9cd4fcae29686c1&dn=CnuDA4EHJS0glXNC.zip&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannouncemagnet:?xt=urn:btih:ef534e78bbe71b3908ccf074d6d40077a3a63074&dn=ic9WLQaUKTRWV2Sv.zip&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce

https://t.me/CodeMonkeyZ/1115

Hmm… what is a magnet link..?

no seeds at the moment it seems

https://t.me/CodeMonkeyZ/1116

Seems nobody is seeding those torrents.

Maybe the seed will come back later.

>>92063

it could just mean that the people that have the full files are not online to "seed the torrent" at the moment

the magnet link is valid independent of their connection status

once they will come online, they will start distributing the data to the users that are waiting on this torrent

after the initial data transfer between the original seeders and the other peers will have been completed, many other users will be able to seed themselves

what we're waiting for, is the initial seed

>>92063

https://t.me/CodeMonkeyZ/1118

After the seeder of that data comes back, ill make a message and let you guys know.

>>92063

a "seeder" is someone that has the full set of data

>>92067

wipe and install a linux?

wowza, the day might not be over yet!

https://t.me/RealSKeshel/873

#warheadsonforeheads

I am going to be breaking some very big news at 4 PM when I take the stage.

Stay tuned.

for KEK's sake!

https://www.dailymail.co.uk/news/article-9881213/Unearthed-video-shows-naked-Hunter-Biden-claiming-Russian-drug-dealers-stole-laptop.html

EXCLUSIVE: 'The Russians have videos of me doing crazy f***ing sex!' Hunter Biden is seen in unearthed footage telling a prostitute that Russian drug dealers stole ANOTHER of his laptops for blackmail while he was close to overdosing in a Vegas hotel room

WARNING: EXPLICIT CONTENT

Hunter Biden claims Russian drug dealers stole another one of his laptops for blackmail while he was drugged out in a Vegas hotel room in 2018

Video obtained by DailyMail.com shows Hunter with a naked hooker in 2019 after filming a sex tape and explaining how he believed his laptop was stolen

Hunter left the camera rolling as he recounted a Las Vegas bender in which he spent '18 days going round from penthouse suite to penthouse suite'

The incident would mean Hunter lost a total of three computers, each likely to hold sensitive information on President Joe Biden

The laptops contain embarrassing pictures, videos and communications of the president's son

'They have videos of me doing this,' he said, referring to the filmed sex he just finished. 'They have videos of me doing crazy fing sex fing, you know'

Hunter's claims also raise the possibility that he was targeted as a vulnerable conduit to Joe Biden as part of a foreign intelligence operation

>>92071

>>92073

>>92071

>>92074

>>92071

>>92076

can't help you with Windows

Windows = malware

I only run it in a properly segregated VM if I need it for some reason

"Hunter is the smartest guy I know"

>>92081

well, you can use it to do Windows stuff

just don't use it to do personal stuff, and don't network it with your other computers

https://t.me/CodeMonkeyZ/1121

Was the DOMINION EMS server in your district artificially WEAKENED?

Why does Dominion have a function that purposefully opens their servers up to cyber attack?

Is this part of the “trade secrets” that Dominion so desperately tries to hide?

>>92083

https://t.me/CodeMonkeyZ/1122

Forwarded from SkyNet Platforms

I have a security+ certification and 23+ years in IT/IS professionally, 35 years total.

That screenshot CMZ posted is a script to disable security features on windows and apply an unsecure "group policy" to the windows system that 'dehardens" it (eg: removes security settingSs) — included is a setting that exposes remote logon and file sharing vulterabilities by removing certificate-validation (untrusted logon sources) for file-share, remote-desktop and remote administration (RPC). This setting is ONLY needed for network connected systems - and, the setting itself creates a system vulnerability highly targeted by hackers for remote exploits (rootkits, code execution, machine reconfiguration, file sharing access, etc) It then stops and starts sql server.

The group policy file referenced is unknown (eg: no sample provided by CMZ), but based on the script ffile comments it likely does other things that remove security features.

@CodeMonkeyZ feel free to DM me if you need any more information - I saw your magnet links and could analyze it further if needed. I have strong credentials, re: long-time big-tech, government and private-sector tech who is in the top 1% of the field. This includes experience with content-moderation systems and how the platforms use them.

I can also tell you that considering machine configurations are included with "certified" election systems, that running this would contramand that regulatory requirement (no config changes without audit trail and oversight) and unless those scripts / components are listed in the certification as "allowed, for approved maintenance operations" they are rogue and their presence (even absent execution) would decertify the system.

https://t.me/MarkFinchemAZ/448

From the Cyber Symposium in Sioux Falls.

Mesa County Colorado Recorder confirmed active erasure of evidence from Dominion systems, but by Dominion not her office. The County Recorder made a forensic copy because she believed that something nefarious was about to happen at the hands of the Colorado Secretary of State. That’s right, proof beyond PCAP, there was forensic evidence that was actively erased, which is a violation by Dominion and the Colorado Secretary of State.

Dr. Shiva dropping bombshells

>>92087

damn

>>92088

agreed

seems the serious stuff is starting out on all fronts

the month of AUGUST is traditionally a really HOT month?

Seth Keshel announcement:

Greg Abott is going to implement in Texas the law Keshel put together