vx-underground

16 Nov 2024 23:36

United States Politician Rand Paul wants to cut, or entirely eliminate, the United States Cybersecurity and Infrastructure Security Agency (CISA).

He said: “While it’s unlikely we could get rid of CISA, we survived for what, 248 years without them”

https://www.politico.com/news/2024/11/14/rand-paul-kneecap-cisa-00189698

vx-underground

16 Nov 2024 23:19

Hosting virus-dot-exchange with several thousand active daily users (for free) and being integrated into several APIs (for free) is wildly expensive.

One of these days we're gonna snap, delete all of it, and just start selling fruit on the side of a busy intersection

vx-underground

16 Nov 2024 06:48

> netflix down for everyone
> netflix comes back up
> *buffering*

First image shown:

vx-underground

16 Nov 2024 04:52

Is Netflix using Envoy proxy? 🤔

vx-underground

16 Nov 2024 04:27

Netflix servers right now trying to deliver Paul vs Tyson (their infrastructure is 1 old computer in a basement)

vx-underground

16 Nov 2024 04:07

Our server bills this month were over $1400

vx-underground

15 Nov 2024 16:57

RansomHub ransomware group claims to have ransomed... the Mexico government?

vx-underground

15 Nov 2024 15:53

EDIT: Heather Morgan, an individual found guilty of laundering $4,500,000,000 in Bitcoin cryptocurrency, HAS NOT BEEN SENTENCED yet. Her husband was sentenced to 5 years in prison for his role in the operation.

Regardless, here is her hip-hop alter-ego "razzlekhan".

vx-underground

14 Nov 2024 15:30

Show us someone using a "hacker" cheatsheet and we'll show you someone who doesn't watch anime.

vx-underground

14 Nov 2024 13:49

Me: Hey Google, can you tell me some musicians that sound similar to Linkin Park?

Google:

vx-underground

14 Nov 2024 12:17

Security researcher Cristian Cornea authored a fake ransomware builder dubbed Jinn ransomware builder.

It was a fake Builder — it was actually a payload.

It infected over 100 people on Breached.

https://corneacristian.medium.com/how-i-hacked-100-hackers-5c3c313e8a1a

vx-underground

13 Nov 2024 21:21

Yes, he was the person who named the Minecraft chatroom "Thug Shaker Central".

vx-underground

13 Nov 2024 17:34

boomers in the 90s: ppl will try to take advantage of you, so be careful

boomers now: believes everything on facebook

vx-underground

13 Nov 2024 13:21

Some of these Cybersecurity career advice and/or Cybersecurity career influencers should be beaten over the head with an old CRT monitor.

vx-underground

13 Nov 2024 04:52

Latest additions to vx-underground.

Read them.

2015-08-12 - Stealth Techniques - Hiding Files in the Registry
2015-08-20 - Manually Enumerating Process Modules
2015-12-05 - Abusing WMI To Build A Persistent Asynchronous And Fileless Backdoor
2019-12-17 - Calling Local Windows RPC Servers from NET
2021-02-27 - Windows object permissions as a backdoor
2021-10-21 - Windows Exploitation Tricks - Relaying DCOM Authentication
2024-01-31 - Abusing the GPU for Malware with OpenCL
2024-04-19 - Detecting Sandboxes Without Syscalls
2024-09-12 - Proof of Concept - Transforming an EXE or DLL to Shellcode
2024-09-13 - ScriptBlock Smuggling
2024-09-16 - Kernel ETW is the best ETW
2024-09-20 - Anti-Anti-Rootkit Techniques - Part II Stomped Drivers and Hidden Threads
2024-09-28 - Notes on unprivileged access to Bitlocker
2024-10-04 - Notes on xWizard.exe and xWizards.dll
2024-10-09 - XBL Live Game Save DCOM for lateral movement
2024-10-22 - Offensive Groovy programming.pdf
2024-10-22 - Reading BitLocker numerical passwords via API
2024-10-24 - EmbedPayloadInPng
2024-10-27 - ExecutePeFromPngViaLNK
2024-10-30 - EV code signing with pfx in 2024
2024-10-31 - SysVEHSyscalls in Rust
2024-11-09 - Structured Storage and Compound Files.pdf
2024-11-09 - Using VBS enclaves for anti-cheat purposes.pdf

vx-underground

16 Nov 2024 23:30

Just joking. But vx-underground started as a website to 'save cool papers' I liked. Now it's this monster with lots of servers, and code, and hosting, and people, and things, and clothes, and followers, and news. I'm like, what the hell is going on? Anyway, pushing stuff soon

vx-underground

16 Nov 2024 19:45

T-Mobile has confirmed they've been compromised (again). This time it was slightly different — they were compromised by Chinese state-sponsored Threat Actors.

The United States Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) put out a statement regarding the matter on November 13th.

This makes this the 9th time T-Mobile (or a T-Mobile partner) has been compromised since 2019. We've actually lost count on the number of compromises, but thankfully BleepingComputer has archived and/or documented them really well.

Our hearts go out to the cybersecurity employees at T-Mobile. Following some of the more recent breaches we became familiar with some of the employees there and the difference they're trying to make with the organization. We wholeheartedly believe they're trying to improve the security posture of the organization... but APT Salt Typhoon a/k/a UNC2286 is a heavy hitter and is no joke.

vx-underground

16 Nov 2024 04:59

Netflix network engineers resolving the lag customers are experiencing

vx-underground

16 Nov 2024 04:50

Netflix servers trying to deliver Paul vs Tyson (this is what we're actually seeing right now)

vx-underground

16 Nov 2024 04:08

(that's a lot for us)

vx-underground

15 Nov 2024 18:13

> get contacted by person
> they ask if we can give a testimonial for their work
> ignore
> get contacted by person again
> send them picture of cat
> *fast forward 3 months*

vx-underground

15 Nov 2024 15:59

Misread things, sorry.

We love sharing this video as often as we can. It is absolutely hysterical that this person was involved in laundering billions of dollars.

vx-underground

14 Nov 2024 18:21

Club31337 has returned to Telegram

/channel/club31337

vx-underground

14 Nov 2024 13:50

Me: Okay, so like, y'know, Google is an IPv4, IPv6, Linux system. It is a 4x4 bilateral system and it can't be split, okay?

vx-underground

14 Nov 2024 13:14

Cristian Cornea was correct in his statement that some Threat Intelligence analysts fell for this ... 'honeypot'. We advise people do their due diligence when discussing anything said on forums (people lie, do honeypots, watch anime)

vx-underground

14 Nov 2024 01:13

Ignore previous spam. Telegram won't let me copy-pasta a Linux schizo copy-pasta.

Here is a photo of a cat instead.

vx-underground

13 Nov 2024 21:15

Jack Teixeira, the United States military intelligence analyst who leaked classified military documents onto a Minecraft Discord, has been sentenced to 15 years in prison.

vx-underground

13 Nov 2024 15:32

Updates to our Malware Analysis collection.

It's too big for a Telegram post, so just read the text file.

vx-underground

13 Nov 2024 04:59

Our Telegram channel's bank account continues to grow.

We now possess over $1,200 in some weird magical Telegram cryptocurrency we cannot use because it is not available in the United States.

Crime pays — Telegram is letting Threat Actors advertise on our posts

¯\_(ツ)_/¯

vx-underground

12 Nov 2024 22:34

Today alexocheema from exolabs reported an unknown Threat Actor trying to slipstream a malware payload into their GitHub repo (image 1).

Interestingly, Malcoreio identified the exact same note & code was also slipstreamed (or attempted to be slipstreamed) into other GitHub repos too (image 2).

The GitHub profile which tried to insert the payload into Exolab was "EvilDojo666". The GitHub profile name identified by Malcore was "Darkmage666" (image 3).

One of the targets was yt-dlp. Those bastards.

tl;dr campaign