vx-underground

22 Jul 2024 18:50

> open xitter
> see long winded rants about kernel mode drivers
> see long winded rants about crowdstrike
> see long winded rants about malware

vx-underground

21 Jul 2024 14:23

Hello, how are you?

Today is the day of rest.

We hope all of you can find some time to relax too — it's been a chaotic week.

We'll see all of you on Monday.

vx-underground

21 Jul 2024 00:14

We've updated the vx-underground malware collection. We have decided to include the recent faulty CrowdStrike drivers which caused 'boot-loops' for users. We believe it serves some historic and/or educational value to researchers or students. We have titled it "Win32.CrowdStruck". It is in the families directory.

- VirusSign.2024.07.13
- VirusSign.2024.07.14
- VirusSign.2024.07.15
- VirusSign.2024.07.16
- VirusSign.2024.07.17
- VirusSign.2024.07.18
- InTheWild.0129
- Win32.CrowdStruck
- CryptoMixRansomware
- AsyncRAT
- ClipBanker
- ProLock
- ThanosRansomware
- Redline
- Vidar
- Sality
- StealC
- RhadamanthysLoader
- RecordBreaker
- NjRAT
- LummaStealer
- PureLogStealer
- CobaltStrike

vx-underground

20 Jul 2024 22:47

Today Microsoft reported that they believe the CrowdStrike bug has impacted roughly 8,500,000 computers.

https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/

vx-underground

20 Jul 2024 16:52

We have deleted our post addressing the conspiracy theories about the CrowdStrike thing.

We were bombarded with comments and political fighting.

It's Saturday and we're not going to deal with this shit on our weekend. We'll let someone else do it.

vx-underground

20 Jul 2024 15:05

We've seen a lot of questions about the CrowdStrike thing.

- No, this wasn't planned by CrowdStrike and Microsoft to force people to Windows 11. This didn't impact home users.

- No, this was not a test run to interfere with the United States election. This was worldwide. CrowdStrike isn't ran by the Biden administration.

- No, this was not a cyber attack. It was bad quality assurance testing on CrowdStrike's end.

- No, this wasn't performed to censor people on social media. This did not impact social media.

- No, this was not a result of DEI. We don't even understand how DEI is even remotely related to this, so if you think this is related to DEI you've probably got a concussion and need medical treatment.

- No, Elon Musk did not remove CrowdStrike from his computer before this happened. We have no idea what security product Elon Musk's companies use.

vx-underground

20 Jul 2024 00:54

One of the nerds who popped MGM (a member of Scattered Spider) was arrested in the UK. He was 17.

We posted about it, shared the link, but everyone is still pissing on CrowdStrike so we'll talk about it on Monday or something.

vx-underground

19 Jul 2024 20:40

> get phone call
> answer phone
> "hey have you heard about a cyber security company called CrowdStrike?'
> "nope, never heard of her"
> hang up

Don't explain this to non-nerds. They won't understand it and they'll get scared.

vx-underground

19 Jul 2024 17:51

tfw your company doesn't use CrowdStrike

vx-underground

19 Jul 2024 17:11

Leaked footage of CrowdStrike's legal department this morning

vx-underground

19 Jul 2024 16:43

In all seriousness, we offer our most sincere condolences to our friends and colleagues who work at CrowdStrike.

We're sorry we're memeing so hard — but the situation is so unbelievably bad it's borderline satire.

vx-underground

19 Jul 2024 16:04

The office printer seeing the IT Team trying to print thousands of BitLocker keys

vx-underground

19 Jul 2024 15:26

We apologize to the many people who follow us online.

Instead of doing our regular malware sample family updates and pushing new papers, we're going to meme this CrowdStrike thing until we develop arthritis.

vx-underground

19 Jul 2024 15:11

CrowdStrike cooked SkyNews. They're trying to do the news with no computers.

vx-underground

19 Jul 2024 14:47

How to fix the Crowdstrike thing:

1. Boot Windows into safe mode
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Delete C-00000291*.sys
4. Repeat for every host in your enterprise network including remote workers
5. If you're using BitLocker jump off a bridge

vx-underground

22 Jul 2024 16:26

Good morning,

After we took Sunday off we anticipated things would calm down a little. We were wrong. There has been more arrests, the CrowdStrike fire is still burning, and the arguing about CrowdStrike continues.

😭😭😭

vx-underground

21 Jul 2024 06:14

POV: you scroll the comment section of literally any Xitter post discussing CrowdStrike (someone is going to make it weirdly political and mention an acronym starting with the letter 'D')

vx-underground

20 Jul 2024 22:51

To put that into perspective: that is nearly x3 the amount of the entire Linux user baser.

Haha just kidding:) we just wanted to make a jab at Linux nerds because they keep spamming "THIS IS THE YEAR OF THE LINUX DESKTOP"

vx-underground

20 Jul 2024 17:55

Logging into Xitter and seeing thousands upon thousands of people, who have never written a single line of code their entire life and can barely use a computer, giving their expert input into kernel-mode programming

vx-underground

20 Jul 2024 16:23

We somehow missed a semi-undocumented CrowdStrike EDR disable* technique that was unveiled in 2022.

It requires administrative access. This makes it more difficult to perform in enterprise environments.

Jonas Lyk discovered the CrowdStrike minifilter did not catch NtCreateFile when the FILE_APPEND_DATA access mask was present. It was possible to open a CrowdStrike driver with FILE_APPEND_DATA and append an additional byte to the driver opened.

When rebooting the machine, the driver signature would not match and CrowdStrike would not load.

vx-underground

20 Jul 2024 04:40

We're coming across more and more Threat Actors who are children – some as young as 14 years old.

vx-underground

19 Jul 2024 23:15

Just saw KitKat bars and Duolingo making BSOD jokes.

Wtf CrowdStrike you've ruined everything and it's only getting worse

vx-underground

19 Jul 2024 18:03

CrowdStike PR trying to apologize to enraged IT nerds

vx-underground

19 Jul 2024 17:36

"We need you to come info the office and help us find all the BitLocker keys"

vx-underground

19 Jul 2024 16:53

We thought like, maybe a big ransomware incident, or a data leak.

We didn't expect arguably one of the largest IT outages in history caused by arguably one of the largest cybersecurity companies in history.

¯\_(ツ)_/¯

vx-underground

19 Jul 2024 16:05

The IT team when they realize they're out of ink and need to handwrite them

vx-underground

19 Jul 2024 15:36

Stock exchange opened. It appears CrowdStrike share holders are relatively concerned.

vx-underground

19 Jul 2024 15:13

CrowdStrike cooked airports in India. They're issuing handwritten boarding passes

vx-underground

19 Jul 2024 15:09

CrowdStrike cooked the Los Angeles International Airport

Even non-nerds freaking out – they think it's some massive 1337 hack (it's just bad coding).

vx-underground

19 Jul 2024 14:42

Threat Actors today wondering where the hell all their compromised hosts went