14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Hi,
We're aware of the stuff that happened today. We see your messages (and cat pictures). Tomorrow we'll review the stuff on the alleged* Ticketmaster hacker and the new information released on him. We'll review the Spotify stuff too.
Love you,
- smelly
Listening to James Elliot from MSTC discuss the "Triple Threat" of North Korean IT workers a/k/a Ruby Sleet via CYBERWARCON.
We've learned a lot about their methods of applying for jobs, their templates and portfolios, how they use AI for faking images, etc. Included in this is how North Korea pays United States citizens to receive laptops for them, keeping them plugged in and alive — the "laptop farms".
In August, 2024, the United States Federal Bureau of Investigation took down a North Korean "laptop farm" for their IT workers which housed over 800 proxies.
tl;dr if you're new to information security (or IT in general) and say you can't get a job, you're doing something wrong.
tl;dr tl;dr the north koreans took your job
Today at CYBERWARCON we watched arguably one of the most interesting talks we've seen in awhile.
Steven Adair gave a nearly 1 hour presentation regarding APT28's "Nearest Neighbor Attack". In summary, because it was a long and wild story, APT28 successfully compromised one of their clients by compromising a company across the street from the client.
APT28, presumably unable to compromise their target, compromised a company across the street from the target. Then, using a combination of attacks including a 0day exploit, moved laterally across the street pivoting from WiFi. Yes, APT28 daisy chained their way to the target by WiFi. Subsequent to the compromise they primarily lived off the land and covered their tracks using CIPHER.exe
Volexity has released the paper on the talk. However, the paper does not truly do justice to the attack and does not truly emphasize the complexity of the attack. If you ever have a chance, watch the video.
Paper: https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/
This is not pronounced like "MAGA". It's pronounced like: "Mmmmmm. Aga". The double M's are pronounced like you just ate a delicious slice of pizza. The "Aga" part is pronounced like you're stuck in traffic — a strenuous sigh almost.
It's shrimple.
Broke the news so fast they didn't have time to activate Windows
Читать полностью…
This is such an oddly specific joke, it's not even funny but it had to be shared
Читать полностью…
Another funny story: I got malware (again) from trying to download "hacks" for Halo 2. I couldn't find the malware (again) so I randomly uninstalled software from the Control Panel. I uninstalled the audio drivers and network drivers. This didn't fix it.
- smelly
Today the United States Department of Justice unsealed criminal charges brought against 5 people.
- Ahmed Hossam Eldin Elbadawy, 23, a/k/a "AD", of College Station, Texas
- Noah Michael Urban, 20, a/k/a "Sosa" and "Elijah", of Palm Coast, Florida
- Evans Onyeaka Osiebo, 20, of Dallas, Texas
- Joel Martin Evans, 25, a/k/a "joeleoli", of Jacksonville, North Carolina
- Tyler Robert Buchanan, 22, of the United Kingdom
The individuals are accused of performing phishing and/or social engineering attacks which resulted in the theft of millions of dollars.
More information: https://www.justice.gov/usao-cdca/pr/5-defendants-charged-federally-running-scheme-targeted-victim-companies-phishing-text
🚨 BREAKING 🚨
MICROSOFT HAS JUST DISCOVERED VDI'S AND THIN CLIENTS. THIS IS NOT A DRILL!!!!
Yeah, we rip on Microsoft a lot. But for each feature they add, they're just expanding the Threat Landscape in corporate environments (and potentially homeusers).
Should we be more optimistic? Maybe.
Are we optimistic? Hell nah
The United States Department of Justice is pushing Google to sell Google Chrome to break their search monopoly (not official yet, but Google is probably big mad).
More information:
https://www.bloomberg.com/news/articles/2024-11-18/doj-will-push-google-to-sell-off-chrome-to-break-search-monopoly
> read about windows 11 share button thingy
> can this be abused? tl;dr yes, duh
> research
> shobjidl_core!IDataTransferManagerInterop
> research
> Raymond Chen wrote about this in 2017
> first added to windows shell as dumb button
> bonus chatter is indeed accurate
Windows 11 will be adding the Share button to the Start Menu and Taskbar. This is excellent news for people who are unfamiliar with CTRL-C + CTRL-V. Additionally, this introduces another method for data exfiltration
Very cool
https://www.bleepingcomputer.com/news/microsoft/windows-11-is-adding-a-share-button-to-the-start-menu-and-taskbar/
We once considering partnering with some YouTuber to do some funny videos or something, just meme-ing stuff, make it entertaining. Then we realized that's too much work and we'd rather just keep falling into nothingness (reading msdn)
Читать полностью…
Yesterday night (or early morning November 22nd depending on where you reside), it was unveiled an unknown Threat Actor(s) had compromised Andrew Tate's online university, dubbed "The Real World (Hustler's University)".
Note(s):
1. The content was given to non-profit organization DDoSecrets (unable to tag on X due to their account being suspended) and is available for anyone to review
2. Upon compromise (and exfiltration of data, presumably), the individual(s) responsible for the compromise inserted pro-transgender emojis onto the site and uploaded AI photos of Andrew Tate with a transgender flag. The compromise of Andrew Tate's website appears to be ideologically motivated, not financially motivated
3. Upon review of the compromised data we spotted some inconsistencies with reporting from media outlets. Some media outlets have stated the stolen data contains over 325,000 user email addresses. However, upon review we do not see email addresses UNLESS the users actual username on the website was their email address. We only spotted a few thousand (see image 1)
The file in the leaked, "users.json", contains the following:
- Unique UserID
- Username
- External UserID
- Score (reputation)
- Coin balance (forum based currency)
- Server (unsure)
- "User" (unsure)
- Join Date
- Roles
Other fields visible, which appear to be optional entries based on users interaction with the website:
- Profile content
- "Learnv2"
- Avatar
Also present in the compromise is chat logs from both public and private rooms. These rooms include:
- AI Automation
- Business Mastery
- Content Creation & AI Campus
- Copywriting
- Crypto DeFi
- Crypto Trading
- Cryptocurrency Investing
- ECommerce
- Fitness
- Hustler's Campus
- Social Media & Client Acquisition
- The Real World
Each room described has a both public and private variant. We briefly skimmed the contents of these and can confirm they have unfathomable amounts of chat logs and conversations. In the spirit of full disclosure: we are not going to review and/or read these chat logs. They are massive. In summary: the dumped conversations are legit.
As a disclaimer: it may be possible that email addresses and more sensitive information is in the chat logs. We have not reviewed this in totality to confirm that (we don't feel like it).
Update: CYBERWARCON is now holding us hostage. They have done talks back-to-back, no time to get snacks or use the restroom.
We have ripped up the carpet and starting gnawing on the adhesives for nutrients. We have resorted to urinating in our pants.
"my computer harddrive is surrounded by tannerite. if the FBI raids me my harddrive will explode and they'll have no evidence"
Wow. Bravo. You'll be investigated by the FBI and the ATF.
2 birds with 1 stone. Brilliant tactics.
Removed post about Google having to sell Chrome. It was slightly misleading.
tl;dr will be confirmed or denied Summer 2025 by the courts.
unrelated to malware, but need to kitty post (dont feel like pushing to prod)
Читать полностью…
regular programmers: int x = 0;
malware programmers: DWORD dwIncrementalExportAddressTableEnumerationIndexer = 0;
When I was a teenager, I infected my personal computer trying to download "mods" for Windows XP. I couldn't find the malware (I only checked My Documents), so I thought the malware was in my modem. I convinced my parents to buy a new modem. It didn't fix it.
- smelly
APT28 and APT29 listenin' to Eminem - "Without Me" as we speak
Читать полностью…
Microsoft CEO Satya Nadella greeting the Red Teamers after Microsoft Ignite 2024 (they can now clone target voices)
Читать полностью…
Satya Nadella is literally the VIP for Threat Actors and Red Teamers.
Thanks to new Microsoft Teams technologies, you can now clone your voice ... so you can speak to others in a different language!
Ever be North Korean but want to sound American? It's now possible!
https://techcrunch.com/2024/11/19/soon-microsoft-will-let-teams-meeting-attendees-clone-their-voices/
Infamous rapper and (alleged) (innocent?) money launderer Heather "Razzlekhan" Morgan is in a positive mood.
Shout-out to her and her legal team (we're trying to get her autograph)
Thanks to Microsoft share we can now easily exfiltrate data with just a few clicks of a button. Or, we can just automate the task in C/C++ (or any language) and mass e-mail ourselves data.
very cool
NOTE: Someone pointed out this graph is slightly incorrect, and they're correct with that assessment. ChatGPT went public in November, 2022. We misread this chart — it says November, 2021 (not 2022, oops).
Further research shows a continual decline in StackOverflow usage since 2018. However, upon ChatGPT release, StackOverflow really felt a blow to it's traffic and userbase.
More information: https://www.i-programmer.info/news/99-professional/16487-stack-overflow-announces-ai-powered-features.html
> get flooded with noob questions about malware
> nbd, we all been noobs
> consider replying
> too_much_effort.jpg
> consider making thing explaining malware basics
> too_much_effort.svg
We hope someone else does it. Not even coding, just core concepts and how stuff works