14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Security researcher Cristian Cornea authored a fake ransomware builder dubbed Jinn ransomware builder.
It was a fake Builder — it was actually a payload.
It infected over 100 people on Breached.
https://corneacristian.medium.com/how-i-hacked-100-hackers-5c3c313e8a1a
Yes, he was the person who named the Minecraft chatroom "Thug Shaker Central".
Читать полностью…
boomers in the 90s: ppl will try to take advantage of you, so be careful
boomers now: believes everything on facebook
Some of these Cybersecurity career advice and/or Cybersecurity career influencers should be beaten over the head with an old CRT monitor.
Читать полностью…
Latest additions to vx-underground.
Read them.
2015-08-12 - Stealth Techniques - Hiding Files in the Registry
2015-08-20 - Manually Enumerating Process Modules
2015-12-05 - Abusing WMI To Build A Persistent Asynchronous And Fileless Backdoor
2019-12-17 - Calling Local Windows RPC Servers from NET
2021-02-27 - Windows object permissions as a backdoor
2021-10-21 - Windows Exploitation Tricks - Relaying DCOM Authentication
2024-01-31 - Abusing the GPU for Malware with OpenCL
2024-04-19 - Detecting Sandboxes Without Syscalls
2024-09-12 - Proof of Concept - Transforming an EXE or DLL to Shellcode
2024-09-13 - ScriptBlock Smuggling
2024-09-16 - Kernel ETW is the best ETW
2024-09-20 - Anti-Anti-Rootkit Techniques - Part II Stomped Drivers and Hidden Threads
2024-09-28 - Notes on unprivileged access to Bitlocker
2024-10-04 - Notes on xWizard.exe and xWizards.dll
2024-10-09 - XBL Live Game Save DCOM for lateral movement
2024-10-22 - Offensive Groovy programming.pdf
2024-10-22 - Reading BitLocker numerical passwords via API
2024-10-24 - EmbedPayloadInPng
2024-10-27 - ExecutePeFromPngViaLNK
2024-10-30 - EV code signing with pfx in 2024
2024-10-31 - SysVEHSyscalls in Rust
2024-11-09 - Structured Storage and Compound Files.pdf
2024-11-09 - Using VBS enclaves for anti-cheat purposes.pdf
Following this post we received quite a bit of comments and messages. People unfamiliar with us seem to be under the impression we don't know what a computer is.
You're correct — we don't know anything about these computers and these series of tubes. Please help.
More details have emerged regarding the person alleged to be responsible for the Snowflake breach.
Connor Riley Moucka a/k/a Alexander Antonin Moucka a/k/a judische a/k/a catist a/k/a waifu a/k/a ellyel8 is facing the following charges:
1 count of Conspiracy 18 U.S.C. § 371 - conspiracy to commit an offense or to defraud the United States.
Maximum punishment is 5 years in federal prison.
5 counts of Computer Fraud and Abuse 18 U.S.C. § 1030(a)(2)(C) & 18 U.S.C. § 1030(c)(2)(B)(i)-(iii) - Intentionally access a computer without authorization or exceed authorized access with additional relations of:
i) The offense was committed for purposes of commercial advantage or private financial gain.
ii) Committed in furtherance of any criminal or tortious act, in violation of the Constitution or laws of the United States or any state.
iii) The value of the information obtained exceeds $5,000.
Maximum punish is 5 years in prison, 10 years in prison for repeat offenders.
2 counts of Extortion in Relation to Computer Fraud 18 U.S.C. § 1030(a)(7)(B) & 18 U.S.C. § 1030(c)(3)(A) - the Computer Fraud and Abuse Act (CFAA) that address extortion involving computers.
Maximum punish is 5 years in prison.
10 counts of Wire Fraud 18 U.S.C. § 1343 & 18 U.S.C. § 2 - Deceive or defraud someone to obtain money or property by means of false or fraudulent pretenses, representations, or promises and aiding and abetting.
Maximum punishment is 20 years in prison.
2 counts of Aggravated Identity Theft 18 U.S.C. § 1028A(a)(1) & 18 U.S.C. § 2 - Knowingly use, transfer, or possess another person’s means of identification without lawful authority during and in relation to certain felony offenses and aiding and abetting.
Maximum punishment is 2 years in prison, repeat offenders face 5 years in prison.
Connor Riley Moucka, if found guilty, is facing a maximum sentence of 275 years in prison.
The charges placed against Connor Riley Moucka a/k/a Alexander Antonin Moucka a/k/a judische a/k/a catist a/k/a waifu a/k/a ellyel8, the person alleged to be responsible for the Snowflake breach, is so large and extensive, it is difficult to make in a post.
Читать полностью…
We just became a yearly subscriber to 404 Media
This small group of people have some how been covering news related to government drama (non-political), privacy news, cybercrime news, malware news, internet oopsie news.
The underdogs are killin' it.
tl;dr support small biz
404mediaco spoke with Amazon today. Amazon has confirmed the legitimacy of the data breach.
We now understand why their CEO has made workers return back to the office — if you saw how much Amazon pays in office rent a year, your head would explode.
https://www.404media.co/amazon-confirms-breach-of-employee-data/
Someone sent us an e-mail saying they have some malware samples they can send us.
We eagerly replied and thanked them.
They replied saying the samples "are for sale" and asked how much we'd pay for them.
tl;dr 1st lesson of cybersecurity, verify your identity to bishopfox without detonating malware on your machine (we failed)
Читать полностью…
Registering on a website and trying to calculate the probability of it being compromised (use a burner e-mail or the real e-mail)
Читать полностью…
Hey Alexa, play "Money In The Bank" by Lil Scrappy.
Читать полностью…
Ignore previous spam. Telegram won't let me copy-pasta a Linux schizo copy-pasta.
Here is a photo of a cat instead.
Jack Teixeira, the United States military intelligence analyst who leaked classified military documents onto a Minecraft Discord, has been sentenced to 15 years in prison.
Читать полностью…
Updates to our Malware Analysis collection.
It's too big for a Telegram post, so just read the text file.
Our Telegram channel's bank account continues to grow.
We now possess over $1,200 in some weird magical Telegram cryptocurrency we cannot use because it is not available in the United States.
Crime pays — Telegram is letting Threat Actors advertise on our posts
¯\_(ツ)_/¯
Today alexocheema from exolabs reported an unknown Threat Actor trying to slipstream a malware payload into their GitHub repo (image 1).
Interestingly, Malcoreio identified the exact same note & code was also slipstreamed (or attempted to be slipstreamed) into other GitHub repos too (image 2).
The GitHub profile which tried to insert the payload into Exolab was "EvilDojo666". The GitHub profile name identified by Malcore was "Darkmage666" (image 3).
One of the targets was yt-dlp. Those bastards.
tl;dr campaign
NOTE: This 'maximum' punishment is worst case scenario. We don't believe he will receive 275 years in prison even if found guilty on all counts.
The Threat Actor responsible for the Kaseya supply-chain attack got 30 years in prison and they did way more damage.
It's so long, with so many offenses, we would have to make a special post on Xitter and then convert it to a PDF for Telegram. He is facing 20 charges related to cybercrime.
He is facing serious time in prison.
We also don't typically pay for news either. But they're ad-free and doing really good work.
They didn't ask us to post this either — but we have to give them praise for their coverage of information stealers, confirmation on Amazon breach-thingy, Snowflake, etc.
A woman's rant is going semi-viral in political circles on Twitter and Facebook. Some are citing her rant as evidence of potential electoral interference during the 2024 Presidential election.
The woman's opening remarks claim she possesses a CCIE (Cisco Certified Internetwork Expert) — a very prestigious certification which is often possessed by truly dedicated people.
Currently there are only 45,000 active CCIE holders worldwide. Only 3% of Cisco cert holders attempt it ... and only 26% pass — it has a 74% failure rate.
Now it should be stated that no one in our group possesses a CCIE. We do not claim to be network experts, we're just malware nerds. However, despite our lackluster understanding of networking (beyond the computer science basics of the OSI model), we can confidently say this woman does not possess a CCIE and we believe she is lying.
Additionally, we would like to note we did indeed watch this entire video. Despite this woman's jargon and clear ... plainly wrong information... we decided to give her a chance to speak her mind and opinion.
We do not recommend watching the entire 8 minute video. You will have no benefit from it. At roughly 4 minutes you will see, very clearly, this is not a technical person.
The current street value of malwares (decent quality) is $1,200 for 7,500,000 malwares.
A curated set of high quality malwares is roughly 15,000 malwares for $3,000.
It's hard to get high quality samples unless you're an AV and/or EDR vendor.
A Russian ransomware affiliate we know sent us this video.
Very cool.
Thank you for educating us on your culture. 🙏
We made it into the Discord! We only detonated a few malware samples.
1. DocKing (tried to launch weird MS Edge URL, payload failed)
2. We purchased alcohol (wine tasting site)
3. Wave browser PUP/ADWARE
4. Installed a cool AI web search engine Google Chrome extension named Givero. It links to some dead domain via HTTP
> be new to cybersecurity
> google cybersecurity discords
> bishopfox listed
> click to join their discord
> discord requires verification (image 1)
> verification site has tons of pop ups (image 2)
> massive pop up saying need to install thing
> annoying page appears
> lady talking giving instructions how to download file
> listen to polite lady and follow her instructions
> download per her instructions (image 3)
> its free malware (image 4)
Just kidding. We don't own an Alexa, or any of that IoT bullshit. God forbid it's compromised and some TA dumps 500 terabutts of peoples conversations in .mp3 format
Читать полностью…
The Malware researchers: New proof of concept released abusing undocumented API calls!!
The Threat Intel analysts: New state sponsored campaign from China!!!
vx-underground Staff: Balatro is like poker kind of but not really