14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Updates to vx-underground:
- 2024-05-30 - Abusing the SeRelabelPrivilege
- 2024-04-24 - ETW-ByeBye Disabling ETW-TI Without PPL
- 2024-04-17 - Reconstructing Executables Part 1 Between Files and Memory
- 2024-03-28 - CveEventWrite notes
- 2023-12-15 - Intercepting console commands with ConDrv
- 2023-10-01 - RemoteRegistry service by abusing winreg named pipe
- 2023-09-23 - Demonstrating Projected Filesystems
- 2023-07-21 - Dumping UEFI Variables
Here is something many of you don't know.
In the late 90's the founders of VirusTotal were friends with people from a malware development group (and zine) named '29a Labs'. The current CEO of VirusTotal, Bernardo Quintero, even attended the first 29a Labs meetup in Madrid, Spain. Additionally, during the time Mr. Quintero was a writer for a computer magazine and did an interview with the founder of the 29a Labs. It was released in PC Actual February, 1998.
29a Labs was decades ahead of their time — they released proof-of-concepts, papers, and thoughts and opinions on things. The founders were based out of Spain but had contributors from across the globe. Although, it should probably be noted the definition of malware we are applying to 29a Labs does not necessarily reflect malware we see it today. The 90's malware was primarily infectors, mutation engines, and code capable of self-propagation (worms). It wouldn't be until 2004-ish many of these groups began truly weaponizing their proof-of-concepts (such as the first ideas of ransomware appeared).
29a Labs was (at the time) very much 'black balled' from the cybersecurity scene as VXers were seen as monsters and criminals. Ironically, while 'non-nerds' called hackers monsters and criminals, the 'monsters and criminals' hackers labeled the VXers the real 'monsters and criminals'. This is partially why so many malware people adapted the satanic-esque appearance. The name in of itself, 29a, is 666 in hex.
tl;dr malware nerds demonized by hackers who were demonized by non-nerds
Please note on image 3 Mr. Sandman is discussing using GetModuleHandle and GetProcAddress to dynamically import functionality from Kernel32. In 29a Labs Volume II, 29a Labs would discuss parsing the Export Address Table, something which is still used today. This technique is 27 years old.
More information: https://www.astronomy.com/science/astronomers-just-deleted-an-asteroid-because-it-turned-out-to-be-elon-musks-tesla-roadster/
Читать полностью…
May 22, 1995 — Is a P.C. A Personal Computer, or Pain and Confusion? Reed Galin reports.
Читать полностью…
Hello,
We have another mistake in our code. QA is for cowards. We'll fix it soon.
Thanks,
Updates to vx-underground (too many to list on Telegram)
Читать полностью…
We'll see some cool proof-of-concept, or someone happy to share something they learned (even if it's well known by others), and the comments we see people leave are so rude.
Like, damn bro, just fuckin' be happy for someone that they're learning, or growing, and sharing ideas
Hello,
We fixed it in prod (we're not cowards)
Thanks,
P.S. Your BTC stash (which according to court documents has been seized, but is speculated you still have hidden somewhere) is worth several billion dollars. Please give us like, $100, or something, for a pizza party.
Thanks,
Hello,
We've received a couple of e-mails lately regarding vx-intelligence on Telegram. We are not vx-intelligence. No idea who that is.
¯\_(ツ)_/¯
We broke the site by testing in prod. We'll fix it tomorrow.
Quality assurance is for cowards
He had quite literally the easiest sentencing ever. He was charged for possession of child pornography, dozens of wire fraud charges, aggravated identity theft, etc.
All he had to do was get a job or education, go to therapy, agree to electronic supervision, and not do crime
Imagine Ross Ulbricht is freed, discovers TikTok, brain rot, and Discord, and requests to be put back in prison
Читать полностью…
we see this stuff all the time. we can't tell if they're afraid of women, secretly homosexuals, or jealous a woman has a job
(if ur gay its all good, its 2025, go and kiss a bunch of dudes, we agree mr. kennedy is v v handsome and a total hunk)
Hello,
We've fixed the site. New papers coming soon.
We're still migrating like, 13tb of malware from our virus exchange, or something, have to check.
We're really behind schedule, but we're getting there.
Thanks,
- smelly smellington
Astronomers from the Minor Planet Center at the Harvard-Smithsonian Center for Astrophysics in Massachusetts discovered a new comet — 2018 CN41
They later reversed the definition when, upon inspection, they discovered the "comet" was actually a 2018 Tesla Roadster
According to Twitter statistics, 10% of our audience are female.
That is higher than what we would have guessed. Shout-out to the 34,000 ladies who follow us.
Also shoutout to the 2% of our audience who is age 65+ (you're either lying, or an OG).
If you're going to compromise a Twitter account to push your cryptocurrency drainer — you DON'T need to spam it every 45 seconds.
Holy Christ, we get it, you're trying to drain crypto-wallets. Could you make it ANY more obvious?
Once someone gets into malware they transform into 1 of these 4 types.
Читать полностью…
Even if it is a well-known idea, or the code is rewritten in a different programming language — whatever happened to just coding for fun?
pic related:
Experimenting with a (maybe new?) string obfuscation technique that uses C floating-point numbers fractionals.
The idea is you'd create a dynamically allocated array of FLOATs. Each ordinal in the array would store 2 ASCII encoded characters in the FLOATs fractional.
As an example, to store the string "LOCALAPPDATA" you'd allocate a FLOAT array. The data would look like:
0.76007900 (L, O)
1.67006500 (C, A)
2.76006500 (L, A)
4.80008000 (P, P)
5.68006500 (D, A)
6.84006500 (T, A)
7.00000000 (NULL)
tl;dr unnecessarily convoluted crap
"If I ran Silk Road, I wouldn't have been caught"
Читать полностью…
Ross Ulbricht, congratulations on your Presidential Pardon.
We are praying for you.
We ask God for your loved ones to not expose you to TikTok, AI, or Fortnite. You've been gone too long — your brain won't be able to handle it.
Amen.
Ross Ulbricht's Xitter is being spammed with accounts which appear to be associated with him (image 1). However, the accounts are not. When you try to view the "official" Ross Ulbricht Telegram channel it asks to verify your identity (image 2).
It gives free malware! ♥️♥️♥️
Ross Ulbricht, the creator of the infamous Silk Road, has been pardoned by Donald Trump.
Читать полностью…
Conor Fitzpatrick a/k/a Pompompurin, the ex-administrator to Breach forums, violated his parole agreements almost immediately after his plea deal.
He now faces in excess of 20 years in prison. His next court date in is February.
United States media outlets are saying Donald Trump intends on, honest to God, pardoning Ross Ulbricht. Initially Trump said he'd do it on day 1 — he didn't. Representatives say he still intends on pardoning him
There's a real world chance Ross Ulbricht could discover brain rot