14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Thanks to advancements in technology you can now watch advertisements while fueling up your car.
Читать полностью…
Chat, we engage back and see what the normies do (this is for science)
Читать полностью…
It's been 24 hours and we're still receiving negative comments and hateful remarks toward us over a satirical post.
The irony of people criticizing us for failing "to research" how computers work, without looking at our profile and realizing it's satire.
Pure gold
Maybe China is taking notes from Amazon and DeepSeek is actually 1,000 Indians in a warehouse
Читать полностью…
> make clearly satirical post
> read comments
> some people take it literally and don't get it
DeepSeek comes with 2 different models.
1. DeepSeek Xi Jinping Edition - Developed for the Chinese. Will provide Chinese propaganda
2. DeepSeek Ameriburger Edition - Developed for Ameriburgers. Will provide American propaganda.
Truly revolutionary work
Security researcher DuchyRE highlighted something interesting about DeepSeek AI.
If you ask about the Terrorist Attacks on September 11th, 2001 in the United States, DeepSeek will answer it. Furthermore, DeepSeek will provide criticism of the United States government (Image 1, Image 2)
If you ask DeepSeek about Tianamen Square in China in 1989, DeepSeek says it cannot answer that question. Additionally, DeepSeek is unable to produce any criticism of the Chinese government. (Image 3)
Mildly irritating things seen by malware nerds:
- Person saying {thing} evades EDR and/or AV, but they've never performed against an enterprise environment with an active Blue Team (they don't know what they're talking about). Yes, your payload avoided basic analysis, but stop disrespecting Blue Team nerds, you're seriously under estimating them.
- Person saying {language} is superior to {other language} for malware development. This is like watching Linux nerds argue about distros
- Person saying their malware is FUD. It is only undetected because you've successfully infected 4 machines running Windows 7. Large scale campaigns are difficult to run. Stop disrespecting reverse engineers. They're dealing with serious Threat Groups.
- Person saying {thing} is undetectable (in theory) because they've implemented over 9000 different evasion techniques. No, you've filled your binary with IOCs.
- Person dissing ransomware payloads, saying it is for noobs. This is both correct and incorrect. Writing single threaded ransomware is easy. Writing fast ransomware (thread pools, queuing, I/O completion ports) that can both encrypt and decrypt successfully regardless of file type and file size can be challenging.
- Anyone who references Mr. Robot when discussing malware.
Received this e-mail today.
It's been nearly 12 hours and we still cannot comprehend this e-mail. We STORE MALWARE. There is literally NOTHING ELSE on the website EXCEPT MALWARE.
??????????????????
Well how about that. It's 3:30am on a Sunday and we're cookin' ourselves again (as is tradition).
We're aware our data appears to be in some sort of quantum state — it both exists and does not exist at the same time. It's Schrödinger's malware collection
tl;dr fml
we see this stuff all the time. we can't tell if they're afraid of women, secretly homosexuals, or jealous a woman has a job
(if ur gay its all good, its 2025, go and kiss a bunch of dudes, we agree mr. kennedy is v v handsome and a total hunk)
Hello,
We've fixed the site. New papers coming soon.
We're still migrating like, 13tb of malware from our virus exchange, or something, have to check.
We're really behind schedule, but we're getting there.
Thanks,
- smelly smellington
Astronomers from the Minor Planet Center at the Harvard-Smithsonian Center for Astrophysics in Massachusetts discovered a new comet — 2018 CN41
They later reversed the definition when, upon inspection, they discovered the "comet" was actually a 2018 Tesla Roadster
According to Twitter statistics, 10% of our audience are female.
That is higher than what we would have guessed. Shout-out to the 34,000 ladies who follow us.
Also shoutout to the 2% of our audience who is age 65+ (you're either lying, or an OG).
If you're going to compromise a Twitter account to push your cryptocurrency drainer — you DON'T need to spam it every 45 seconds.
Holy Christ, we get it, you're trying to drain crypto-wallets. Could you make it ANY more obvious?
This isn't even close to all of the bashful comments — got tired of screencapping them.
Читать полностью…
If you don't get the reference: Amazon's Just Walk Out AI technology was 1,000 Indian contractors
https://www.washingtontimes.com/news/2024/apr/4/amazons-just-walk-out-stores-relied-on-1000-people/
There is a Threat Actor(s) online impersonating Babuk.
You can tell they're a bunch of goobers because Babuk ransomware is a broken piece of crap which barely functions.
You have a better chance of being struck by lightning than Babuk successfully decrypting files.
🚨BREAKING🚨
According to a mysterious document published by DeepSeek titled "Terms and Conditions", DeepSeek does the following when you visit their website
- Record your IP address
- Record your user-agent
- Record your input into DeepSeek
- Stores it in their servers
Worst of all: they're headquartered in CHINA. This means the data is in CHINA. A company, who resides in China, is choosing to store their data in their own country (CHINA) as opposed to the United States of America (NOT-CHINA)
Yeesh.
Made a post about DeepSeek censoring Chinese government stuff because it was interesting. It quickly turned into a geopolitical debate and what-about-isms on Twitter
People need to seriously stop dissing Blue Team nerds. If you've ever tried to deploy malware against an enterprise network with an active Blue Team with software restriction policies, path-based execution restriction, a team that has an effective and up-to-date EDR (custom detection rules) coupled with an AV, and an active SOC..... it can be extremely challenging.
These Blue Team nerds are not dummies and they take their job extremely seriously
This reminds us of the time we received an e-mail saying they suspect vx-underground may have malware on it (it was a malicious perl proof-of-concept archived and saved as .txt)
Читать полностью…
I've released OCRMe — a tool developed from the research done by bmmaloney97
This commandline tool dumps the OCR content from Microsoft OneDrive Business. The tool is on GitHub and comes with a pre-compiled .exe if you're lazy.
ReadMe is in Main.cpp
https://github.com/vxunderground/OCRMe/
Updates to vx-underground:
- 2024-05-30 - Abusing the SeRelabelPrivilege
- 2024-04-24 - ETW-ByeBye Disabling ETW-TI Without PPL
- 2024-04-17 - Reconstructing Executables Part 1 Between Files and Memory
- 2024-03-28 - CveEventWrite notes
- 2023-12-15 - Intercepting console commands with ConDrv
- 2023-10-01 - RemoteRegistry service by abusing winreg named pipe
- 2023-09-23 - Demonstrating Projected Filesystems
- 2023-07-21 - Dumping UEFI Variables
Here is something many of you don't know.
In the late 90's the founders of VirusTotal were friends with people from a malware development group (and zine) named '29a Labs'. The current CEO of VirusTotal, Bernardo Quintero, even attended the first 29a Labs meetup in Madrid, Spain. Additionally, during the time Mr. Quintero was a writer for a computer magazine and did an interview with the founder of the 29a Labs. It was released in PC Actual February, 1998.
29a Labs was decades ahead of their time — they released proof-of-concepts, papers, and thoughts and opinions on things. The founders were based out of Spain but had contributors from across the globe. Although, it should probably be noted the definition of malware we are applying to 29a Labs does not necessarily reflect malware we see it today. The 90's malware was primarily infectors, mutation engines, and code capable of self-propagation (worms). It wouldn't be until 2004-ish many of these groups began truly weaponizing their proof-of-concepts (such as the first ideas of ransomware appeared).
29a Labs was (at the time) very much 'black balled' from the cybersecurity scene as VXers were seen as monsters and criminals. Ironically, while 'non-nerds' called hackers monsters and criminals, the 'monsters and criminals' hackers labeled the VXers the real 'monsters and criminals'. This is partially why so many malware people adapted the satanic-esque appearance. The name in of itself, 29a, is 666 in hex.
tl;dr malware nerds demonized by hackers who were demonized by non-nerds
Please note on image 3 Mr. Sandman is discussing using GetModuleHandle and GetProcAddress to dynamically import functionality from Kernel32. In 29a Labs Volume II, 29a Labs would discuss parsing the Export Address Table, something which is still used today. This technique is 27 years old.
More information: https://www.astronomy.com/science/astronomers-just-deleted-an-asteroid-because-it-turned-out-to-be-elon-musks-tesla-roadster/
Читать полностью…
May 22, 1995 — Is a P.C. A Personal Computer, or Pain and Confusion? Reed Galin reports.
Читать полностью…