14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Some media outlets are reporting a compromise (and leak) of Leidos – a large IT service provider for the United States Pentagon.
Bloomberg reports the leak is being distributed on 'cybercrime forums' but we haven't personally seen anything about it anywhere.
¯\_(ツ)_/¯
20 years from now someone is going to write a book about the CrowdStrike disaster. People new to cybersecurity are going to be amazed by it.
The actuality of the situation is most security professionals (and Threat Actors) just shitposted their way through the entire thing
This by far one of the largest oopsies in cybersecurity history. We can't recall a moment where a vendor caused this much damage... ever. We're aware of instances where updates corrupted something, but nothing on this scale.
They'll probably talk about this in history books.
Anyway, unless something profoundly dramatic happens, we are no longer going to actively discuss the current CrowdStrike situation. We're fatigued – and various members are combating the fall out in their own way (organizationally, whatever).
tl;dr moving on
More annoyed at the fact CrowdStrike has brought in a surge of 'experts' than the actual computer damage at this point. We're going to hear idiotic schizophrenic rants for months
Читать полностью…
Good morning,
After we took Sunday off we anticipated things would calm down a little. We were wrong. There has been more arrests, the CrowdStrike fire is still burning, and the arguing about CrowdStrike continues.
😭😭😭
POV: you scroll the comment section of literally any Xitter post discussing CrowdStrike (someone is going to make it weirdly political and mention an acronym starting with the letter 'D')
Читать полностью…
To put that into perspective: that is nearly x3 the amount of the entire Linux user baser.
Haha just kidding:) we just wanted to make a jab at Linux nerds because they keep spamming "THIS IS THE YEAR OF THE LINUX DESKTOP"
Logging into Xitter and seeing thousands upon thousands of people, who have never written a single line of code their entire life and can barely use a computer, giving their expert input into kernel-mode programming
Читать полностью…
We somehow missed a semi-undocumented CrowdStrike EDR disable* technique that was unveiled in 2022.
It requires administrative access. This makes it more difficult to perform in enterprise environments.
Jonas Lyk discovered the CrowdStrike minifilter did not catch NtCreateFile when the FILE_APPEND_DATA access mask was present. It was possible to open a CrowdStrike driver with FILE_APPEND_DATA and append an additional byte to the driver opened.
When rebooting the machine, the driver signature would not match and CrowdStrike would not load.
We're coming across more and more Threat Actors who are children – some as young as 14 years old.
Читать полностью…
Just saw KitKat bars and Duolingo making BSOD jokes.
Wtf CrowdStrike you've ruined everything and it's only getting worse
CrowdStike PR trying to apologize to enraged IT nerds
Читать полностью…
"We need you to come info the office and help us find all the BitLocker keys"
Читать полностью…
Updates to vx-underground:
Papers:
- 2024-02-20 - Earth Preta Campaign Uses DOPLUGS to Target Asia
- 2024-04-09 - Unraveling Not AZORult but Koi Loader- A Precursor to Koi Stealer
- 2024-05-21 - Phobos ransomware launches new leak site and pivots towards double extortion
- 2024-06-05 - European Election Security At Risk- A Detailed Analysis of State-Sponsored, eCrime, and Hacktivist Threats
Malware family updates:
- Poseidon
- ChChes
- SageRansomware
- Shifu
- SnakeKeylogger
- FakeBat
- Mirai
- LummaStealer
- Android.Rootnik
- FinSpy
- Latrodectus
- NeutrinoBot
- KematianStealer
- EyePyramid
- FormBook
Bulk downloads:
- VirusSign.2024.07.20
- VirusSign.2024.07.21
- VirusSign.2024.07.22
- VirusSign.2024.07.23
There is a REAL WORLD CHANCE your shitty memes could be in a history book 😭😭😭😭😭
Читать полностью…
Remember when Shou Zi Chew, the CEO of TikTok, testified before the United States congress and they grilled him on questions about WiFi or TikTok monitoring IOT devices?
Imagine the CEO of CrowdStrike having to explain an EDR to the United States Congress 😂😂😂😂
Today (or yesterday depending on where you live) the United States House Leaders called CrowdStrike CEO George Kurtz to testify to congress about the recent botched update. According to Microsoft telemetry, CrowdStrike's botched update boot-looped roughly 8,500,000 computers across the globe – including computer operations regarded as critical infrastructure.
No date has been released yet when George Kurtz will testify.
United States Republicans who lead the United States House Homeland Security commitee stated they 'expect answers soon' from Mr. Kurtz.
Additionally, it is reported that the letter sent to Mr. Kurtz by the United States congress states Mr. Kurtz is 'urged' to schedule a hearing with the subcommitee on Cyber Security and Infrastructure Protection by Wednesday, July 24th, 2024.
Information via Reuters, The Associated Press, and The Washington Post
The CrowdStrike C-suite LinkedIn apology post tl;dr
Читать полностью…
> open xitter
> see long winded rants about kernel mode drivers
> see long winded rants about crowdstrike
> see long winded rants about malware
Hello, how are you?
Today is the day of rest.
We hope all of you can find some time to relax too — it's been a chaotic week.
We'll see all of you on Monday.
We've updated the vx-underground malware collection. We have decided to include the recent faulty CrowdStrike drivers which caused 'boot-loops' for users. We believe it serves some historic and/or educational value to researchers or students. We have titled it "Win32.CrowdStruck". It is in the families directory.
- VirusSign.2024.07.13
- VirusSign.2024.07.14
- VirusSign.2024.07.15
- VirusSign.2024.07.16
- VirusSign.2024.07.17
- VirusSign.2024.07.18
- InTheWild.0129
- Win32.CrowdStruck
- CryptoMixRansomware
- AsyncRAT
- ClipBanker
- ProLock
- ThanosRansomware
- Redline
- Vidar
- Sality
- StealC
- RhadamanthysLoader
- RecordBreaker
- NjRAT
- LummaStealer
- PureLogStealer
- CobaltStrike
Today Microsoft reported that they believe the CrowdStrike bug has impacted roughly 8,500,000 computers.
https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/
We have deleted our post addressing the conspiracy theories about the CrowdStrike thing.
We were bombarded with comments and political fighting.
It's Saturday and we're not going to deal with this shit on our weekend. We'll let someone else do it.
We've seen a lot of questions about the CrowdStrike thing.
- No, this wasn't planned by CrowdStrike and Microsoft to force people to Windows 11. This didn't impact home users.
- No, this was not a test run to interfere with the United States election. This was worldwide. CrowdStrike isn't ran by the Biden administration.
- No, this was not a cyber attack. It was bad quality assurance testing on CrowdStrike's end.
- No, this wasn't performed to censor people on social media. This did not impact social media.
- No, this was not a result of DEI. We don't even understand how DEI is even remotely related to this, so if you think this is related to DEI you've probably got a concussion and need medical treatment.
- No, Elon Musk did not remove CrowdStrike from his computer before this happened. We have no idea what security product Elon Musk's companies use.
One of the nerds who popped MGM (a member of Scattered Spider) was arrested in the UK. He was 17.
We posted about it, shared the link, but everyone is still pissing on CrowdStrike so we'll talk about it on Monday or something.
> get phone call
> answer phone
> "hey have you heard about a cyber security company called CrowdStrike?'
> "nope, never heard of her"
> hang up
Don't explain this to non-nerds. They won't understand it and they'll get scared.
Leaked footage of CrowdStrike's legal department this morning
Читать полностью…