14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
We apologize to the many people who follow us online.
Instead of doing our regular malware sample family updates and pushing new papers, we're going to meme this CrowdStrike thing until we develop arthritis.
CrowdStrike cooked SkyNews. They're trying to do the news with no computers.
Читать полностью…
How to fix the Crowdstrike thing:
1. Boot Windows into safe mode
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Delete C-00000291*.sys
4. Repeat for every host in your enterprise network including remote workers
5. If you're using BitLocker jump off a bridge
CrowdStrike has performed the largest ransomware attack in history.
Accidentally.
Today CrowdStrike pushed out a botched update.
It has resulted in outages in Banks, Airlines, Emergency hotlines, ???
It's 6am on a Friday and CrowdStrike cooked the internet
Blah blah blah, helping criminals, blah blah blah. But seriously, Babuk causes EVERYONE problems. It is a colossal piece of shit.
Читать полностью…
We see some nerds getting super hostile to women in tech — especially if they're conventionally attractive and/or have a high number of followers on social media
If you're feeling upset: scream at your Mom, heat up some pizza rolls, and put on some anime
It's going to be okay.
The real Lockbit ransomware group Telegram channel and their first fancy little message. Interesting times we live in, seeing them pivot to Telegram.
Читать полностью…
Wikipedia has introduced dark mode into their website.
Читать полностью…
good morning, or good night, to the 345,958 people living in my phone
Читать полностью…
Today it was reported by AT&T (via email to customers) that an individual involved in the recent AT&T data breach has been arrested.
Читать полностью…
Today Kaspersky issued a goodbye letter to it's American customers.
We are going to miss Kaspersky.
Kaspersky was always a solid AV product and the research they conducted was always excellent.
Microsoft is being criticized (again) because Administrator-to-Kernel mode execution is not considered a security boundary.
Researchers noted that home users, who often run as administrator, could be a victim of this lack-of security boundary.
Researchers asked Microsoft why?
You can do some goofy stuff and run a executable with it (wraps to ShellExecuteEx)
https://pastebin.com/raw/V1jmkp39
CrowdStrike cooked airports in India. They're issuing handwritten boarding passes
Читать полностью…
CrowdStrike cooked the Los Angeles International Airport
Even non-nerds freaking out – they think it's some massive 1337 hack (it's just bad coding).
Threat Actors today wondering where the hell all their compromised hosts went
Читать полностью…
As we continue to do our daily news check up, we can confirm that CrowdStrike has performed a colossal oopsie and has done catastrophic damage.
We have never witnessed an oopsie of this magnitude
wHy dOnT u uSe Ur larGe sOcIAl mEdIa pResCencE 2 dIsCUss pOliTicS
1. Everyone discusses politics. This is a shitpost, malware, and chill zone.
2. We are (mostly) United States based and the current political landscape closely resembles a SouthPark skit
Example:
This post is going to be controversial. But we believe it is necessary. Threat Intelligence nerds, Blue Team nerds, and Law Enforcement nerds following us on sock accounts – don't have a conniption.
Dear Threat Actor(s) who contact us,
We advise you do NOT use the leaked Babuk builder and source code. Babuk is notorious for failing to decrypt files (especially large files), and corrupting data. If you (or your group) decide to do ransomware ... for the sake of literally everybody involved (you and/or your group, the victim, Threat Intelligence, Digital Forensic & Incident Response firms, Law Enforcement, etc) DO NOT USE BABUK. Don't go anywhere near Babuk. If someone recommends Babuk, slap them around with a large trout.
Thanks,
You can contact the LockBit boss on the contacts below, waiting for an answer can take some time from 1 minute to several days depending on the workload.
With questions about decryption to write only in a chat on the site, if the person who encrypted your network does not answer you more than two days or you have any other problems, you can contact me.
Please write a single message and state the whole point, do not write just "hello", "here?", "can I ask you a question?" and other similar messages.
PGP KEY, for encryption of some very important messages or files, the private key is in the hands of one person, on an encrypted computer of the main developer and organizer of the affiliate program, without access to the Internet, PGP KEY has never been transferred and will not be transferred to other people.
Please expect an answer, absolutely everyone and always gets an answer, regardless of the question.
=================================
Tox
https://tox.chat/download.html
Tox ID Support
3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D9287582D6FCB
=================================
XMPP
XMPP Clients:
https://pidgin.im
https://adium.im/
https://psi-plus.com/wiki/en:downloads
https://monal-im.org/
https://f-droid.org/packages/eu.siacs.conversations/
XMPP servers:
https://anonym.im/
https://www.jabbim.com/
lockbit@anonym.im
lockbitapt@jabb.im
=================================
Briar
https://briarproject.org
LockBit Briar ID
briar://abv3rrd62jpln5tyk6nbwospngef5ropu7gkrhnsjn5nvqglek3e2
=================================
Forum profile
http://rampjcdlqvgkoz5oywutpo6ggl7g6tvddysustfl6qzhr5osr24xxqqd.onion/members/lockbit.9/
=================================
https://telegram.org/
Telegram (Experimental way of communication, I want to check how much these messengers are censored and controlled by the FBI, this way of communication can be blocked by the FBI at any time)
Fox William Mulder
@foxwm_apt
Telegram channel (Experimental way of communication, I want to check how much these messengers are censored and controlled by the FBI, this way of communication can be blocked by the FBI at any time)
Fox William Mulder
/channel/foxwmapt
=================================
https://www.signal.org/
Signal (Experimental way of communication, I want to check how much these messengers are censored and controlled by the FBI, this way of communication can be blocked by the FBI at any time)
@lockbit20.19
=================================
PGP PUBLIC KEY
http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/pgp.txt
-----BEGIN PGP PUBLIC KEY BLOCK-----
After nearly two weeks of radio silence from Lockbit ransomware group they've returned with a Telegram account, a Briar account, a Signal account, and an XMPP account
They also immediately threw shade at RansomHub by accusing them of being a rebrand of ALPHV.
Updates to vx-underground:
- 2024-07-02 - Exposing FakeBat loader: Distribution methods and adversary infrastructure
- 2024-06-30 - Deep Analysis of Snake (404 keylogger)
- 2024-06-27 - Poseidon Stealer malspam campaign targeting Swiss macOS users
- 2024-07-02 - The LandUpdate808 Fake Update Variant
- 2024-06-24 - ‘Poseidon’ Mac stealer distributed via Google ads
- 2024-07-02 - Kematian Stealer forked from PowerShell Token Grabber
The only thing keeping vx-underground HQ from metaphorically burning to the ground is grotesque quantities of alprazolam
Читать полностью…
> login
> check news
> riteaid breached
> trello api abused to scrape emails
> more new ransomware groups
> more 8k sec filing
> more malware being the malware
> ???
Throwback to when some nerd found a tomato garden on Shodan
Читать полностью…
💻 Programmers! 💻
What's stopping you from coding like this? 🙏
The coolest part is the existence IWshShell, IWshShell2, and IWshShell3. All of them the exact same, except each one has an extra method present. IWshShell3 exposes an Exec method which is almost identical to IWshShell::Run
Читать полностью…
Currently exploring some COM stuff – found a cute trick to read registry keys.
The COM interface expects a WCHAR string (BSTR). But then... it converts it to a CHAR string to invoke RegQueryValueExA