14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Unrelated to malware of course, but this impacts individuals we know in this area and this event is shocking.
Читать полностью…
This entire server is maintained by an ex-United States Army intelligence officer. He has been actively working on this virtual world for nearly 30 years. When we spoke with the owner 'Lens' he told us he can only communicate using Dragon text-to-speech software, he is retired, and spoke very highly of this game. He pitched it to the United States government multiple times – recently at 2010.
Each dome you see if a specific virtual command center which include newsfeeds, videos, updated maps, and more.
Our page engagement is 5x - 10x higher when we shit post. We've become profoundly gifted in the art of shitposting over the past 5 years of vx-underground.
Читать полностью…
tl;dr Chinese state-sponsored hackers indicted. Long story. Full indictment can read here: https://www.justice.gov/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived
Summary:
Today the United States Department of Justice indicted seven individuals believed to be tied to Chinese-stated sponsored group APT31 a/k/a TA412 a/k/a Violet Typhoon a/k/a Zirconium.
The individuals indicted are:
- Ni Gaobin, 38
- Weng Ming, 37
- Cheng Feng, 34
- Peng Yaowen, 38
- Sun Xiaohui, 38
- Xiong Wang, 35
- Zhao Guangzong, 38
All are believed to reside in the People's Republic of China.
The individuals are charged with conspiracy to commit computer intrusions and conspiracy to commit wire fraud. The individuals are believed to have spent the past 14 years targeting United States and foreign critics, businesses, and political officials to further Chinese economic espionage and foreign intelligence objectives.
The full write up, and indictments, from the United States Department of Justice is lengthy and gives more details on their actions.
Our friend exoqqen shared a wonderful photo with us. In Vietnam there is a temple which has artwork demonstrating the Laws of Karma
"Creating computer virus causing harm to others"
...
"Brings an insane and foolish person"
tl;dr based monks know you're all insane
Hello, we would like to remind all of you that security research, malware development, reverse engineering, and exploit development is not the result of a singular individual or entity. We all collectively learn.
Bernard of Chartres, twelfth-century French Neo-Platonist philosopher and scholar, coined a famous phrase which was later used by Isaac Newton – which we believe accurately describes this field of work.
Isaac Newton wrote his rival, Robert Hooke, in 1675. In the letter he penned: "if I have seen further [than others], it is by standing on the shoulders of giants."
This is a metaphor which means "using the understanding gained by major thinkers who have gone before in order to make intellectual progress" or simply put "discovering truth by building on previous discoveries".
Thank you to everyone who succeeds and releases new research or papers. It inspires us to learn more, evolve, and presents us the opportunity to discover new things ourselves.
"nani gigantum humeris insidentes" – "standing on the shoulders of giants"
If you're a state-sponsored Threat Actor, literally just shoot us a legitimate e-mail and tell us what you're wanting. It's not a big deal, bro.
Honest to God we don't know anything and we're poor
Hello,
Can someone please call Olaf Scholz or Frank-Walter Steinmeier and tell them German customs is a giant pile of Schnitzel? We've had 4 people now have problems with customs.
Yesterday Neuralink unveiled it's first patient. It is a quadriplegic individual who states he can play Chess using his brain.
inb4 hardware or wireless security nerds find vulnerability in Neuralink and hijack peoples brains
https://twitter.com/neuralink/status/1770563939413496146
Good morning,
Unknown individual(s) have established multiple fake vx-underground merchandise web stores. Due to the nature of these sites we are suspicious of their intentions. We cannot tell if they're scammers or trying to phish potential purchasers PII
We've updated the vx-underground Windows malware paper collections. We've got more to come too 🫡
- 2024-03-08 - Manipulating Token Attribute structures
- 2024-02-25 - Keylogging in the Windows kernel with undocumented data structures
- 2024-02-16 - InflativeLoading
- 2023-12-29 - Usermode encryption but only LOCALSYSTEM can decrypt
- 2023-11-29 - Unwind - Callstack spoofing in Rust
- 2023-11-06 - Running PEs Inline Without a Console
- 2023-09-15 - An Introduction into Stack Spoofing
- 2020-04-30 - Fax Shell - Using Fax service for system
- 2020-01-23 - Starting WERSVR from a restricted users
NSFW ---- 🔞
Two people fight to the death arguing Rust and C++
Hello, how are you? Lots of updates today. Believe it or not, we actually have a lot more to add besides this. We've decided to upload it in increments so we don't bomb your timeline.
Cheers,
Papers:
- 2024-03-18 - Abusing SeTrustedCredmanAccessPrivilege to dump user creds
- 2024-03-15 - Capping process CPU usage
- 2024-03-09 - YARP as a C2 Redirector
- 2024-03-03 - A Trip Down Memory Lane - A history of AV evasion
- 2024-03-03 - Explorer.exe LOLBIN and persistence
- 2021-05-21 - Dumping Stored Credentials with SeTrustedCredmanAccessPrivilege
Malware sample updates:
- Amadey
- BumbleBeeLoader
- CobaltStrike
- DarkMeLoader
- DarkMeRAT
- HijackLoader
- LummaStealer
- Pikabot
- RaspberryRobin
- RedLine
- RhadamanthysLoader
- STOPRansomware
- Stealc
- TrollStealer
- Vidar
- VirusSign.2024.03.15
- VirusSign.2024.03.16
- VirusSign.2024.03.17
It appears Apex Legends RCE is real. We do not know the technicalities behind it, but based on the response by the Apex Legends Esports organization, and the messages appearing in game, it looks legit.
Very cool
Today Twitter open sourced Grok – the Twitter AI thing people get access to when they have Twitter Premium+
Very cool
https://github.com/xai-org/grok-1
At 1:28AM EST The Francis Scott Key Bridge in Baltimore, Maryland was struck by a Large Container Ship. It is being reported as a mass casualty event. It was captured on CCTV footage.
Very little information is available at this time.
tl;dr we're digital archaeologists
We can't spoil this too much – but we found an online gem. It's an old video game, released in 1994, that still has servers online. We aren't entirely sure how they're online, or why, but they're still here. It has a daily peak of 50 users whereas in the 1990's it had nearly 500,000 users online daily.
The game client recommends specs of the following:
- 300MHz (800MHz ideally)
- 128MB+ RAM
- Windows 98, Me, 2000
- Windows Media Player 6.4 or later
- 3D acceleration (64mb+ video RAM)
Currently this game has 206 servers online. The game held online expos and/or conventions which were sponsored by companies like Microsoft, Intel, Boeing, and dozens of now defunct companies.
Interestingly, the game also has a server which was briefly pitched as a United States Department of Defense virtual-command center ... which is still online and actively maintained as of 2024-03-25. Around approx. 1999 this server was pitched to United States government personnel to cooperate with allies in Africa – it features a now defunct United States x Africa virtual command center. It currently has a command center for the United States, Israel-Gaza conflict, Ukraine-Russia conflict, and COVID19 information command center. We spoke with the maintainer of this server and learned a lot about him, the game, why he is still around, and so much more. It is profoundly interesting.
Out of the remaining servers are also old virtual meetups, with photos of the people who attended, dating back the early 2000s. It has a birthday server.. for a woman who held an online birthday party sometime in the early 2000s.
It has a teenager server hangout room which was last updated December, 2001. There are lots of notes and images in the teenager server of teens from the 90's writing 'X was here May, 1999' and so on.
The game also features an online graveyard. It is maintained by a woman, who has listed her PII in the game, and has probably 20+ friends who have passed away. It has photos, messages, virtual flowers, and more.
Top-gg, the self-proclaimed largest collection of Discord bots, was subject to a supply chain attack. The unidentified Threat Actor(s) created a fake Python package domain to deliver poisoned Python packages.
These individual(s) successfully compromised a GitHub maintainer for Top-gg and modified the code base.
You can read the full article here: https://www.bleepingcomputer.com/news/security/hackers-poison-source-code-from-largest-discord-bot-platform/
We're working on something kind of unique right now. It's really cool and you nerds will be like "lol wtf"
Also, hope everyone had a good weekend:)
a visual demonstration explaining how malware works
Читать полностью…
> do interview with japanese magazine
> start getting phishing emails in Mandarin
> spoofed emails trying to impersonate vxug members
> originally coming from South Korean servers
Hello,
Generic vx-underground dark art logo is back.
Have a nice day.
With a budget of $0.00 we are bringing in roughly 8,500 malware samples a day.
Читать полностью…
its crazy af when you realize the internet is literally just sand
Читать полностью…
nerds online trash talking furries but as soon as your job has a serious network issue guess whos fixing it
Читать полностью…
An underestimated security threat to organizations is employee apathy and burn out.
Читать полностью…
Large update to vx-underground tomorrow. Until that time comes please enjoy the rest of your weekend. Sunday is the day to relax.
Unless you're in Australia, or something because it's already Monday there. If you're in Australia it's time to work, nerd. >:(
Today 70,000,000+ records from an unspecified division of AT&T were leaked onto Breached. No information is available to indicate whether it is a 3rd party compromise, or which 'division' this data is from.
Regardless, upon review we can confirm the stolen data is legitimate.