14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
We've got legitimate companies reaching out to us, offering us money to tweet their brands or products. They are calling us "influencers".
We just posted a video of serial killer Jeffrey Dahmer forcing a victim to watch a C++ programming tutorial. We are NOT influencers 😂😂😂
WARNING: Before reading this, put a helmet on your head so when you begin repeatedly bashing your head on your desk you don't get brain damage. Chronic Traumatic Encephalopathy (CTE) is a serious issue. You've been warned.
Private Threat Intelligence community CTI League (CTIL) is being accused by political commentators (?) about conducting COVID19 counter-misinformation campaigns. CTIL was primarily documenting COVID19 misinformation campaigns and reporting information to healthcare facilities and government agencies on Threat Actor activity.
Political commentators assert CTIL intentionally withheld information on suspected Threat Actor's because their true objective was to target anti-vax individuals and act as a tool for NATO-based entities to conceal or censor information and freedom of speech.
This is the first time, to the best of our knowledge, that political commentators have vocally expressed disdain toward Cyber Threat Intelligence groups ... with the false belief they're a censorship group. The issue has escalated to the point where leadership from CTIL had to testify in front of United States congress.
tl;dr Cyber Threat Intelligence for healthcare facilities is illegal and for nerds
tl;dr tl;dr wtaf lmfao
We've won an award! We won the SANS "Most IC3 complaints" award! Shout out to the FBI, NSA, and CIA for not hooding us, kidnapping us, and prying our eyes open like that totally creepy scene from A Clockwork Orange.
Читать полностью…
Researcher discovers XSS/CSRF abusing undocumented features in Twitter analytics.
Thread shows full JS exploit chain to hijack users accounts by having them click a link.
¯\_(ツ)_/¯ Another day in Shangri-La
https://twitter.com/shoucccc/status/1734802168723734764
Seriously, we say 'comment on the tweet for a chance to win'. If you DM us a whole shakespearean speech on why you deserve to win we will orbital nuke you
Читать полностью…
Breaking!!!! 1336 hack in CS allows HAXKErs to do XSSg!!! SUPER DANGEROUS!!! donT CONNECT TO THE internet for They COuld steal YOUR skins!!!!
SOMEBODY DO SOMETHING
We've had a dozen or so people ask us about ALPHV and their sudden website outage.
1. We have NOT heard rumors of them being arrested, we also have NOT heard rumors of their servers being seized. The only mentions of these rumors are from other people asking us about these rumors. We cannot comment the legitimacy of these claims because we have no way to substantiate them.
2. ALPHV informed us they are experiencing hardware failure on their server. This is the 2nd or 3rd time this has happened (to the best of our knowledge). However, similar to bulletin #1, we cannot provide evidence of these claims other than this is what ALPHV has informed us.
It is our opinion that ALPHV is indeed experiencing issues with their hosting provider. But, this is just an opinion and we have been wrong many times.
tl;dr ¯\_(ツ)_/¯ only time will tell
We have finally updated vx-underground. We are behind on several projects due to our holiday season giveaway stuff.
Summary of whats new:
1. We are aware our search functionality is botched. It is a work in progress. Relax, we will fix it (eventually).
2. New content additions:
- 20,000+ new malware samples courtesy of our friends at virussign
- 2019-11-12 - Threat Hunting In Calltrace
- 2021-01-29 - Hunting in the Sysmon Call Trace
- 2023-09-05 - Demonstrating MockingJay with a POC and BOF
3. New section created: we are working on archiving the research of zachxbt with a category labeled "Cryptocurrency Analysis" in /Papers/Other
Have a nice day.
Hello, we're on giveaway #6 of ??? for this Holiday season. Once again, check out Twitter and blah blah blah, you get it. More giveaway spam.
https://twitter.com/vxunderground/status/1733407331893792862
We are happy to announce the winner to the CRTO course, exam, and lab!
"seal", a teenager from Australia, is a great kid with a lot talent and drive. Congratulations on your win and future endeavours
Extra special thanks to RastaMouse for sponsoring this giveaway
Our giveaway lineup:
December 8th: The Art of Malware Analysis course giveaway. 10 Tickets.
December 11th: Hands-On Kusto Query Language for Security Analysts. 2 Tickets.
December 12th: Certified Red Team Professional for on-prem Active Directory exploitation. 3 Tickets
December 13th: Certified Azure Red Team Professional for Azure exploitation. 3 Tickets.
December 14th: Evilginx Mastery Course. 10 Tickets
December 15th: $500 worth-of-books giveaway
Total money donated on educational courses so far: $32,108.64
We are doing yet another giveaway, this time for nerds who like web security, hacking websites, whatever
https://twitter.com/vxunderground/status/1732795111828865366
We're doing yet another giveaway on Twitter
https://twitter.com/vxunderground/status/1732661088204870138
This is what true limitless power looks like. This person has ascended into omnipotence
Читать полностью…
We're almost done with our giveaways so soon we'll stop spamming you degenerates with free shit. Anyway, here is the next round of free stuff:
https://twitter.com/vxunderground/status/1735537990288490939
An unknown Threat Actor is selling stolen data from Bank of America. They claim they have over 500,000 unique records of customers with data including:
- First Name
- Last Name
- Full Address
- Date of Birth
- Social Security Number
1. We are now selecting individuals to win vx-underground merch. We are choosing random people in blocks of 10. Pay attention!
2. More giveaways tomorrow
3. Yes, we know the RansomwareNewsBot on Twitter is still down. The developer traveled to the UAE and disappeared. Not joking.
Giving away $800 of vx-underground merch on Twitter for Christmas / holiday season
https://twitter.com/vxunderground/status/1734673266357186847
Our DMs are completely destroyed. It is exceptionally difficult to have conversations and reply to people at the moment.
1. We have more giveaways coming (5+ more)
2. DO NOT DM US ASKING FOR STUFF
3. DO NOT DM US ASKING FOR STUFF
4. DO NOT DM US ASKING FOR STUFF
In the spirit of full disclosure: we are busy with hard drives, performing these giveaways, and preparing for the general holiday season. We are not particularly concerned with a ransomware blog having technical issues
Читать полностью…
The Windows Projected File System (ProjFS) is ripe for the pickin' (for malware)
https://learn.microsoft.com/en-us/windows/win32/projfs/projected-file-system
We have this weird fantasy where in the next 1 - 5 years there is a bunch of cyber security professionals who career started because of a bunch of nerds, with a shitty website, managed to gain enough internet clout to giveaway absurd amounts of educational material
Читать полностью…
We also want to give a shoutout to the many hundreds, over a thousand..., people who sent us e-mails. So many of you are incredible people who are passionate, driven, and wildly intelligent (probably way smarter than us...)
Shout out to:
- cyz1gy, we also love smelly cats, but not CS:GO
- Zoogs
- Liam, we can relate to you a lot more than you think and we love your honesty
- David - the nerd from New Jersey who is into video game hacking
- CooperTheFox7, for being way more intelligent and talented than all of us, congratulations on your academic achievements
- Sae3, you deserve so much and more, we promise to hook you up with something, we admire your ambition and drive
- Leonardo from Brazil, even though you didn't reply!
- Nicolas from Quebec, we understood you despite being tri-lingual
- Vincent from Sweden for swearing he isn't using ChatGPT
- David from Germany - we love you to death and we swear to hook you up something you deserve to be in IT
- Shreyas from India - shout out to you and your Father for the hardwork you both do. We know how hard it can be running a small-business.
- Hudson, even though you didn't reply to us!
- Mati from Argentina, we read your super long e-mail and we appreciate all of the kind things you said, it means a lot
- Smagul, we have a lot of friends in Kazahkstan and we promise to hook you up something. You deserve it.
We are very disappointed with some of you. 5 individuals who were won the C5W DFIR course and exam prize did not reply and their prize was forfeited.
¯\_(ツ)_/¯
Rerolling. Pay attention!
We brought 22 computer harddrives to the UPS store today 30 minutes before they closed.
The supervisor became visibly angry and refused to do it.
Hard drives will be mailed tomorrow =D
Today the UKs National Crime Agency criticized Meta (formerly Facebook) for rolling out E2E encryption in their messenger. They state they will no longer be able to protect children... with encrypted Facebook Messenger
tl;dr fear mongering, can't spy on people as easily
https://twitter.com/NCA_UK/status/1732791116267704649
People keep giving us stuff to giveaway...
At our current rate we will be giving educational material out to people for the rest of December and possibly January
We'll be giving things away for the rest of the month.
- A winner has been selected for the CRTO giveaway
- 20 vouchers for a DFIR course and exam
- 2 tickets to a data analysis using KQL course
- 10 vouchers for a malware analysis course
- $6,800 in money for more free stuff:)