40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
I have some cool malware proof of concepts I'm working on. They're pretty cool and kind of undocumented.
My problem is I have carpal tunnel and (playful) amounts of nerve damage.
I need someone to lend me their hands. Give me your hands.
How do I install Windows Defender on Kali Linux?
Читать полностью…
Last week two of my posts regarding Epstein exceeded 100,000 likes. One of the posts I made exceeded 200,000 likes.
In the spirit of full disclosure, it resulted in an X payment of over $3,000.
Half you stinky fucking nerds would fold immediately. You'd know it's a spy too, you'd be like, "fuck it, I don't give a shit".
Читать полностью…
> wake up
> take a shit
> get out of bed
> check computer
> OMFG
Chat, it's a big Friday. We got lots of schizo shit to discuss today. I've got to make at least 4 posts about all the shenanigans
Yeah, so pretty much that whole Windows 11 Notepad RCE thing was ridiculously stupid. Like, it was so dumb it kind of hurts.
Windows 11 Notepad, with the fancy Copilot AI slop, now possesses the ability to handle mark up, or markdown, ... It's mark something, the stuff used in ReadMes. Whatever.
Anyway, a security researcher realized that if you used markup in Notepad and instead of a hyperlink to a website with https:// you put file:// (the protocol on Windows for files, like in file explorer), it will arbitrarily execute it. It won't prompt you.
Furthermore, he realized you could specify a remote host to execute it from using a different Microsoft specific protocol used for app installation. In other words, if you user clicked the hyperlink in Notepad it would download and run a program from any website ... without alerting the user.
Normally, any sort of hyperlink that leads to a different domain, or tries to execute a file, is supposed to prompt you with an alert message, ... or something. However, Microsoft software engineers seemingly forgot to implement this notification Window.
With this attack vector which has been present for AT LEAST 9 months, a malicious actor could send a .txt file and if the user clicked the link inside the .txt file it would automatically execute and run anything specified in the hyperlink.
Even more silly, forensically under the hood, the logs on Windows, or to an anti malware service, it would look like Notepad was downloading something and then running a program. This is a very unique scenario which (to the best of my knowledge) no security product has encountered before. This could hypothetically result in files being downloaded and executed and being completely ignored by anti malware services because Notepad is a known and trusted program. Why would an anti malware service question Notepad?
Basically, the point I'm trying to get to here is that I don't understand why Microsoft has introduced so many new features into Notepad. With new features means a new attack landscape (more stuff to abuse).
Whatever man
Sinobi ransomware group: GIVE US $10,000,000 OR WE'RE GOING TO LEAK ALL OF YOUR FUCKING DATA
(Halcyon AI is trying to politely inform them they're extorting the wrong company)
> be sinobi ransomware group
> have ransomware "blog"
> use to extort companies
> list halcyon.ai
> "WE RANSOMED THE ANTI RANSOMWARE COMPANY"
> look inside
> not halcyon.ai
> ransomed halcyontek
> mfw they dont know who theyre extorting
Someone get that fucking Nickle guy on the horn, whatever the fuck his name is, and tell him to revert these changes.
Oh, you can change the fucking themes but you can't stop the Chinese state-sponsored propaganda or the 200 OnlyFan's spam messages I get a day?
I've been witnessing a trend whereas non-nerds, or schizo nerds, seem to be under the impression virtually everything is AI generated.
My comment section has been littered with non-core audience people asserting:
- News articles are AI generated (fake in totality, never happened)
- My profile is AI generated (???)
- Images shared are AI generated (memes, video edits, etc). They're edits, but not AI
AI has destroyed the normal person's mind and they appear incapable of differentiating AI from reality.
It is absolutely fascinating. It's like we're watching a science experiment in real time.
I was sitting here and I was like, "I wonder if those nerds have decoded more Epstein attachments".
Today mqudsi decoded legal documents sent between Epstein and his legal representative Alan Dershowitz.
He even got the original metadata back (time, date, computer)
If you want to read more about Paragon, GRAPHITE, and governments (illegally) using Mercenary Spyware, read this paper:
https://citizenlab.ca/research/a-first-look-at-paragons-proliferating-spyware-operations/
I can't even tell you how many times I've explored a malware concept to just:
1. Realize I should have read the documentation
2. Realize Google Project Zero already reversed it
3. Realize some schizo on UnknownCheats reversed it
4. Fail (successfully!)
Hello,
If you're a tiny person living inside my computer, and also by chance like malware, I have added more malware to malware city.
Approx. 250,000 malwares have been added. I also added some more malware analysis stuff. More stuff is coming.
https://vx-underground.org/Updates
While this is a pretty penny, I like to imagine how much money controversial or politically charged accounts make. If they can make a few big posts a month then they're set.
Читать полностью…
Spoke with normal people today.
Within the first couple of minutes I realized I'm a degenerate no life who is completely detached from reality
They discussed foreign concepts such as, "plans this weekend" and "sports".
They asked me about "plans this weekend" and "sports". I froze. I could barely make sense of these concepts.
Using context clues I was able to string together a few sentences which seemed to throw them off my scent. I said something akin to, "Not a fan of Tiger Woods, but the Dow Jones is over 50,000".
Mission accomplished.
The United States Military made a post today on social media about spies.
/me taps sign
Big big drama today in Cybersecurity world. A cybersecurity company is faced with telling the truth, or using "softer language" to avoid losing money or (worse case scenario) employees disappearing
See subsequent post for the full news article. Here is the drama summary
> be palo alto
> have threat intel division named unit42
> unit42 finds hacking campaign
> calls it "shadow campaign"
> attribute hacking campaign to chinese government
> palo alto executives see report
> suggest remove attribution to china
> new suggestion appears
> "state-aligned group that operates out of Asia"
> original draft given to reuters
> lolwtf
> backup, rewind
> January 2026 china say palo alto bad
> palo alto worried about china government
> palo alto have employees in china
> palo alto have five offices in china
> vp lady from palo alto emails journalists
> "not worried about china lol"
> ask why change then
> VP: "attribution is irrelevent"
> ask if scared of china
> VP: "speculative and false"
> ask why change (again)
> VP: "Choice of language in Palo Alto's report reflected how to best inform and protect governments about this widespread campaign"
> ???
It's 2026 and now defenders need to unironically worry about malicious text files.
Nothing is sacred.
I planned on making educational YouTube videos, but with full time employment, a 10 month old baby (about to be 11 months in a few days!), the rest of my family, a vx-underground, work developing malware and poking malware with a stick, I can't summon the energy to make dumb videos on malware.
I'm soft blooded.
When I'm not working, my brain is so deep fried and exhausted I unironically watch Elder Scrolls lore videos and dumb videos on internet drama.
I don't have any friends in real life, they're all far away or married with children too. My entire existence is working or caring for a baby.
It's not bad, I love it. I'm very happy.
But... God damn am I tired. I'm so tired and I don't even really remember the last time I was able to relax. It's unironically been years since I wasn't working in some capacity. At this point, I don't even know if I know how to relax. When I'm not doing malware stuff, I feel compelled to do malware stuff.
It's all ogre.
I don't expect any of you to give a shit. But I wanted to scream into the void of internet.
Thanks.
dawg, if youre going to be an internationally wanted cybercrime organization involved in extortion, money laundering, aggravated identify theft, CFAA violations, etc AT LEAST extort the right people
how you gonna extort someone you have no data for???
Mildly interesting
In NTDLL there is RtlCheckSandboxedToken.
RtlCheckSandboxedToken is a wrapper for NtQueryInformationToken with the TokenIsAppContainer flag from the TOKEN_INFORMATION_CLASS enum.
returning non-zero means the application is sandboxed, in an app container, or running as a protected process.
Xitter removed the light blue color scheme. The only options are 'dark' theme and 'light' theme.
Both look like shit.
This entire site is going to hell in a hand basket. This has ruined my day, possibly my entire life, I don't know yet.
Oh, and since the Epstein files apparently EVERYTHING is a government psyop. Literally fucking everything. It's like someone dropped a schizo bomb on the internet and now everyone has lost their mind
It's cool and badass
Dawg, these computer forensic nerds do NOT fuck around. They're decoding decades old documents from fucked up e-mail scans so accurately they're getting the original metadata
Читать полностью…
Oh, I'm also really, really, really, sorry to DrWhax. This is his photo he took from LinkedIn and he was the first to note it. I got lost in the sauce and forgot to tag him and give him credit.
I'm sorry, DrWhax. That is 100% my bad. When I saw your post I lost my mind.
Yeah, so pretty much, like, there is this really sketchy company in Israel named "Paragon". Paragon sells a "product" called GRAPHITE.
Let me explain the background and why this is very silly.
GRAPHITE spyware which allows "customers" to remotely access peoples cell phones and monitor their instant messaging applications such as WhatsApp
It is spyware. It is sometimes called Mercenary Spyware because it is primarily used by governments to spy on political enemies, journalists, and activists.
Very little is known about Paragon, GRAPHITE, and their "customers". However, it was publicly noted by the Trump administration in January, 2025, to be purchased by the United States government and to be used to aid ICE.
Furthermore, in September 2025 the Trump administration noted the usage of Graphite to aid the United States against "domestic terrorist organizations" such as "ANTIFA".
ICE acting director Todd Lyons noted using GRAPHITE to monitor anti-ICE protestors to track "ringleaders and professional agitators".
Citizen Lab and other civil rights organizations have documented the usage of GRAPHITE against individuals in Australia, Canada, Cyprus, Denmark, Israel, Singapore and (unsurprisingly) the United States. It is believed the Canadian government actively uses GRAPHITE in Ontario.
Okay, so why does all of this matter? Yeah, it's super fucked up. But today representatives from Paragon accidentally leaked GRAPHITE screenshots ... ON LINKEDIN. Dawg, that image in the background IS GOVERNMENT FUCKING SPYWARE
It shows phone numbers in Czechia, apps, accounts, media on the phone, "interception status", and phone numbers extracted. THEY LEAKED IT BY ACCIDENT ON LINKEDIN WHILE TAKING SELFIES
> be me
> have malware idea
> plug phone into pc
> malware detects phone
> automagically steals data off phone
> spend time working on it
> deal with all sorts of dumb shit c winapi
> fails
> ???
> fails
> look inside
> The phone must be in File Transfer (MTP) mode and authorized for WPD (Windows Portable Device) to work
guess who should have read the documentation before doing a bunch of work? (ill give you a hint, its me)