40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
Malware defense stuff is pretty much just standing by the front door with a really big stick waiting for someone to walk in, bonking them on the head with it, and then throwing their unconscious body back outside ... forever and ever ... until you're dead or retire.
Читать полностью…
I wish I was joking. I didn't understand the political banter I saw on social media. I had to use AI slop machine explain it to me.
I didn't understand what the fuck the Levin guy was talking about and I didn't understand why the most liked repost was talking about the dudes military credentials. It didn't make sense in my dumb little brain.
tl;dr robot better human than me
To avoid confusion, I'm not positioning myself as like, the authority figure on who is an expert and who isn't an expert in cybersecurity.
My point is that cybersecurity tends to be very close and tight-knit and you would expect someone world-renowned to be immediately identifiable by someone else who works in the industry.
My post is meant to be funny and criticize TV people
I am genuinely impressed by mainstream media outlets ability to find absolute nobodies in cybersecurity. It's remarkable. I am often left speechless.
There has been dozens occasions, especially as of recent, where some media outlet will be like, "Today as a special guest is world-renowned cybersecurity expert and ethical hacker Joe McCyberSecurity".
I'm like, who the fuck is Joe McCybersecurity? I've been doing cybersecurity and malware stuff for a long time and I've never once seen or heard of Joe McCybersecurity. If he is world-renowned, I would THINK I would have seen them or heard of them.
The camera then pans over to Joe McCybersecurity and it is the most generic cookie cutter white dude in a cheap suit and the tag below him will say something like, "Joe McCybersecurity, Ethical Hacker, CEO of Cybersecurity McJoe Industries"
I'm like, "Cybersecurity McJoe Industries? What the fuck is that?". I look it up and it's a generic WordPress website hosted on GoDaddy with an expired SSL cert.
Joe McCybersecurity then babbles incomprehensible nonsense for about 60 seconds until the TV host goes "woaw" and it cuts to a commercial.
Absolute cinema.
I have a really deep appreciation for YARA and the work VirusTotal's engineers put into YARA.
YARA is interesting because they encountered some challenges when developing their static analysis engine and they handled it really, really, really well.
Initially I was under the assumption YARA read rules by parsing strings and applying them to binaries in-memory (mapping). However, being a doofus, I failed to consider the fact YARA contains BOOLEAN logic in their rules. Hence, reading the files and parsing them as text wouldn't be able to reliably handle the logic present inside the YARA files.
YARA contains an internal VM and transforms the text into byte code. The caveat being the VM isn't turing complete and does not possess any ability to interact with anything else. This was done intentionally though because it acts as a sandbox.
Regardless, it uses the transformed byte code to perform operations on the in-memory mapped binary using (sort of) simple logic but containing a custom implemented callstack for doing stuff. Furthermore, YARA also has a custom heap management system (they're using the ARENA algorithm).
What makes this even more impressive is all of this written in C, is cross platform for Windows, Linux, and MacOS, and easily compiles.
This is a significant software engineering project and they did an extremely good job.
> be me
> reading on yara stuff
> reviewing yara
> basically user-mode static analysis engine
> reading, reading, reviewing
> realize ive never written a yara rule before
> thinking...
> realize yara is excluded from AV engines
> no av would flag yara lib or dll
> used everywhere
> thinking ...
> what if...
> make yara rules for identifying security products
> make yara rules for environment identification
> edr and/or av would ignore
> "hehe hes checking if its malicious"
> its free real estate
United States President Donald J. Trump posted this message on social media today.
Personal grievances the Trump administration it asserts it has with other countries and political theatrics aside, the notion that the United States even hints are exiting NATO is a PROFOUND cybersecurity issue.
Yes, NATO deals with traditional military stuff (land, sea, air, space), NATO also deals with things in the digital domain (cyberspace).
NATO (non-United States) has historically shared a great deal of intelligence with each other regarding state-sponsored threats to the United States. Likewise, the United States has shared intelligence on state-sponsored with our NATO allies.
It makes me incredibly nervous that this idea of exiting NATO is floated or threatened. NATO cybersecurity space deals a lot with ICS/SCADA (Industrial Control Systems, which is things like water treatments plants, nuclear energy facilities, telecommunication systems, etc) and anything else which possesses a military threat to the United States and it's citizens.
I am unsure of the impact leaving NATO would have on our cybersecurity intelligence. The idea makes me very nervous. The United States is constantly under siege from foreign adversaries (notably China, Russia, North Korea, Iran).
Additionally, I have great concern that if we left NATO it would damage our relationship with European allies which have been of significant importance apprehending Threat Actors who have done extreme damage to the United States. Part of the FBI's success in apprehending ransomware actors have been our strong relationship with EUROPOL, and European allies apprehending individuals residing outside the United States.
Chat, this unironically makes me very nervous.
Them: I'm sorry for your loss. I'm sure your family members are looking down from heaven, watching over you, and smiling
Me, a privacy person: They're watching me have sex and poop and stuff?
I decided to kind of spice things up a bit and pivot to malware defense stuff. I explored different thingies and fell down the rabbit hole of YARA stuff. I didn't want to dive into something like minifilters.
I've got this goofy setup where I can extract YARA rules from Windows Defender because of the research from _t_tani
.
I've got like, 20,000 YARA rules, or something, I don't know. It's a lot. Regardless, I was like, "maybe I should make a shrimple file scanner with all these YARA rules". This is what a basic static analysis engine does in usermode.
I saw a lot of people being like, "JUST YARA.EXE --FILE", and I was like, "that's kind of lame". I started bonking the YARA open source repo looking at different stuff.
I then had to fight YARA open source stuff because libyara64.lib wants to fight you to become libyara64.dll. People on GitHub complained too, but whatever, I figured it out.
My next goal is transform all the YARA rules into YARAC, or whatever it's called. In theory, I could then take a binary, or directory, and then use the YARA analysis engine to compare it to all the Microsoft YARA rules.
I then considered implementing basic parameters, or maybe a goofy ass UI, or something.
I then realized I'm basically making THORLite-Lite.
> check tele
> "smelly i think someone sent me malware"
> "they sent me weird .zip"
> "be careful"
> wtf i love malware
> download file
> look inside
> .txt + alternate data stream file
> ads doesnt work with 7z
> ok lol
> look inside
> 7z x "dox[.]zip" -so > payload.vbs
> winhttp request to github
> github\minecraftstuff\discordemojis.txt
> download discordemojis.txt
> look inside
> heavily obfuscated .bat file
> bonk with stick
> powershell script
> ???
> checks for av stuff
> does steganography
> downloads from ibb.co
> look inside
> quasar rat
> hides in made fonts directory in roaming
most work ive seen put into a malware payload in awhile with 2 stages and stego, usually its FAKE_GAME_INSTALLER.JPEG.EXE
Her latest songs are a little angrier and less pop since she has leaned into being a conservative. Regardless, I think it fits her well. I think it's cool she experiments with different sounds and genres.
Читать полностью…
Yes, I know these are from stealer logs (maybe. I don't know), but sometimes it makes me giggle.
Читать полностью…
Thank you, unknown person on the internet, for e-mailing from a compromised Argentina military e-mail.
I'm sure the Argentina government loves having to perform an internal incident response to discover it has been used to send some random dude on the internet pictures of cats.
> wake up
> take a shit
> get out of bed
> get on beep boop machine
> check the everything app
> more notifications than atoms in universe
> look inside
Today the Israel government dropped flyers over the people of Lebanon.
The Lebanese government warned citizens to not scan the QR codes because they were concerned it could be a way for the Israel government to compromise peoples phones.
I said, "WHAT THE FUCK. FREE MALWARE?" I IMMEDIATELY scanned it. I didn't even hesitate.
All it did was link me to some goofy WhatsApp thingy (I don't have WhatsApp) and it linked me to something called Unit504 on Facebook.
Malware defense stuff is boring and I respect these AV and/or EDR nerds so much for working on this stuff.
I've spent the past few days really locking in on developing an ETW consumer and using the YARA static analysis engine in conjunction with it.
It is all documented. It is easy-ish to follow. It all makes sense. Even the more "hardcore" stuff like the kernel mode callback routines and minifilters are handed to you on a silver platter with tons of documentation and examples from Microsoft.
These AV and/or EDR nerds unironically have to spend their days monitoring microscopic potential edge cases for malware evasion and then making a tiny little change in code to account for it. If they don't account for this tiny little potential attack vector they're criticized and insulted endlessly.
Conversely, this tiny line of code they've added burns the hours of research I've placed into developing something.
tl;dr normie to big stinky nerd translator
I'm going to share something embarrassing, but this is true. I have found a good usage of AI (for me, at least).
I'm a big stinky nerd and I have a hard time understanding what people are saying to me. I am an extremely explicit communicator. I usually say exactly what I mean (for better or worse). I get very confused when people imply something, or lean heavily on emotional phrasing, to implicitly communicate.
I have been unironically using AI to explain what people are saying to me. I'll detail the conversation to the best of my ability if it was communicated verbally, if it was online I copy-paste my message and the persons response (or comment). The silly AI slop robot then translates what the person says into explicit communication for me so I understand better.
Basically, the dumb ass slop machine robot is better at understanding humans than me. Sometimes I have zero idea what someone is talking about or trying to convey.
Meanwhile in Brazil: Arch Linux has to suspend access from Brazil because kids could use Arch Linux, or something, and something about pedophiles.
I actually have no idea what the politicians are even saying anymore. It's all bullshit and it's fucking over FOSS.
I'm also surprised by the lack of write ups discussing YARA internals. YARA is a very clear demonstration on how AVs and/or EDRs can perform static analysis on binaries.
It's possible people have reviewed it to learn, but simply didn't share it because it's open source, but still it's kind of unusual to me.
I saw over 9000 write ups on YARA rules, but very few explaining the internal mechanisms of YARA
what are they going to do? make a yara rule to identify yara and flag their own tools as malware?
Читать полностью…
I'll tell you one thing right now too, and I say this with 100% confidence. Adversaries of the United States understand this is premium real estate (metaphorically speaking) and this should be acted on immediately.
If the Russian Federation or People's Republic of China can push a narrative it is of the benefit of the United States people to exit NATO, it isolates us from the global stage and (at least cybersecurity wise) is absolutely terrifying (to me, atleast). The Russian Federation and People's Republic of China can easily push slop propaganda on places like TikTok or Instagram to coerce the people into moving into cyber-isolationism.
I'm not educated on geopolitical stuff with war, or economies, but I know a little about computers and stuff.
This would be an absolute strategic failure from the United States to do this.
Threat Actors are probably shadowboxing in their underwear right now at the idea of the United States being alone
If heaven operates as a 24/7 surveillance state, this is a serious scandal, privacy violations galore, and possible human rights violation. We need to write to our representatives about this immediately
Читать полностью…
Basically I'm a noob at this and I'm sharing what I'm doing so you can heckle me and call me a noob and hopefully not a cat
Читать полностью…
didnt even dawn on me this was CVE-2025-8088
- n-day
- multi-staged payload
- stego usage
- quasar???
wtf lol
Hello,
I pushed the malware stuff to that malware website you sometimes visit.
It is Sunday so please spend it with the most important people in your life (your anime action figures)
https://vx-underground.org/Updates
Hello,
It is time again I sync updates to malware city, the website some of you visit, and some of you don't.
Upload notes will come soon.
In the meantime, enjoy this cool clip from the latest Nicki Minaj song
Whenever someone sends me an e-mail from a compromised government e-mail, and I acknowledge it, people get silly and begin sending me e-mails from other compromised government e-mails.
Thank you, random person, for the e-mail from a compromised Brazilian government e-mail.
Big shout out to my baby boy. He'll be one years old any day now.
He has unlocked a new skill.
It's opening the refrigerator and pulling things off the bottom shelf and throwing them all over the kitchen floor
To be fair, it is 100% possible for the Israel government to have a WhatsApp exploit. I tested it from my computer and was disappointed.
Читать полностью…
Today United States Donald J. Trump released the "Cyber Strategy for America" document. It was highlighted by FBI Director Kash Patel.
Let's take a look at it together. I'll translate it from fancy political speak into nerd speak.
Intro:
>america is cool and badass
>were strong af fr
>our hackers are schizo af
>we could be strongerer
>need corpos to work with us fr
>were fuckin shit up so nerds cant hide
>america 250 years old soon
>computers are important
Section Two:
>we made the internet
>we are the best in internet stuff
>mean nerds fuck shit up on the internet
>mean nerds pissing us off
>"im trump and im not a bitch about cyber"
>mean nerds targeting important shit online
>this is a new era of cyberspace
>lots of money online
Section Three:
>mean nerds pissing us off fr
>if we cant internet you, well physically hurt you
>he actually wrote that LOL
>other countries have shitty AI
>we have the best AI
>were gonna work with unis and companies for AI
>wont let people be censored online
>something about people censoring americans
>mean nerds will get sanctioned
>mean nerds will be memed
>mean nerds will get beat up (maybe)
>america remove more regulations on AI
>regulations slow us down
>gotta go fast af boi fr
>cybersecurity so important fr
Donald J. Trump Pillars of Action:
1. Shape Adversary Behavior
>mean nerds attacking americans and companies
>theyre innocent ppl tho
>nsa and cia given thumbs up to hack back extra
>we raising aggression
2. Promote Common Sense Regulation
>reduce cybersecurity regulation
>checklists are for losers
>regulation make companies less agile
>companies and gov need to be fast af
3. Modernize and Secure Federal Government Networks
>government computers are lame
>will make them better
>use best practices
>use "post-quantum cryptography"
>use "zero-trust architecture"
>use "cloud transition"
>will improve stuff to hunt down nerds we dont like
>will use AI for cybersecurity
4. Secure Critical Infrastructure
>critical infra support important
>energy grid important af to defend
>banks important af to defend
>hospitals important af to defend
>water plants important af to defend
>telecoms important af to defend
>datacenters important af to defend
>must defend everything important af
>stop using technology made by countries we dont like
5. Sustain Superiority in Critical and Emerging Technologies
>america will make more tech stuff
>we gonna protect what we make fr
>cryptocurrency must be secured and stuff
>we need quantum stuff
>ai mega important tho
>we need more ai for hacking and for defense
>people we dont like hack dumb and shitty ai
6. Build Talent and Capacity
>we need more nerds
>nerds are unironically super important
>need to invest in nerds
>remove "roadblocks" for nerds (???) across industry
>will invest in more nerd stuff for nerds to learn