40630
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
Nicotine salts, I guess it's different than vape juice? I dunno. The guy with pierced ears and funny hair at the store recommended it to me
Читать полностью…
Yeah, so basically I was going to do this whole write-up on @BetterTelegram because people asserted it's (probably) malware.
There was this thing where one of it's affiliates, or something, offered me money to make a post about it. I made a really, really, really goofy and borderline satire advertisement that, shockingly, this person agreed upon. However, the actual developers of BetterTelegram got really sad when they saw the post.
They said they spent a long time working on it and my satirical "ad" made them look bad. Long story short-ish, I agreed to actually look at it. I don't give a fuck about Telegram so instead I decided to poke it with a stick to determine if it's malware.
I ended up pulling it apart, poking it with a stick, poking it with a slightly bigger stick, ... and I got bored pretty fast.
It's not malware.
It's a regular problem. It's boring. BetterTelegram states they're open source and you can view the source code to their application on GitHub. They weren't lying.
The installer it distributes from it's website is a generic installer. You can unironically open it with 7z GUI and look at what's inside of without executing it. The installer is boring stuff such as:
- The binary itself (inside of a 7z though, it's compressed)
- Dumb stuff it's dependent on, like libraries
- Images the file uses
After you rip out all of the installer stuff and get the actual binary you end up with a program written in NODE.JS.
If you're unfamiliar with NODE.JS, it's very easy to revert the binary back to its original source code. Discord is written in NODE.JS. You can sneeze, shit your pants, stumble into a dark and spooky room, and accidentally get the source code to Discord (or rather, as close as possible, but lets not get overly pedantic here, okay?)
After I bonked BetterTelegram with a stick designed for NODE.JS, I very quickly found it's source code which is identical to the source code they share on GitHub. It was boring.
Funnily enough, BetterTelegram does query the BetterTelegram domain, check to see if there are any updates, and if there are updates ... it downloads the latest libraries required ... boring.
BetterTelegram, being written in NODE.JS, uses some weird ass game library thingy for some of it's stuff. BetterTelegram works by injecting a library into Telegram. Basically, it functions like a plugin. The injection library it uses is called "ffxiv-teamcraft".
Yes, you read that correctly, the API it uses to inject the plugin is from a Final Fantasy XIV modding community.
It also uses an external application called "elevate.exe" to elevate itself if need be. However, this is from something else, it's on VirusTotal, it's ... just normal goopy program stuff.
The DLL it injects (the plugin) is also virtually identical to the one on their GitHub. The plugin DLL is the thing that actually does the OTR encryption stuff. I'm not a fuckin' cryptographer, so I can't state how good (or bad) their OTR encryption and/or implementation is. I'm not going to bother even trying to fuck with that shit.
BetterTelegram is an OTR thingy they're selling as a plugin for Telegram. I'm bored with it. Many people initially seemed spooked by it ... I had kind of hoped it would something a little spooky ... but nope.
I have literally nothing else to say.
It's been two months and some dude named "Orange" is still leaking sensitive stuff from the Iranian government.
Last week he leaked credentials to various infrastructure they possess, BTC wallet addresses, etc
https://github.com/KittenBusters/CharmingKitten
In a truly brilliant move, employees from DigitalMint and Sygnia, responsible for handling ransomware negotiations, were indicted for performing ransomware attacks under ALPHV ransomware group.
- Kevin Tyler Martin, ransomware negotiator from DigitalMint
- Ryan Clifford Goldberg, Digital Forensics and Incident Response manager from Sygnia
- Unnamed co-conspirator-1
The motive, per court documents, were the individuals were motivated to "get out of debt".
All 3 men began performing ransomware attacks in May, 2023 and continued performing ransomware attacks until on or around April, 2025. The attacks stopped when the United States Federal Bureau of Investigation approached Ryan Clifford Goldberg regarding the ransomware attacks.
Unsurprisingly, Mr. Goldberg initially denied having any knowledge of the ransomware attacks. However, he cracked during the interview and placed the blame on the currently unnamed co-conspirator. He stated he was recruited by him.
After the interview concluded, Mr. Goldberg and his wife purchased 1-way tickets to France (???). Unsurprisingly (again), he has been detained in France because he is not a citizen of France and France doesn't give a fuck about a non-citizen.
Mr. Kevin Tyler Martin, currently residing in Texas, spoke in 2024 at a technology conference where he spoke about his experiences defending ransomware attacks and handling negotiations.
Both Mr. Goldberg and Mr. Martin have been charged with:
- Violation of the Hobbs Act (18 U.S.C. § 1951) x2
- Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030 (x1)
Under max penalty of law, Mr. Goldberg and Mr. Martin could face as long as 50 years in prison.
tl;dr string.contains("die")
are we fucking serious right now?
I swear a lot and vape a lot.
The students are going to hear a mid-30s man babble, "Yeah, so like, it's all a bunch of bullshit, man. Like, these dumb muthafuckers think VirusTotal detection scores means the shits undetected, but that's not what the fuck that shit means, like, at all, dawg".
They will realize attending a University was a mistake when they discover I was chosen to as a speaker. Please say a prayer for the kids tomorrow.
Why are my tax dollars being used to schizo post from the official Whitehouse domain
https://www.whitehouse.gov/mysafespace/
One person commented that I'm biased because I keep calling security researchers nerds
I am profoundly confused. My confusion knows no bounds.
Lots of nerds arguing over FFmpeg and Google stuff still.
Basically security nerds have argued that FFmpeg has a responsibility to fix any bugs in their project regardless if they call themselves a "volunteer project" or a '"vendor".
Security nerds argue that because of the size and popularity of FFmpeg, which FFmpeg proudly reps, then they should fix the issue and trying to minimize themselves as "volunteer project" is redundant
FFmpeg has responded, in summary, "stop jerking yourselves off, just submit a patch".
Security nerds retorted that it's not their job to submit a patch and FFmpeg, as the vendor or volunteer project, whatever you want to call it, is responsible for the patch.
FFmpeg and it's supporters have criticized security nerds as people who want to find CVEs to look cool and badass, rather than actually improving the security posture of a project.
We're on day 3, or day 4, of a bunch of nerds arguing about patches and stuff. It's a beautiful thing. I enjoy reading it. I think everyone makes a valid point.
I also enjoy people calling each other nasty names and insults over something they're not involved in (they don't work at Google or help FFmpeg, they're just picking their team)
Overall I give this drama a solid 7/10.
Sam Altman and Elon Musk are currently having an argument on social media
tldr
A few weeks ago, or maybe a month ago, I don't know, I don't remember ... I did a post about BetterTelegram and wrote I was going to be paid $1,000 for the "advertisement". The "advertisement" I wrote was borderline satire and (in my opinion) was very funny
Anyway, to make a long story short, I was not paid $1,000 because the person who offered me the $1,000 was not actually someone who "works" for BetterTelegram (e.g. not a developer or representative). It was more or less an affiliate who had hoped my post would drive traffic to the BetterTelegram domain with the hopes it would generate some sales.
When the actual people behind BetterTelegram saw my post they were heartbroken. They felt embarrassed that I had, in essence, satirized their product in front of over 400,000 people. They also got upset that the affiliate thought my post was a good thing to post. Overall they were unhappy about the whole thing.
After I spoke with the people from BetterTelegram I agreed to "honestly' review the product. I felt bad that I had accidentally bamboozled them. The word honestly is in quotation marks here because I reverse engineered the living shit out of it to determine whether or not it's actually malicious.
In summary, it is not malware. It does some funky stuff (long story) and some stuff I don't particularly like (long story). However, it is not malware and it's not particularly bad. I just disagree with some of the design choices made.
I'll be publishing a write up on it. I'll show step by step how I reverse engineered it, confirming things they stated about their product, etc. I'll also explain some of the things they did that I didn't like and things I think they can improve on (architecturally).
Despite me tearing this codebase apart, I still do not use it because I don't really take Telegram serious enough to require secure communications. If I want to have secure conversations I'll move to Signal, or something.
Found the coolest hat at a Thrift Store
My wife and I found this cool hat at Goodwill. For those who aren't familiar with slang, this hat "STOP GOONING" is a reference to "Me & My Goons" by Plies.
This is an anti-gang violence hat. I wear it everywhere I go
Every couple of months some media outlet does some clickbait slop fucking article about 200 bajillion million gazillion passwords being leaked or compromised
I pray to God for mercy
O Lord, why dost Thou makest me look upon this AI slop? Truly mine eyes doth suffer.
Hello,
I've gotten quite a bit of messages today about all sorts of stuff. I see them and I will reply when I get the chance.
It's Halloween, I'm with my family, I've gotta do normie shit like make memories and bond, or something, I don't know
I have lots of cool things to share this weekend but until then please enjoy your Halloween.
If you're a total nerd and not doing Halloween stuff: you're living the dream and I am super jealous. I miss the days of being able to chill in my bedroom in my undies and do whatever I wanted.
Anyway, I love you. Have a good night, morning, or afternoon
- smelly smellington
Yesterday evening 3 people in Moscow, Russia were arrested for the alleged creation and distribution of Medusa Information Stealer (Meduza stealer).
Per Russian media outlets, the 3 people apprehended are charged with unauthorized access to data to an institution in the Astrakhan region.
The charge is "Part II of Article CCLXXIII (273) of the Criminal Code of the Russian Federation (УК РФ)" which is designated for the creation, use, or distribution of malicious computer programs (malware) which (in reference to Part II) is committed by a group of persons by prior conspiracy, and blah blah blah. Lots of filler stuff.
tl;dr charged with malware distribution and/or conspiracy to do malware stuff
If found guilty the individuals charged face up to 5 years in prison or 5 years of hard labor. Additionally, they may be barred from holding certain positions for 3 years.
The raid on the group was recorded and shared online by local law enforcement (presumably). The raid was performed by the Moscow Police with assistance by the Russian National Guard
Sat here in my undies, writing this post, trying this new thing called "nic salts". This nic salt stuff will put a fucking hole in your chest.
Anyway, this is 2nd thing I've reverse engineered the past few days that ended up being regular 'ol program goop. I want spooky goop.
Today I spoke at Dakota State University
I am now banned from Dakota State University
Just kidding (I hope)
Thank you students, and faculty, and strange people from the internet who some how found the Discord server I was speaking in. I hope my schizo rant was beneficial in some capacity.
Also, thank you to Shden (no idea how to say your name) for asking me super specific malware development and Windows internal questions. It caught me off guard and I was not prepared to have a serious conversation in any capacity. It was a reminder that I don't remember shit and all I know how to do is spam pictures of kitty cats.
tl;dr 3 dudes who handle ransomware stuff were secretly doing ransomware stuff, got caught, one of them self-snitched and fled the country. other 2 nerds panicking but not fleeing country. theyre in really big trouble
Читать полностью…
YouTube's AI moderation system has terminated malware nerd Endermanch from YouTube
The AI system determined his account was linked to some banned YouTube account (it wasn't), so they banned him too
He tried appealing it, but unsurprisingly the appeal system is AI slop too
andreee_eeeeee is restricted by EA in Battlefield 6 because their online moniker "DogWifHoodie" constitutes "harassment" and making people "feel unsafe".
The name "DogWifHoodie" was flagged by their automated system because the word "Hoodie" has the word "Die" in it.
Tomorrow at 6PM CST I'll be doing a talk at Dakota State University.
My first post about this I incorrectly stated I was speaking at the University of South Dakota. They're both a university, they both have the word Dakota, they're both located in South Dakota, but I have a small brain so it easy for me to misremember.
Anyway, I will be speaking on Discord while also simultaneously being broadcasted through their lecture hall (huge mistake). I am doing it online because Dakota State University is far away and I do not like going outside.
Despite given appropriate time to plan (months in advance, I said I was busy), I have no plan. I will probably babble incoherently for 90 minutes about malware stuff, or until the University bans me, or until I'm banned from their Discord, or both.
I told them my lecture fee is pizza and energy drinks. They obliged (huge mistake).
It will not be recorded. This is a one time, limited edition, ultra rare, schizo talk. I'm doing this unironically for a free meal. I will also schizo rant at your school (or work place if you want to have an HR catastrophe) for a free meal too.
This started happening a few hours ago. I don't do cryptocurrency stuff (it's for nerds), but apparently someone stealing $98,000,000 is a problem, or something
Читать полностью…
Woke up this morning to people who don't work in cybersecurity, or really do anything in cybersecurity at all, trying to tell me what's happening in cybersecurity
I'm really confused
No idea why they're arguing. But it seems silly two profoundly wealthy and influential people are getting into an argument on social media
I also cannot remember the social etiquette on whether or not calling a person retarded is politically incorrect. I was informed it is, others have asserted it is not. A person has informed me they're disgusted that I would call people the R-slur, but I am not sure if this constitutes a slur or not because mental retardation is an actual medical diagnosis
I don't understand the world. I'm scared and confused.
Spoke to a Threat Actor recently who just got done serving a few years in federal prison the United States.
He was convicted for wire fraud, identity theft, and money laundering. I asked him what it was like and his thoughts on the matter.
He said (not his exact words) waiting for sentencing and stress surrounding it was terrible and suffocating.
He said prison wasn't too bad. He said if you're a drug addict or a person who causes problems you're going to have a bad time.
He said he spent most the time reading, working out, or keeping to himself. He said he met some nice people in there he now considers friends. He specifically highlighted his "gains". In other words, when all you can do is read and workout, you'll probably get in pretty good shape pretty fast.
He served roughly 5 years in total.
He would not recommend prison
wHatS a GooD pAssWorD mAnAgeR
I store all my passwords in a text file called "passwords" and if someone successfully gets access to that file then I'm going to kill myself
That's my security model
I fuck with that old timey biblical Hebrew ass wording. I love it
O Lord, wherefore dost Thou cause me to gaze upon this abomination wrought by artifices of man and metal?
Someone compromised the University of Pennsylvania and sent out a very silly message to students, faculty, and alumni.
I can't tell if they're actually politically motivated or trying to rustle jimmies.
Overall I give it a solid 8/10 for a Halloween silly
Some people on X commented this is staged. I don't think it's staged. I really recommend reading this paper by RecordedFuture, in summary they believe there is some changes occurring in the Russian Federation and they're less tolerant to cybercrime unless it benefits them
https://www.recordedfuture.com/research/dark-covenant-3-controlled-impunity-and-russias-cybercriminals
Hot take: I kind of believe him. Ever since COVID era there's been some changes to businesses where they suddenly don't give a fuck about middle management
But he fr is prolly aiming on AI to replace mfers too