40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
Non-nerds are asking how Mr. Al-Qudsi (mqudsi) is working to reconstruct redacted Epstein data. Here is a high-level summary that isn't as nerdy schizo
Mega tl;dr
> Send email
> Add attachment
> Emails no understand files
> Email turn files in text (Base64 encoding*)
> Image 1 is email turning attachment into text
> Send email
> Someone receive email
> Email reads add-on text
> "oh thats an attachment"
> Transforms into attachment you can see (Base64 decoding*)
> DoJ releases Epstein emails
> Didn't censor attachment stuff
> hehe big mistake, we can recover this
> Boom, all attachments "censored" now uncensored
> All hidden attachments now public
> Go to work
> Problems arise
> DoJ printed emails (???)
> Scanned printed emails back (???)
> Try to rebuild from email stuff
> Fails
> wtf.mp4
> Look inside
> DoJ printed as "Courier New" font
> L and 1 look the same
> Try to reconstruct
> Fails
> Computer can't figure difference between L and 1
> (Look at image 2)
> Can you even tell the difference???
To manually reconstruct all attachments from Epstein emails data forensic experts must find a way to programmatically determine which characters are L's and which are 1's. This is only a problem because the DoJ printed it as Courier New.
Proposed solution right now is bruteforce. Try every possible combination, swapping L's and 1's, check email thing, does it work? No? Repeat. However, this could take a long time.
Another solution is taking known email encoded thingies that work and compare it to Epstein files. Try to identify patterns and reconstruct it using machine learning.
Conspiracy theorists going full theorist today. In the Department of Justice Epstein email releases it was discovered he played Fortnite.
Coincidentally, his Epic account was active after his death.
The cool thing about this social media profile growing in size is that it now frequently escapes the core demographic. This has resulted in very silly shenanigans.
As many of my core audience knows, I frequently refer to my colleagues and peers as "nerds". I use it as a term of endearment.
Non-core audience perceives this as an insult. Furthermore, they do not seem to understand this social media profile primarily revolves around cybersecurity with an emphasis on malware. Hence, many tongue-in-cheeks jokes and sentences are misconstrued and misunderstood.
Things I've seen people call me:
- Jewish (I'm not Jewish, I'm not Israeli, ???)
- A boomer
- Homosexual slurs
- Intellectually Challenged
- A boot licker (???)
tl;dr log into xitter, get called retard piece of shit jew homo bootlicking scum because i called people nerds
Big news on the internet today as the United States Department of Justice wildly underestimated computer nerds
Mahmoud Al-Qudsi (mqudsi), the founder of NeoSmart Technologies, is a nerd who specializes in computer forensics. His entire career (dating back over 2 decades) has been focused almost exclusively on data forensics, data restoration, and data backups.
Because Mr. Al-Qudsi is a nerd who unironically enjoys painstakingly reviewing computer forensics at the byte level, something almost no one else on the planet enjoys, Mr. Al-Qudsi began exploring the recently released Epstein files.
Today he released a write-up explaining the problems with the Epstein redactions, errors they left in the PDF files, ... and all sorts of other artifacts the Department of Justice accidentally left behind. By leveraging these different digital artifacts, it is possible for experts such as Al-Qudsi to reconstruct the files without their redactions.
See subsequent post for his write-up
tl;dr he's reverse engineering and reconstructing epstein files. but hard and will take lots of work
pic: me trying to understand computer forensics based on fonts used
> npm package
> "optimizer-cpu"
> look inside
> base64 encoded string
> decode base64
> deploys XMRig miner to pc
> doesnt optimize cpu
Hello,
I don't feel good. I have Influenza Type A and I am expelling mystery goo from my lungs. However, I have gotten on my computer to share I have made some updates to malware site.
Because opensourcemalware-dot-com (which apparently is new and cool right now) shares SHA256s, but they're not downloadable, I have begun downloading them and placing them on malware site.
I planned on adding more today, but my body is weak and the mystery goo from my lungs hurts
https://vx-underground.org/Samples/OpenSourceMalware
Chat, I've got a temperature of 104.2f (40.1c).
I do NOT feel good. I went to the doctor and this nerd with a clipboard told me I had some made up mumbo jumbo called "Influenza Type A".
I said, "whatever nerd, I'm not gonna let the system hold me down" (it's holding me down)
> Epstein writes down email and password
> FBI finds it
> Stores as evidence
> Doesn't censor
> Released
> Nerds find Epstein password
> No MFA
> I wonder if anyone logged in?
> Look inside
Meanwhile on the internet, nerds discover a handwritten note in the Epstein files where Epstein wrote down the credentials to his email.
Reddit nerds have logged into the email now.
What will happen next? Find out next time on Dragon Ball Z
Answer: Microsoft Copilot 365 Premium Notepad Pro Plus (ID required to comply with UK laws)
What'd you think? Sublime? WRONG.
Tried making an insecure FTP joke and everyone just assumed I was dumber than hell
It's all over
Hello,
I have added more malware development papers to the malware place you sometimes visit. I have a massive queue of stuff to add and I am now slowly working through it
Info: https://vx-underground.org/Updates
Video related
> opensourcemalware.com
> community database
> collection of open source malware
> malware that targets github stuff
> malicious npm packages, etc
> "for the infosec community"
> look inside
> can't download stuff
> only lists ioc
> "Upgrade to Pro" to view more
Okay, I'm done trying to might lighthearted jokes about the Epstein files. As I see more posts about them I become more depressed. My only cope is silly memes about it (gallows humor).
I'm going to bed now. Tomorrow we malware and post silly cat pictures.
Pic unrelated
Some people asked, "do I need to worry about this effecting my computer?".
The answer is: No.
Lotus Blossom is an extremely skilled and patient group with high-profile targets. This would be like asking, "do I need to worry about Navy Seal Team Six kidnapping me?"
This group isn't going to target some random stinky nerd on Xitter, they're not going to waste their time attacking Susie Schnarf on Facebook, they're going after serious institutions with objectives and goals in mind.
... unless you're a well-known politician located in Southeast Asia or Central America with information related to national security ... then maybe you should have more security concerns ...
Is Jeffrey Epstein actually alive? Is he a pro-gamer? Why hasn't he spent more money on V-bucks?
Find out next time on Dragon Ball Z
I'm not mad, or sad, or whatever. I am however profoundly confused.
Imagine changing a diaper, checking the Xitter, logging in, and you see a bunch of strangers calling you names and mean stuff
mfw
https://neosmart.net/blog/recreating-epstein-pdfs-from-raw-encoded-attachments/
Читать полностью…
smh only 2 installs before npm nuked it. i dont wanna sound like a hater, but your CPU optimizer SUCKS (it just installs a crypto miner)
https://gist.github.com/vxunderground/25ecfb5dea631d2a79b81d83e79405db
Hello,
This social media profile is now the largest cybersecurity-related profile on Xitter. It has passed SwiftOnSecurity.
What does this mean? Well, as the top influencer I am carrying the weight of the world on my shoulders. This is a very serious role. I'm basically a superhero.
First, I will begin pushing my new cybersecurity course. It will be somewhere between $200 - $500. It will not be formally recognized by any institution or employer. Additionally, it will be poorly developed and half-assed. I will lie and say it will help you get a job (it won't).
Second, I will begin pushing cryptocurrency coins which I will say are going to solve some opaque problem in cybersecurity. I'll make something up, like, "this coin will prevent DHCP DNS cluster fraud". It won't make sense. When someone questions it I will immediately deflect blame or call them bad names.
Third, I will travel to every major cybersecurity conference. Each talk I give will not be technical. My talks will primarily revolve around my experiences, and wisdom, or something. I will pretend to be an old sage filled with knowledge, things you could literally never understand. In actuality, I can barely send an e-mail.
Thank you for the love and support. I look forward to rug pulling all of you.
I'm not even gonna lie, they're like, "oHhah tAke CarE of yOurSelf INFLUENZA is serious".
I said, "haha ya right. It can't be that bad" (it's extremely bad, I feel like I'm dying, every muscle in my body hurts)
This isn't my image. Once the password was blasted around the internet everyone rushed to log in and act as deranged as possible.
The password has since been changed and MFA has been placed on the account.
Privacy nerds:
> Tuta email
> XMR
> Qubes OS
> Tails
> No social media
> Live in a cave
Epstein:
> "hello i am sex trafficking children"
> Attached image as proof
> Sent from iPhone
I posted this silly meme because I thought it was silly. I was not aware the woman in this photo was Silvie Tomčalová a/k/a Silvia Saint, the Czech former pornographic actress.
Gooners are locked in. This lady was doing pornography in '96.
EmEditor was hit by a supply-chain attack. Notepad++ was hit by a supply-chain attack.
Guess who wasn't?
> be me
> early 2019
> like writing malware for fun
> have boring programming job
> decide to make crappy website
> save cool malware papers I like
> maybe someone will find it
> maybe someone think it's cool too
> make crappy twitter account
> decide to share updates on stuff
> doubt anyone will care
> some people notice immediately
> get 200 followers
> celebrate 200 people caring
> keep adding malware papers
> decide to also share malware
> people can download it to study
> add more
> add more everyday
> try to be super serious and cool
> use edgy dark art and stuff
> fast forward
> 2026
> website about to turn 7
> 68,000 papers
> 40,000,000 malwares
> 400,000 followers
> lost mind from malware
> act like moron on twitter
> keep adding stuff
> also post dumb pictures of cats
My magnum opus, my life's work, my legacy which I may be remembered for, will be the guy who randomly decided to start collecting malware and continuously posted pictures of cats on the internet.
Am I the only malware place that doesn't require proving your identity and paying for something?
What happened to doing shit for the love of the game? Do I need to go and pull all these samples and make my own now?
When I was younger I had a brief stint as a general IT worker for a large company. I had a company vehicle and I would drive location to location doing support tickets.
One time I drove to a location, hopped out the car, walked in the door, told the lady behind the counter I was from corporate and I need to work on some stuff. She said, "Oh, hello! Let me open the door for you!" and let me in.
I went into the back. I got lost. I realized I was at the wrong location. My destination was the company directly next door.
I walked to the front and said, "Oh my goodness, I'm so sorry. I thought this was ____.". She laughed and said "Nope, wrong place".
We both laughed. I apologized. I walked out and went to my actual destination.
In retrospect, GOD DAMN. I could have been a fucking THREAT ACTOR. These fucking people didn't verify me AT ALL. I just walked in dressed like an IT nerd and they just fucking let me in, full access, everything. What in THE FUCK?
🚨BREAKING NEWS🚨
JEFFREY EPSTEIN KEPT A FULL COPY OF THE 2005 BASH REFERENCE MANUAL
https://www.justice.gov/epstein/files/DataSet%209/EFTA00315849.pdf
Non-malware schizos asking about why the Notepad++ malware payload was so interesting.
Okay, we'll discuss it without getting too schizo.
First, Rapid7 (and other various Cyber Threat Intelligence vendors) seem to generally attribute the Notepad++ compromise to Chinese APT group "Lotus Bloom". They attribute it to Lotus Blossom because they tend to recycle code segments to save time. Basically, fingerprints.
Lotus Blossom is the invented name intelligence organizations have assigned to a group of Chinese government sponsored hackers. Their true identity is unknown, but speculative. It is not one person, it is likely a group of unknown size, it could two people, it could 15 people.
Lotus Blossom has been active since 2009 (or so they speculate). Lotus Blossom are not noobs who do hacker noob stuff. Lotus Blossom is assigned high-profile tasks. Lotus Blossom does extremely specific targets, most notably they are instructed by the Chinese government to hack government institutions, telecom companies, aviation companies, and critical infrastructure (nuclear power plants, electrical power grids, hydroelectric dams, etc) in Southeast Asia and Central America.
When Lotus Blossom targeted Notepad++, and users in specific regions (presumably Southeast Asia and Central America) attempted to do an update it delivered "Chrysalis Backdoor". Chrysalis Backdoor is the name intelligence companies invented and now call this malware.
Chrysalis Backdoor used a lot of really common malware techniques which truthfully I won't go too much into (API hashing, custom implementations of GetProcAddress, malware nerd stuff). However, what makes this malware very special is it's usage of Microsoft Warbird.
Microsoft Warbird is a proprietary technology which is rarely discussed. It is an internal library Microsoft uses to obfuscate it's instruction set in-memory. In other words, it's Microsoft really fancy custom way of preventing people from reverse engineering what Windows is doing when it's running.
Unknown to me personally (and a lot of people apparently), in the past few years (2023) some security researchers have discovered ways to discretely use Microsoft Warbird and use it as a weapon. Basically, you can use undocumented APIs in Windows to use Warbird for your malware. This provides a way to hide what your malicious code is doing while it's running without needing any external tooling or custom implementations. They're weaponizing Microsoft's anti-tampering and/or anti-reverse engineering technology for malicious purposes. This is extremely impressive because it shows:
1. Lotus Blossom pays close attention to really talented security researchers or...
2. Lotus Blossom has really good security researchers on payroll
Both are totally possible.
The remainder of the Lotus Blossom tooling is fairly generic malware stuff and isn't too terribly impressive. Lotus Blossom (unironically) did a very good job hijacking Notepad++ update infrastructure and weaponizing Microsoft's anti-tampering technology (Warbird).