40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
There is this strange phenomena where people new to cybersecurity go way overboard trying to look cool and badass to give the facade of being really technical.
I'll tell you something right now. You probably won't like to hear it, but it is important.
Nobody cares about:
- Your certificates
- The conferences you've attended
- Your vendor swag
- What OS you're using
- How many LED's your computer has
Here is what your peers admire the most:
- If you're polite
- If you're willing to admit if you're wrong
- If you're easy to get along with
If you're just a chill nerd who is nice, easy going, willing to admit when you're wrong, you will go further than the big mean nerd with the galaxy brain
Big beef on the internet today between two Threat Actor groups: TeamPCP and ShinyHunters.
Why? I absolutely no idea.
Supposedly TeamPCP said mean stuff about ShinyHunters.
ShinyHunters made a rebuttal, calling them mean names as well.
This resulted in TeamPCP threatening ShinyHunters with physical violence.
This caused an escalation on tension whereas ShinyHunters alleges they have information on the identifies of TeamPCP and will expose them.
Is either party capable of physically harming the other party or "doxxing" them? I have no idea. However, both parties seem relatively frustrated with each other.
Will TeamPCP give ShinyHunters a boo boo? Will ShinyHunters "dox" people in TeamPCP? Will the conflict resolve itself? Is this all theatrics and they're actually all really best friends who do stuff together and "U" is for "U" and me? Is "N" for anywhere, anytime at all, down here in the deep blue sea?
Find out on the next action packed episode of Dragon Ball Z
More information:
https://www.reuters.com/world/middle-east/amazons-cloud-business-bahrain-damaged-iran-strike-ft-reports-2026-04-01/
Just did a totally awesome April Fools prank
I totalled my Dad's car by crashing it into a telephone pole going 72mph
Haha I got him so good, dumbass doesn't even know what's coming
I want you to know it physically hurt me to write like this. The cringe was so immense I could feel my body buckling under the cringe pressure.
I have no idea how Elon Musk unironically speaks like this still.
Chat, look what images just appeared ON THE DARK WEB (Telegram, where all crime happens on the internet apparently). ShinyHunters posted it.
Is this actual stuff from the alleged Cisco data compromise as a result of the Trivy supply chain attack? Are these images unrelated? How sensitive is this data? How is ShinyHunters involved with TeamPCP? Is this even real?
Find out on the next action packed episode of Dragon Ball Z
Whoa
Core audience (my nerds and stinky internet degenerates), I made a post about an hour ago intended for my nerd homies about family shenanigans. I thought it was kind of funny, mildly interesting.
It somehow escaped core audience at a high rate of speed and some really weird people were making some really weird comments.
We got supply chain attacks, malware, and premium pictures of kitty cats, we do not have time for non-nerds stinking up the place.
Yikes.
Anyway, more updates on silly internet stuff soon. It involves malware and will include a picture of a cat.
Cheers
1. This isn't fake.
2. Credentials are stored as hashes. It should be literally, with no exaggeration, impossible for a vendor to know your credentials while uppercase UNLESS they weren't storing passwords as hashes.
What the fuck is HSBC India doing?
Big shenanigans on the internet today as Threat Researchers speperhypothulate that the Threat Actor responsible for the Axios supply chain attack may have accidentally DoS'd their own infrastructure from the volume of data coming in
Pathetic
Hello to all my Telegram friends who messaged me about Axios supply chain attack.
I'm well aware it happened. Here is reaction when it occurred in near real-time
Dawg, I saw some stinky nerds discussing this recently identified malicious NPM package
This is, by a significant margin, some of the worst malicious code I've ever seen. I don't mean 'worst' as in dangerous, I mean this code is HOT garbage
https://socket.dev/npm/package/3-ways-how-to-get-free-gems-in-clash-of-clans834/files/1.0.2/package%20gene.py
People living inside my computer,
I have updated the website which apparently most of you didn't know existed
I collect malware source code, samples, papers, and builders.
I've added more malware, I've stopped counting, but it's a big number
https://vx-underground.org/Updates
Someone unironically recommended I buy a children's book on cybersecurity to read to my son.
I will not subject my son to computer shenanigans. He must forge his own path. His happiness is more important than legacy.
Malware is illegal and for nerds
Yesterday someone performed an "anonymous release" of a bunch of PlayStation 4 binaries, ELF files, including stuff for retail, DevKits, TestKits, etc.
What does this mean? I have no idea. But nerds keep fucking messaging me about it. Okay? I GET IT. SOMETHIUG HAPPENED
I've got this malware proof-of-concept cooking, but I haven't been able to summon the energy to actually work on it. I'm going to share it with you nerds hoping someone will experiment with it.
Or no one will and I'll do it myself later on, whatever.
Either way, you can do some pretty silly shenanigans with the Windows registry but it requires some tom foolery.
C:\Windows\System32\config\SYSTEM is the actual file (and full file image path) for the Windows registry. The registry is loaded into memory when your OS boots (some fancy Windows internals stuff, whatever).
This file is locked and requires administrative privileges (and a few other things to access it). Even then, it cannot be modified. However, you can do two mildly interesting things:
1. Load it into memory using NtLoadKey. Any changes made will not be present until the OS is restarted (over simplifying, some edge cases exist).
2. Read it into memory with NtOpenFile and NtReadFile (read-only).
This can be a little tricky, depending on where your payload is executing, but you can abuse some Windows components to access these files without a UAC prompt.
ICMLuaUtil!AllowAccessToTheWorld is an undocumented method. I have discussed it in the past (no one else has, no idea why), and using this method you can make any directory "global" to all users on the machine. My hypothesis is that you can abuse ICMLuaUtil!AllowAccessToTheWorld to change the ACL of C:\Windows\System32\config\ to allow your payload to access SYSTEM (offline registry) without triggering UAC.
For case one, using NtLoadKey and using an offline registry hive for registry modification and AV/EDR evasion isn't a new concept. But basically, use ICMLuaUtil!AllowAccessToTheWorld to access SYSTEM offline registry hive, make any modifications using RegSetValue, then "flush" the hive back to disk with NtUnloadKey and restart the machine.
For case two, use ICMLuaUtil!AllowAccessToTheWorld to access SYSTEM and read the file into memory with NtOpenFile and NtReadFile. Once loaded into memory, manually parse the registry (REGF parsing) to query registry keys without using any Windows registry API calls. However, this would be limited to read-only procedures. Case two would be very sneaky and would bamboozle security products.
> Be Cloud infra nerds
> In charge of AWS stuff at company
> Cloud stuff suddenly offline
> Product managers complaining
> Devs complaining
> Customers complaining
> Helpdesk complaining
Cloud nerds trying to figure out how to explain to corporate that the Iranian government has successfully transformed their cloud instances and data into a pile of rubble and a timeline of repair is unknown
Iran is not fucking around, they just bombed AWS infrastructure (again) in Bahrain.
No, this isn't an April Fools gag, Iran unironically is bombing AWS infrastructure because of the roll it plays in the United States
The streets are speaking [1] and word on the street is ShinyHunters dislike TeamPCP [2]
[1] The streets is stinky nerds wearing Naruto pajamas in internet chatrooms
[2] It is alleged ShinyHunters call TeamPCP "SkidPCP", a very unique and novel insult
Haha I just pulled off the most totally epic and based le prank xD
I just detonated ransomware on my works domain controller. Haha man, this is going to be such an epic prank.
April 1st for the win!!! My boss is gonna be all like FUUUUUU-
haha PWNED
This is about Twitter. I had fat Americans commenting, yapping about nonsense and talking about GOD. Weirdos
Читать полностью…
I'm sorry for yelling and the bad words. It has been a very intense 1 week and 2 days.
It has been so dramatic it borders on some kind of sadistic comedy piece
I've seen some conversations online that suggest HSBC India has been transforming credentials with ToUpper prior to hashing. Now with a new code base, or something, in place users must now type in all upper case to account for the previous implementation
Okay, if that is true, isn't that a colossal fuck up? They were stripping case sensitivity while also telling users they need uppercase and lowercase letters? What the fuck is going on over there?
I wanted to say propose, speculate, theorize, hypothesize, but I couldn't pick a word, so I made up speperhypothulate. I'm basically Shakespeare
Читать полностью…
Here is another one of my reactions (I was in bed)
Читать полностью…
This dumb son of a bitch hardcoded the username 'Administrator' because that is (probably) the username on his (or her) machine. You're supposed to resolve the username with %USERPROFILE%, ya fuckin' goof
Читать полностью…
ShinyHunters is ransoming ... HALLMARK CARDS
Those fucking shitty birthday cards you pick up at the drug store ARE BEING HELD RANSOMWARE
WHO RANSOMS BIRTHDAY CARDS
(info via AlvieriD)
However, if he wants to malware, I will super charge his brain and inject everything I know about malware and computer shenanigans into his skull and hope he exceeds me in every way possible.
Читать полностью…
Back in '84, nerds were developing this stuff with documentation printed on paper back they received physically in the mail.
The crowd collectively shit their pants in awe that someone was capable of doing this.
I just shit my pants thinking about it