40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
In 2025 science was conducted. After careful review, we determined it takes 3 ½ thingies of mayonnaise to fill up a Dell Optiplex.
New science must be performed. Mayonnaise is too expensive, we need to know how many thingies of Ranch dressing can fill a Dell.
Previous science:
Average United States citizen age 30 - 39 (hes literally me)
Читать полностью…
Last time on Dragon Ball Z:
The United States government threatened to destroy Iranian critical infrastructure, notably bridges and electrical grids.
Today the Iranian government responded by publishing (an incredibly dramatic) video threatening United States tech bros
ILSpy nerds big mad at me today for discussing the ILSpy-dot-org domain delivering malware.
I failed to scroll to the bottom of the domain to see the "not affiliated with ILspy". This has resulted in several people making passive aggressive remarks to me online.
This mistake has resulted in ILspy nerds suggesting I am a news outlet and an influencer, or something, and stating I intentionally, or unintentionally, spread misinformation.
But what does this mean? Not much. ILspy-dot-org is the second indexed link on Google and the "not affiliated" part is at the very bottom. I use ILspy all the time, I genuinely thought this was there website.
tl;dr I have a small brain and ilspy nerds dislike me
There is some sort of dark irony that I've seen multiple completely legitimate cybersecurity researchers be banned from GitHub.
These are researchers who are verified, clean, years upon years (sometimes decades) of experience. They're well known people.
Their code and reasoning for their ban is usually unexplained or deemed "malicious".
Then some angry nerd drops a Microsoft zero day exploit on GitHub, a platform owned by Microsoft, yet it remains up.
the tl;dr of the drift protocol shenanigans
> be drift protocol
> decentralized trading thingy
> built on solana or something
> april 1st
> april fools
> jk $280,000,000 (approx.) stolen
> rewind
> fall, 2025
> drift people at conference
> crypto nerds approach them
> crypto nerds say theyre at some fancy place
> want to integrate with drift
> crypto nerds sneeky
> crypto nerds only talk to specific people
> wtf how they know who is who?
> crypto nerds hang out in person
> meet at multiple conferences
> crypto nerds smart af, know crypto fr
> these_guys_are_chill.jpeg
> december, january comes around
> setup private group chat
> long meetings about strategy and stuff
> contracts and on-boarding stuff
> fancy_meetings.mp4
> crypto nerds put up $1m in cash for investment
> these_guys_are_legit.mp3
> hang out more in person
> start collaborating with coding projects
> april 1st
> $280,000,000 missing
> cool bros missing
> wtf?
> all chat logs gone
> all software sharing stuff gone
> wtf?
> 1-800-help-us-mandiant
> digital forensic and incident response time
> mandiant looks inside
> 1 drift person compromised from code sharing stuff
> 2nd drift person compromised from some test thingy
> wtf who is this
> look inside
> UNC4736
> unironically north korean spies
> sent abroad to do in-person social engineering
> crypto forensic nerds tie it to radiant capitol hack
> mandiant still investigating right now
tl;dr north korean nerds leave north korea, act like total bros, hang out at conferences, have tons of money, bamboozle people in long-term social engineering and espionage stuff to steal hundreds of millions of dollars
Lost over 400 followers on social media after I made a comment about the President of the United States and his posts on Truth Social
The leader of a country (literally any country) writing "open the fuckin' strait, you crazy bastards, or you'll all be living in Hell" and "Praise be to Allah" when living in a predominantly Christian nation, on Easter Sunday, is genuinely hysterical.
Like, imagine if Claudia Sheinbaum said that, or if Volodymyr Zelenskyy said that
It made me audibly laugh out loud. I'm still laughing about it.
Why is the President of the United States schizo posting on main
Читать полностью…
The United States government: The Iranian government is bombing data centers that we use for AI!!!!
The American people:
Oracle is such a terrible, evil, slime company it borders some sort of twisted black comedy skit.
During the beginning of the Trump administration Larry Ellison discussed building some sort of super-AI system and said it would create as much as 100,000 jobs in the United States
Fast forward, March 2026, Oracle lays off 30,000 people. 30,000 people is an absolutely insane number. Oracle sent out at email at 6am to 30,000 people which were selected using some sort "selective process", which was a computer program, or something, I don't know.
You go online and see people who have worked at Oracle for over 30 years being terminated. People who have had great reviews, sacrificed for the company, ... someone there was terminated and began working at Oracle in 1993.
1993 - 2026 and then terminated by a decision from a computer program while the United States economy is already sliding into the pisser, with inflation, housing crisis, government assistance cuts, gas prices raising, and companies creating hiring freezes
Then today it's announced Oracle has put in H1B requests for approx. 3,000 employees from overseas
What a fucking piece of shit fucking company.
There is this strange phenomena where people new to cybersecurity go way overboard trying to look cool and badass to give the facade of being really technical.
I'll tell you something right now. You probably won't like to hear it, but it is important.
Nobody cares about:
- Your certificates
- The conferences you've attended
- Your vendor swag
- What OS you're using
- How many LED's your computer has
Here is what your peers admire the most:
- If you're polite
- If you're willing to admit if you're wrong
- If you're easy to get along with
If you're just a chill nerd who is nice, easy going, willing to admit when you're wrong, you will go further than the big mean nerd with the galaxy brain
Big beef on the internet today between two Threat Actor groups: TeamPCP and ShinyHunters.
Why? I absolutely no idea.
Supposedly TeamPCP said mean stuff about ShinyHunters.
ShinyHunters made a rebuttal, calling them mean names as well.
This resulted in TeamPCP threatening ShinyHunters with physical violence.
This caused an escalation on tension whereas ShinyHunters alleges they have information on the identifies of TeamPCP and will expose them.
Is either party capable of physically harming the other party or "doxxing" them? I have no idea. However, both parties seem relatively frustrated with each other.
Will TeamPCP give ShinyHunters a boo boo? Will ShinyHunters "dox" people in TeamPCP? Will the conflict resolve itself? Is this all theatrics and they're actually all really best friends who do stuff together and "U" is for "U" and me? Is "N" for anywhere, anytime at all, down here in the deep blue sea?
Find out on the next action packed episode of Dragon Ball Z
More information:
https://www.reuters.com/world/middle-east/amazons-cloud-business-bahrain-damaged-iran-strike-ft-reports-2026-04-01/
> post meme, memeing ai
> ai bros go spazzo
> seem incapable of understanding humor
> "this isnt real"
> "grok, is this real?"
> "mine doesnt do this"
> "what prompt did you use?"
Believe it or not, this was peak AI summarization. This is basically AGI
Читать полностью…
also, on the forreal though, it was an honest mistake, you could have just told me or something, i would have happily corrected it like i am now, you dont gotta be a dick about it, assholes
sheesh
I'm tired of people stereotyping us computer nerds. It is PREJUDICE.
Here are some stereotypes non-nerds push on us. They're all FALSE.
According to non-nerds, us nerds do the following:
- Excessive caffeine or nicotine intake
- Unusual or unhealthy sleep schedule, specifically around 3am and 5am
- Apparently have tons of tabs open, or something, in terminal or web browser
- Desk messy, covered in cables
- Hardware nerds apparently do "experiments" just to see if something works
- Notes on paper or whiteboard look like serial killer manifesto
- Web cam taped, mic disabled, because of "paranoia"
- Strong distrust in tech companies, especially social media
- Nerd so intense forget to eat or shower
- Spend 8 hours debugging instead of reading something which would take 20 minutes because ???
- Apparently we "don't know an answer" but know how to find it?
- Some nerds become irrationally angry about GUIs?
- Weird obsession with mechanical keyboards
I'm so tired of these stereotypes. Literally none of these are true.
Frustrated nerd drops zero day exploit after Microsoft vulnerability bug bounty people annoy him, or something, I don't know.
Stinky nerds confirm its legit
https://deadeclipse666.blogspot.com/2026/04/public-disclosure.html
Around 2 hours ago (01:22EST) it appears ILSpy WordPress domain was compromised to deliver malware.
Someone caught it on video. ILSpy WordPress domain (as of this writing) is currently returning 502.
Attempting to download ILSpy, instead of directing to GitHub, redirected to a domain saying you needed to install a browser extension to continue.
I'll share the video I was sent and IoCs later. I'm not home at the moment.
Thank you to "RootSuccess" for sharing this with me via e-mail and all the evidence you provided.
"Praise be to Allah" sent me, not going to lie. I audibly laughed. I don't know what bro is doing anymore
Читать полностью…
Something nerds don't want to admit: they low-key enjoy the chaos
Yeah, yeah, ransomware is bad, state sponsored threat actors are bad, but deep down when shit hits the fan it is exciting.
Even though it's just a beep boop computer your adrenaline gets pumping
Experiencing some pretty hardcore burn out in malware.
However, a word of advice for the noobs, or less-er experienced people in cybersecurity, "burn out" is part of the natural progression of this ecosystem and it happens to everyone.
Your brain is a muscle (not literally, but brains have this dumb stuff called neuroplasticity, some nerd stuff, whatever), and just like a muscle, you need down time to heal, and science, or something.
Myself personally, I tend to go through waves of absurd productivity with little to no pacing. I get extremely excited, rip through code, ... and then lose control and crash and burn.
Then it takes me anywhere between a few days, ... or few weeks, ... or worse case a few months to recompose myself and get back in the game.
This is a good opportunity to switch it up a little bit. Instead of going schizo on malware, I've been exploring the internet, reading about current geopolitical stuff, and reading some psychology stuff.
I personally think it's important to keep "exercising" the muscle (plus I like learning), but some of my peers decompress altogether and switch to consuming high quality brain rot.
Anyway, the point being, if you've been going hard and suddenly you feel disappointed, or sad, or don't feel that "spark", or feel yourself struggling to even do a few lines of code, it is almost certainly burn out. I know some nerds are kind of hard on themselves, so don't beat yourself up if you feel this way. It happens to all of us (unless you're abusing narcotics to stay locked in).
Take this as a sign and use the opportunity to do something else. One day you'll be doing something and out of seemingly nowhere you'll feel that "spark" again and be like HOLY FUCK, I WANT TO CODE (or whatever you do).
The Iranian government bombed Oracles infrastructure in the UAE today.
This is absolutely terrible news. My heart aches for Oracle.
Iran, please do not destroy this places infrastructure:
NASA astronauts having problems with Microsoft Outlook while in space
It's like some shit straight out of a horror movie
Yesterday someone performed an "anonymous release" of a bunch of PlayStation 4 binaries, ELF files, including stuff for retail, DevKits, TestKits, etc.
What does this mean? I have no idea. But nerds keep fucking messaging me about it. Okay? I GET IT. SOMETHIUG HAPPENED
I've got this malware proof-of-concept cooking, but I haven't been able to summon the energy to actually work on it. I'm going to share it with you nerds hoping someone will experiment with it.
Or no one will and I'll do it myself later on, whatever.
Either way, you can do some pretty silly shenanigans with the Windows registry but it requires some tom foolery.
C:\Windows\System32\config\SYSTEM is the actual file (and full file image path) for the Windows registry. The registry is loaded into memory when your OS boots (some fancy Windows internals stuff, whatever).
This file is locked and requires administrative privileges (and a few other things to access it). Even then, it cannot be modified. However, you can do two mildly interesting things:
1. Load it into memory using NtLoadKey. Any changes made will not be present until the OS is restarted (over simplifying, some edge cases exist).
2. Read it into memory with NtOpenFile and NtReadFile (read-only).
This can be a little tricky, depending on where your payload is executing, but you can abuse some Windows components to access these files without a UAC prompt.
ICMLuaUtil!AllowAccessToTheWorld is an undocumented method. I have discussed it in the past (no one else has, no idea why), and using this method you can make any directory "global" to all users on the machine. My hypothesis is that you can abuse ICMLuaUtil!AllowAccessToTheWorld to change the ACL of C:\Windows\System32\config\ to allow your payload to access SYSTEM (offline registry) without triggering UAC.
For case one, using NtLoadKey and using an offline registry hive for registry modification and AV/EDR evasion isn't a new concept. But basically, use ICMLuaUtil!AllowAccessToTheWorld to access SYSTEM offline registry hive, make any modifications using RegSetValue, then "flush" the hive back to disk with NtUnloadKey and restart the machine.
For case two, use ICMLuaUtil!AllowAccessToTheWorld to access SYSTEM and read the file into memory with NtOpenFile and NtReadFile. Once loaded into memory, manually parse the registry (REGF parsing) to query registry keys without using any Windows registry API calls. However, this would be limited to read-only procedures. Case two would be very sneaky and would bamboozle security products.
> Be Cloud infra nerds
> In charge of AWS stuff at company
> Cloud stuff suddenly offline
> Product managers complaining
> Devs complaining
> Customers complaining
> Helpdesk complaining
Cloud nerds trying to figure out how to explain to corporate that the Iranian government has successfully transformed their cloud instances and data into a pile of rubble and a timeline of repair is unknown
Iran is not fucking around, they just bombed AWS infrastructure (again) in Bahrain.
No, this isn't an April Fools gag, Iran unironically is bombing AWS infrastructure because of the roll it plays in the United States