40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
I'm not being rhetorical and I'm not trying to be critical. I see so many people discussing it and hyping it up. I've skimmed the documentation, reviewed some of the skills, but ... it JUST DOESN'T MAKE SENSE TO ME
I'm sitting here like, "why do I need an AI agent to respond to people on Discord or Slack or Telegram for me? What if it makes a mistake? What if someone abuses it?"
I don't understand the purpose and I don't place arbitrary trust into AI stuff. I'm not even being a hater, I can't wrap my head around this thing conceptually.
> be me
> snuggling with baby boy
> best feeling in world
> happy to be a Dad
> fall asleep
> sort of wake up
> feel baby boy wiggling
> "haha hes getting comfy"
> feel pressure on my eyes
> wtf
> move head a little
> feel pressure on eyes
> wake up
> open eyes
> baby boy staring straight into my soul
> hes breathing heavy
> trying to shove his little fingers in my eye sockets
> wtf.exe
> "what are you doing???"
> he laughs
> puts his fingers up my nose
> move head
> he laughs
> he leans in
> bites my face
> ????
Chat, my hair is thinning super bad on top. It's all over for me. In as soon as 10 years I will look like this:
Читать полностью…
Last time on Dragon Ball Z: Paragon employees accidentally unveiled the GRAPHITE spyware panel to the world when taking selfies for LinkedIn.
GRAPHITE is spyware sold to governments to perform espionage on targets.
Paragon has officially commented on the matter by stating the OPSEC mistake was a "tiny price to pay, in relation to the contribution of female empowerment".
Paragon, what the fuck are you talking about???
Individuals at Google, META, Discord, and Reddit have anonymously shared information with the New York Times regarding the United States Department of Homeland Security issuing subpoenas on individuals who track and criticize ICE.
The United States government is wanting information in individuals such as private messages, phone numbers, e-mails, etc.
The New York Times confirmed the validity of the subpoenas after receiving several copies which the tech companies received.
If the tech companies decide to comply with the subpoena, the individuals are alerted and have 14 days to fight the United States government in court.
The United States Department of Homeland security did not immediately respond to all questions from the New York Times. However, they assert they have "broad administrative subpoena authority" and the subpoenas are designed to ensure ICE agents remain safe in the field.
Sometimes I think about the time some people from this group called QAnon accused me and ThugCrowd of being a Biden psyop to put people in "FEMA concentration camps".
It's been years and I'm still confused by it.
That guy who made OpenClaw is now working at OpenAI.
What does this mean? Probably nothing.
What does it mean if you're an AI hype bro? This. Changes. Everything. Subscribe to my newsletter
I have some cool malware proof of concepts I'm working on. They're pretty cool and kind of undocumented.
My problem is I have carpal tunnel and (playful) amounts of nerve damage.
I need someone to lend me their hands. Give me your hands.
How do I install Windows Defender on Kali Linux?
Читать полностью…
Last week two of my posts regarding Epstein exceeded 100,000 likes. One of the posts I made exceeded 200,000 likes.
In the spirit of full disclosure, it resulted in an X payment of over $3,000.
Half you stinky fucking nerds would fold immediately. You'd know it's a spy too, you'd be like, "fuck it, I don't give a shit".
Читать полностью…
> wake up
> take a shit
> get out of bed
> check computer
> OMFG
Chat, it's a big Friday. We got lots of schizo shit to discuss today. I've got to make at least 4 posts about all the shenanigans
Yeah, so pretty much that whole Windows 11 Notepad RCE thing was ridiculously stupid. Like, it was so dumb it kind of hurts.
Windows 11 Notepad, with the fancy Copilot AI slop, now possesses the ability to handle mark up, or markdown, ... It's mark something, the stuff used in ReadMes. Whatever.
Anyway, a security researcher realized that if you used markup in Notepad and instead of a hyperlink to a website with https:// you put file:// (the protocol on Windows for files, like in file explorer), it will arbitrarily execute it. It won't prompt you.
Furthermore, he realized you could specify a remote host to execute it from using a different Microsoft specific protocol used for app installation. In other words, if you user clicked the hyperlink in Notepad it would download and run a program from any website ... without alerting the user.
Normally, any sort of hyperlink that leads to a different domain, or tries to execute a file, is supposed to prompt you with an alert message, ... or something. However, Microsoft software engineers seemingly forgot to implement this notification Window.
With this attack vector which has been present for AT LEAST 9 months, a malicious actor could send a .txt file and if the user clicked the link inside the .txt file it would automatically execute and run anything specified in the hyperlink.
Even more silly, forensically under the hood, the logs on Windows, or to an anti malware service, it would look like Notepad was downloading something and then running a program. This is a very unique scenario which (to the best of my knowledge) no security product has encountered before. This could hypothetically result in files being downloaded and executed and being completely ignored by anti malware services because Notepad is a known and trusted program. Why would an anti malware service question Notepad?
Basically, the point I'm trying to get to here is that I don't understand why Microsoft has introduced so many new features into Notepad. With new features means a new attack landscape (more stuff to abuse).
Whatever man
Sinobi ransomware group: GIVE US $10,000,000 OR WE'RE GOING TO LEAK ALL OF YOUR FUCKING DATA
(Halcyon AI is trying to politely inform them they're extorting the wrong company)
I read about OpenClaw.
I still don't understand the purpose. Can someone seriously explain to me the purpose of this AI assistant? I reviewed the different "skills" it offers and it makes literally zero sense.
This can be used to automate ... messages to other people? Like on Slack, or Discord, or Telegram? Check the weather? Do stuff with Stripe? I don't understand the purpose.
Why would I need something to automatically deal with instant messaging clients? Am I missing something? Even if you don't NEED it, why would you WANT it?
I DON'T UNDERSTAND
The Windows COM (Component Object Model) at first glance seems like a nightmare, primarily because it's so poorly documented, but once you get the hang of it, it makes complete sense.
Once you get the hang of it you see all the possibilities for malware or evasion. It's a rich environment with tons of super cool and unexplored concepts. You feel like an archeologist exploring the decaying insides of the Windows Operating System.
Another problem, in my opinion, is Windows does such a piss poor job explaining how it works. They provide these massive fuck off documents, but most of it is noise and will rarely apply to what you're actually wanting or needing.
Overall I give the Windows COM three (3) cat pictures because it's such a cool technology. However, I will subtract three (3) cat pictures because newer components of Windows irritate me.
Dawg, you're selling fucking spyware to governments to spy on people who criticize the government or oppose them. What the fuck does female empowerment have to do with this? What the fuck kind of virtue signaling misdirection bullshit is this
Читать полностью…
I did not link directly to the article because it is paywalled (as is tradition). If you're a person who bypasses paywalls, or have a subscription to the New York Times, can you read about it here:
https://www.nytimes.com/2026/02/13/technology/dhs-anti-ice-social-media.html
Yes, this is why RAM prices are expensive
Yes, I am part of the problem
No, I don't care. If the normies can make dumb AI dance slop I can consume silly kitty cat AI slop.
Being an AI hype bro and a crypto bro at the same time is like mixing Fentanyl with Xanax
Both will ruin your life and probably kill you
I've updated my personal website malwaresourcecode.com.
I've added new ways to do the following:
- CaplockString
- CopyMemory
- StringCompare
- StringConcat
- StringLength
- ZeroMemory
You're probably thinking, "why do i give a fuck about this? this all standard crt stuff". The answer is: "idk lol". I like exploring different ways to do things. It is interesting to me.
I'm currently working on a way to download files from a remote host using NdrClientCall3 (RPCs with IBackgroundCopyJob) and ended up falling down a weird rabbit hole.
Maybe you'll find it mildly interesting, maybe you're rolling your eyes because it is kind of goofy to find seven different ways to zero fill a buffer.
But is it goofy I have 18 different ways to hash a string? Yes, it is still goofy, but I admire it for some reason.
Cheers,
Hello,
If you're a tiny person living inside my computer, and also by chance like malware, I have added more malware to malware city.
Approx. 250,000 malwares have been added. I also added some more malware analysis stuff. More stuff is coming.
https://vx-underground.org/Updates
While this is a pretty penny, I like to imagine how much money controversial or politically charged accounts make. If they can make a few big posts a month then they're set.
Читать полностью…
Spoke with normal people today.
Within the first couple of minutes I realized I'm a degenerate no life who is completely detached from reality
They discussed foreign concepts such as, "plans this weekend" and "sports".
They asked me about "plans this weekend" and "sports". I froze. I could barely make sense of these concepts.
Using context clues I was able to string together a few sentences which seemed to throw them off my scent. I said something akin to, "Not a fan of Tiger Woods, but the Dow Jones is over 50,000".
Mission accomplished.
The United States Military made a post today on social media about spies.
/me taps sign
Big big drama today in Cybersecurity world. A cybersecurity company is faced with telling the truth, or using "softer language" to avoid losing money or (worse case scenario) employees disappearing
See subsequent post for the full news article. Here is the drama summary
> be palo alto
> have threat intel division named unit42
> unit42 finds hacking campaign
> calls it "shadow campaign"
> attribute hacking campaign to chinese government
> palo alto executives see report
> suggest remove attribution to china
> new suggestion appears
> "state-aligned group that operates out of Asia"
> original draft given to reuters
> lolwtf
> backup, rewind
> January 2026 china say palo alto bad
> palo alto worried about china government
> palo alto have employees in china
> palo alto have five offices in china
> vp lady from palo alto emails journalists
> "not worried about china lol"
> ask why change then
> VP: "attribution is irrelevent"
> ask if scared of china
> VP: "speculative and false"
> ask why change (again)
> VP: "Choice of language in Palo Alto's report reflected how to best inform and protect governments about this widespread campaign"
> ???
It's 2026 and now defenders need to unironically worry about malicious text files.
Nothing is sacred.
I planned on making educational YouTube videos, but with full time employment, a 10 month old baby (about to be 11 months in a few days!), the rest of my family, a vx-underground, work developing malware and poking malware with a stick, I can't summon the energy to make dumb videos on malware.
I'm soft blooded.
When I'm not working, my brain is so deep fried and exhausted I unironically watch Elder Scrolls lore videos and dumb videos on internet drama.
I don't have any friends in real life, they're all far away or married with children too. My entire existence is working or caring for a baby.
It's not bad, I love it. I'm very happy.
But... God damn am I tired. I'm so tired and I don't even really remember the last time I was able to relax. It's unironically been years since I wasn't working in some capacity. At this point, I don't even know if I know how to relax. When I'm not doing malware stuff, I feel compelled to do malware stuff.
It's all ogre.
I don't expect any of you to give a shit. But I wanted to scream into the void of internet.
Thanks.
dawg, if youre going to be an internationally wanted cybercrime organization involved in extortion, money laundering, aggravated identify theft, CFAA violations, etc AT LEAST extort the right people
how you gonna extort someone you have no data for???