40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
Lots of drama happening on the internet today, but I've got work tomorrow and my baby boy is super fucking grumpy today.
He's mad at me that HE shit HIS pants. How is that my fault?
Serious post. Not memeing.
I've had people DM me about OSINT stuff, exposing alleged or potential Threat Actors. While I appreciate the information, and it's interesting to see, I am EXTREMELY cautious discussing it publicly.
I am deathly afraid that, if in the event the OSINT is wrong, I am exposing the wrong person to 480,000 people (X and Telegram).
To put that into perspective, the attached image is Michigan Stadium a/k/a "The Big House". It sits approximately 107,000 people. That image is approximately 107,000 people.
My audience is that stadium MULTIPLED BY 4 (technically 4.48, whatever).
Imagine being bamboozled, framed as the wrong guy, in front of 4.5 "Big House" stadiums. That has the potential to seriously fuck up someone's life.
tldr innocent until proven guilty in the court of law. If it's in the court system I'm more likely to discuss it.
Regular ass people should 100% use an anti-virus.
Malware plagues the normies. It's like shooting fish in a barrel. Using SOMETHING is better than NOTHING.
Dawg, these normies are detonating cat_picture.jpeg.exe. They need all the help they can get
No disrespect though
Had a Threat Actor ask for an anti-virus recommendation
DAWG, YOU ARE THE THREAT. WHY DO YOU NEED AN AV?
Meta intends on laying off 10% of it's employees on May 20th. Meta is expected to terminate an additional 10% at a later (currently undetermined) date.
In total, Meta plans on terminating 20% of its employees. Reasons cited is both AI efficiency and raising costs of AI
vx-underground turns 8 years old next month.
What does the future hold?
- Collect malware
- Collect malware papers
- Collect malware source code
- Discuss malware on social media
- Post memes on social media
- Cybercrime TMZ on social media
Nothing will change
Oh, if you didn't know, there is a game trending in Japan right now where you brush the kitty without making it mad
https://byeorisim.itch.io/brush-jjaemu
But for real, in C# it's cake
https://learn.microsoft.com/en-us/windows/apps/develop/notifications/app-notifications/adaptive-interactive-toasts
Say what you want about TeamPCP, but they have certainly made attribution much easier.
I can't recall a time a Threat Group specified the malware campaign and malware delivery mechanism that resulted in a compromise.
Is TeamPCP lying about how how they compromised these organizations? Is it the result of a different malware campaign? Did they actually steal internet projects and "secrets" from S&P Global? How bad is the Guesty compromise? Will these companies succumb to the ransom demands? What the fuck does PCP stand for in this context? Is TeamPCP suggesting they're addicted to Phencyclidine a/k/a Angel Dust?
Find out on the next action packed episode of Dragon Ball Z
A long, long, long time ago I read a paper on how the United States Central Intelligence Agency intentionally introduced conflict, distrust, and resentment into the inner circle of Julian Assange.
Being unable to physically touch him, they had hoped if they made his life chaotic enough he would commit suicide.
Knowing that the CIA will do this... it makes me wonder if the Federal Bureau of Investigation (or other law enforcement agencies) intentionally inject conflict into the circles of Threat Actors.
I can't even count how many times I've seen Threat Actors have conflicts with other Threat Actors on forums, chatroom, social media, etc. Ultimately, this conflict does very little for Threat Actors except fog their logic and result in poor decision making.
tl;dr I wonder if the FBI unironically just sits there, talking shit, making up fake drama, hoping the criminals betray the other criminals, or make an OPSEC mistake
What's the matter? Scared? Don't want to give Sam Altman your poop? I guess you're not a real hacker
Читать полностью…
I was pretty busy today. From what I saw when skimming the internet:
- More AI hot takes
- More laws about age verification
- Arguments about age verification
- Some cool new malware found
- Drama about fake ledger in Apple Store
- PUBG CEO used ChatGPT for business advice
- More malware stuff
- Malware AI slop
- Booking dot com drama, even though it's been poop forever
- More web compromises
- Kraken being extorted
- GitHub stars as a service
- Something about CloudFlare and OpenAI
- Something with malicious FireFox extensions
- Google hires Philosopher for AI
- Vulnerable AV drivers from China
Did I miss anything or am I good?
Please remember me as man who tried his best and really enjoyed pictures of silly kitty cats.
I'm ready now. I'm at peace. The gamers will now call me a retard and the N-word for an eternity.
BREAKING: New intelligence from the United States Department of War suggest cars go all like VRRROOOOOM, SKRRRT, and PFFFTBLOOOOSH.
Donald Trump is being briefed on the situation now.
> Not really real ShinyHunters
> Claims to have compromised Vercel
> Real ShinyHunters say "wtf that's not me"
> Impersonator ShinyHunters says stole source code, customer data, databases etc
> Vercel makes security bulletin
> Announces compromise
> Real ShinyHunters "wtf that's not us tho fr"
1. WHO EXTORTS SOMEONE ON A SUNDAY
2. 200iq move to blame ShinyHunters for compromise
3. 400iq move if ShinyHunters made fork of ShinyHunters claiming to be impersonator ShinyHunters to convince everyone the fake ShinyHunters are impersonating ShinyHunters, but it was actually ShinyHunters being the fake ShinyHunters all along
4. Lots of cybercrime drama right now, but ITS SUNDAY. Dawg, WAIT UNTIL LIKE TUESDAY OR SOMETHING. Smdh
Was visiting family today, many of these family members are significantly younger than me.
After spending the day with teenagers I have learned the following:
1. They're stinky, like actually stinky, no idea why they're so stinky
2. They have a completely distorted sense of reality. It's heartwarming. They genuinely believe they'll all succeed in life. They have yet to have a friend die in a violent car accident, get PTSD from the military, or get addicted to fentanyl. It's incredible.
3. I have no idea who they listen to for musicians. I don't know any of the artists they recommended. Some of the songs they shared I enjoyed, but I have literally never heard of these people before
4. YouTube, TikTok, and SnapChat are the most important things in the world. If you end a streak on SnapChat you've basically betrayed them at a fundamental level.
5. They are far more inclusive than my generation. It is deemed "edgy", "cringe", and "you're actually not funny" for mocking someone based on age, sex, religion, sexual orientation, or disability.
6. Baggy clothing is immensely popular, particularly jeans that seem almost like bell-bottoms.
7. For some reason "I'll tickle you" is a saying. I don't understand why. Specifically in the context of P. Diddy.
I don't use an anti-virus.
If I detonate malware on my machine (which I have several times) I yank the CAT cable and then let out an audible and dramatic sigh.
As of early 2026, Meta reported having over 78,000 employees.
Over 15,000 people will lose their jobs.
I planned on quiting at 10 years, but at this point I can't imagine my life without vx-underground.
Maybe I'll consider quiting at 20 years.
A person arrested name Angel Almeida in currently in court for his ties to Child Sexual Abuse Material.
He is alleged to be involved in an online group called 764.
I am not a lawyer, but I do not believe what he said in court will work in his favor
My friend and I spent three hours bonking this dumb game with a stick. Truthfully, I know almost nothing about WASM, or web-browser stuff, so someone way better at web stuff could have done it faster (and more intelligently).
Regardless, I am happy with kitty cat brush game
Another zero day exploit released by some nerd (can't remember name right now) because they're annoyed with Microsoft. It's been confirmed by other nerds. It is yet another legit zero day. Whew.
https://github.com/Nightmare-Eclipse/RedSun
Yeah, so basically I'm trying to make my own "ClickFix" but for Windows binaries by abusing the Windows Runtime, Component Object Model, and whatever Windows grants me from a limited user profile (see attached image)
I saw some research on Windows Toast Notifications by Panos Gkatziroulis, but their paper and code was in C# and Powershell. Their technique displayed a fake update and directed the user to a website which then did ClickFix
So it's like, WindowsClickFix -> ClickFix
I said, "wtf? why not just run program there?"
It turns out you can, it's totally possible and well documented for something like C#. Making a simple notification on Windows which impersonates Windows Defender and runs a .exe (or whatever) is pretty shrimple. But.... there is a massive asterisk next to shrimple because it requires some* pain and suffering.
In extreme summary, need to do registry entries so Windows knows where to send Toast stuff to. In C# or Powershell this is still relatively simple, just kind of annoying. In C, it still isn't too bad.
Unfortunately, I am a person who knows only pain. I didn't want to do C#, or .NET, or do anything with WindowsRT the way Windows wants you to. I said, "well, I've done WinRT in C before, why not do this in C?" Why not make something mildly annoying 200% more difficult?
It has been a challenge. I decided to do EVERYTHING with the WinRT / COM. I didn't want to make ANY WinAPI invocations omit RoInitialize (technically CoInitializeEx).
In the attached image I've successfully impersonated Windows Security. However, "update" doesn't work the way I'd like to. The easiest thing to do in this scenario is trying to abuse a Windows Scheme URI. Unfortunately, WinRT sandboxes and prevents FILE://, and I can't find a URI to abuse to deliver file execution (I tried).
I assume the inability to find a Windows URI to abuse for file execution is why the original authors ended up doing ToastNotification -> ClickFix. Making the Toast Notification go to a web domain is extremely easy. You literally can just specify "button go to website ooga booga" and that's it.
Because I couldn't find a URI to execute a binary my only option left is using INotificationActivationCallback. Basically, I have to register my malicious code in the registry to receive Toast Notification callbacks. When "Update" is clicked my binary is notified and appropriate action is taken.
Again, this is all totally normal functionality, but it's being used for social engineering. The only caveat here is I am trying to do it as painful and convoluted as possible. I have the general layout done... it's just typing out the code and debugging. It's tiring.
I also planned on stripping the headers and making the binary as lightweight as possible. Why? I have no idea. It is totally unnecessary and ass backward logic.
Day Two of working on really silly malware proof-of-concept.
Is there an easier way to write this code? Yes.
Is it worth investing this much effort into? Probably not, no
Is it a lot of fun bonking Windows with a stick and reading obscure documentation? Yes
Am I a cat? No
ok but fr tho, memes aside, while i personally wouldnt do this, them using a system of trust like this to give nerds more ai for their ai gwump probably isnt a terrible idea.
if youre a regular stinky nerd, this is probably no different than giving linkedin all your poop anyway
Oh yeah? You're a "hacker"? Prove it. Send a stool sample and a copy of your Birth Certificate to Sam Altman.
https://x.com/OpenAI/status/2044161906936791179
> ramp up cyber defenses
> look inside
> change password to include !
> pay for nord vpn (protects from hackers)
> re-up norton antivirus subscription
> ask 7 year old nephew for help with ipad
we are cybersecurityied now dawg
It appears I have made a series of mistakes when reviewing some of the financial data from RockStar Games.
What does this mean? I've spread misinformation and I will be burned at the stake by gamers.
It was nice knowing all of you
I am absolutely sickened by the amount of money Grand Theft Auto V Online makes
Читать полностью…