40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
I made a post about the Vercel compromise thingy.
Moments after I clicked send a few of my colleagues involved in DFIR stuff corrected me on the details.
IM AFK SPENDING TIME WITH MY SON FOR A FEW HOURS AND SUDDENLY "OoOh MoRe DeTaIls HaVe EmeRgED".
tl;dr vibe coding thingy does a misconfiguration (again) bamboozling everyone (again). cybersecurity is dead and for nerds
https://x.com/weezerOSINT/status/2046170666131669027
Oh, and with the nature of compromises, we can always expect a sudden and dramatic anime plot twist at any given moment.
I've seen large compromises swing good-then-bad in just hours. Later today all hell could break loose, or maybe nothing will happen and this will be a distant memory.
Insert Dragon Ball Z episode meme thingy here, I can't find it right now
Lots of drama happening on the internet today, but I've got work tomorrow and my baby boy is super fucking grumpy today.
He's mad at me that HE shit HIS pants. How is that my fault?
Serious post. Not memeing.
I've had people DM me about OSINT stuff, exposing alleged or potential Threat Actors. While I appreciate the information, and it's interesting to see, I am EXTREMELY cautious discussing it publicly.
I am deathly afraid that, if in the event the OSINT is wrong, I am exposing the wrong person to 480,000 people (X and Telegram).
To put that into perspective, the attached image is Michigan Stadium a/k/a "The Big House". It sits approximately 107,000 people. That image is approximately 107,000 people.
My audience is that stadium MULTIPLED BY 4 (technically 4.48, whatever).
Imagine being bamboozled, framed as the wrong guy, in front of 4.5 "Big House" stadiums. That has the potential to seriously fuck up someone's life.
tldr innocent until proven guilty in the court of law. If it's in the court system I'm more likely to discuss it.
Regular ass people should 100% use an anti-virus.
Malware plagues the normies. It's like shooting fish in a barrel. Using SOMETHING is better than NOTHING.
Dawg, these normies are detonating cat_picture.jpeg.exe. They need all the help they can get
No disrespect though
Had a Threat Actor ask for an anti-virus recommendation
DAWG, YOU ARE THE THREAT. WHY DO YOU NEED AN AV?
Meta intends on laying off 10% of it's employees on May 20th. Meta is expected to terminate an additional 10% at a later (currently undetermined) date.
In total, Meta plans on terminating 20% of its employees. Reasons cited is both AI efficiency and raising costs of AI
vx-underground turns 8 years old next month.
What does the future hold?
- Collect malware
- Collect malware papers
- Collect malware source code
- Discuss malware on social media
- Post memes on social media
- Cybercrime TMZ on social media
Nothing will change
Oh, if you didn't know, there is a game trending in Japan right now where you brush the kitty without making it mad
https://byeorisim.itch.io/brush-jjaemu
But for real, in C# it's cake
https://learn.microsoft.com/en-us/windows/apps/develop/notifications/app-notifications/adaptive-interactive-toasts
Say what you want about TeamPCP, but they have certainly made attribution much easier.
I can't recall a time a Threat Group specified the malware campaign and malware delivery mechanism that resulted in a compromise.
Is TeamPCP lying about how how they compromised these organizations? Is it the result of a different malware campaign? Did they actually steal internet projects and "secrets" from S&P Global? How bad is the Guesty compromise? Will these companies succumb to the ransom demands? What the fuck does PCP stand for in this context? Is TeamPCP suggesting they're addicted to Phencyclidine a/k/a Angel Dust?
Find out on the next action packed episode of Dragon Ball Z
A long, long, long time ago I read a paper on how the United States Central Intelligence Agency intentionally introduced conflict, distrust, and resentment into the inner circle of Julian Assange.
Being unable to physically touch him, they had hoped if they made his life chaotic enough he would commit suicide.
Knowing that the CIA will do this... it makes me wonder if the Federal Bureau of Investigation (or other law enforcement agencies) intentionally inject conflict into the circles of Threat Actors.
I can't even count how many times I've seen Threat Actors have conflicts with other Threat Actors on forums, chatroom, social media, etc. Ultimately, this conflict does very little for Threat Actors except fog their logic and result in poor decision making.
tl;dr I wonder if the FBI unironically just sits there, talking shit, making up fake drama, hoping the criminals betray the other criminals, or make an OPSEC mistake
What's the matter? Scared? Don't want to give Sam Altman your poop? I guess you're not a real hacker
Читать полностью…
I owe a nerd a favor, so I guess I'll be doing a talk at Georgia Tech ... either this Thursday or next Tuesday, depending on how their e-mail chain is filtered because I can't tell.
Either way, if you're at Georgia Tech, I'll be doing a schizo rant about malware
> be lovable
> worth 5 billion dollars
> big startup in EU
> vibe coding app thingy
> coding is for nerds, vibe code is cool and badass
> early march weezerOSINT reports bug
> "can see everyones prompts and stuff lol"
> image 1 is it thinking stuff
> lovable replies
> image 2 hackerone stuff
> "duplicate lol but ya misconfigured firebase stuff"
> acknowledges
> half-fixes, only fixes NEW projects
> old projects still free real estate
> used by nvidia, microsoft, uber, spotify, etc
> make free lovable account
> make api call and ask for stuff
> image 3 is lovable giving free stuff stuff
all images from weezerosint. subsequent post is full thread on the anime
Instead of commenting on both these posts, or individually quoting tweeting mattjay and thedawgyg, I'll just make a general comment.
However, as is tradition with any compromise, the details are fuzzy and the truth likely resides somewhere in the middle of all of the chaos.
Here is everything I know:
1. The VERCEL compromise is real.
2. VERCEL publicly confirmed the compromise
3. The compromise was initially posted on BreachForums-dot-ai
4. Internet nerds say BreachForums-dot-ai IS NOT the real BreachForums
5. Other internet nerds say BreachForums-dot-ai is the NEW and REAL BreachForums
6. There has been, to the best of my knowledge, EIGHT different iterations of BreachForums and/or RaidForums with various takedowns and ownership changes.
7. What is "real" BreachForums and "fake" BreachForums is ambiguous due to the number of takedowns, ownership changes, and Threat Actors competing to be the top place to share, sell, or barter stolen data.
8. An account on BreachForums-dot-ai named "ShinyHunters" initially posted the VERCEL compromise there.
9. ShinyHunters extortion group went on Telegram asserting they're NOT responsible for the VERCEL compromise and it is someone else impersonating them. They do not know who the impersonator is.
10. It is (currently) unknown how much data is stolen, what is stolen, who is impacted, etc. While VERCEL claims a small portion of customers were impacted, VERCEL likely has hundreds of thousands of customers. "Small" in the context is over 100,000 people and/or customers is ambiguous. Hypothetically, is 100 small? 200? 1,000? 10,000? What is "small"?
11. Screenshots have been circulating online of impersonator ShinyHunters demanding $2,000,000 from VERCEL in payments of $500,000. However, it is not known if these are real, fake, or doctored images.
12. It is speculated online the compromise was the result of an employee at VERCEL having their employee panel compromised. However, this can be modified OR a screenshot from lateral or vertical movement. The initial access vector is unknown
tl;dr lots of internet nerds arguing, lots of speculating, lots of accusations with little hard-hard evidence, it is Sunday. I like pictures of cats.
> Not really real ShinyHunters
> Claims to have compromised Vercel
> Real ShinyHunters say "wtf that's not me"
> Impersonator ShinyHunters says stole source code, customer data, databases etc
> Vercel makes security bulletin
> Announces compromise
> Real ShinyHunters "wtf that's not us tho fr"
1. WHO EXTORTS SOMEONE ON A SUNDAY
2. 200iq move to blame ShinyHunters for compromise
3. 400iq move if ShinyHunters made fork of ShinyHunters claiming to be impersonator ShinyHunters to convince everyone the fake ShinyHunters are impersonating ShinyHunters, but it was actually ShinyHunters being the fake ShinyHunters all along
4. Lots of cybercrime drama right now, but ITS SUNDAY. Dawg, WAIT UNTIL LIKE TUESDAY OR SOMETHING. Smdh
Was visiting family today, many of these family members are significantly younger than me.
After spending the day with teenagers I have learned the following:
1. They're stinky, like actually stinky, no idea why they're so stinky
2. They have a completely distorted sense of reality. It's heartwarming. They genuinely believe they'll all succeed in life. They have yet to have a friend die in a violent car accident, get PTSD from the military, or get addicted to fentanyl. It's incredible.
3. I have no idea who they listen to for musicians. I don't know any of the artists they recommended. Some of the songs they shared I enjoyed, but I have literally never heard of these people before
4. YouTube, TikTok, and SnapChat are the most important things in the world. If you end a streak on SnapChat you've basically betrayed them at a fundamental level.
5. They are far more inclusive than my generation. It is deemed "edgy", "cringe", and "you're actually not funny" for mocking someone based on age, sex, religion, sexual orientation, or disability.
6. Baggy clothing is immensely popular, particularly jeans that seem almost like bell-bottoms.
7. For some reason "I'll tickle you" is a saying. I don't understand why. Specifically in the context of P. Diddy.
I don't use an anti-virus.
If I detonate malware on my machine (which I have several times) I yank the CAT cable and then let out an audible and dramatic sigh.
As of early 2026, Meta reported having over 78,000 employees.
Over 15,000 people will lose their jobs.
I planned on quiting at 10 years, but at this point I can't imagine my life without vx-underground.
Maybe I'll consider quiting at 20 years.
A person arrested name Angel Almeida in currently in court for his ties to Child Sexual Abuse Material.
He is alleged to be involved in an online group called 764.
I am not a lawyer, but I do not believe what he said in court will work in his favor
My friend and I spent three hours bonking this dumb game with a stick. Truthfully, I know almost nothing about WASM, or web-browser stuff, so someone way better at web stuff could have done it faster (and more intelligently).
Regardless, I am happy with kitty cat brush game
Another zero day exploit released by some nerd (can't remember name right now) because they're annoyed with Microsoft. It's been confirmed by other nerds. It is yet another legit zero day. Whew.
https://github.com/Nightmare-Eclipse/RedSun
Yeah, so basically I'm trying to make my own "ClickFix" but for Windows binaries by abusing the Windows Runtime, Component Object Model, and whatever Windows grants me from a limited user profile (see attached image)
I saw some research on Windows Toast Notifications by Panos Gkatziroulis, but their paper and code was in C# and Powershell. Their technique displayed a fake update and directed the user to a website which then did ClickFix
So it's like, WindowsClickFix -> ClickFix
I said, "wtf? why not just run program there?"
It turns out you can, it's totally possible and well documented for something like C#. Making a simple notification on Windows which impersonates Windows Defender and runs a .exe (or whatever) is pretty shrimple. But.... there is a massive asterisk next to shrimple because it requires some* pain and suffering.
In extreme summary, need to do registry entries so Windows knows where to send Toast stuff to. In C# or Powershell this is still relatively simple, just kind of annoying. In C, it still isn't too bad.
Unfortunately, I am a person who knows only pain. I didn't want to do C#, or .NET, or do anything with WindowsRT the way Windows wants you to. I said, "well, I've done WinRT in C before, why not do this in C?" Why not make something mildly annoying 200% more difficult?
It has been a challenge. I decided to do EVERYTHING with the WinRT / COM. I didn't want to make ANY WinAPI invocations omit RoInitialize (technically CoInitializeEx).
In the attached image I've successfully impersonated Windows Security. However, "update" doesn't work the way I'd like to. The easiest thing to do in this scenario is trying to abuse a Windows Scheme URI. Unfortunately, WinRT sandboxes and prevents FILE://, and I can't find a URI to abuse to deliver file execution (I tried).
I assume the inability to find a Windows URI to abuse for file execution is why the original authors ended up doing ToastNotification -> ClickFix. Making the Toast Notification go to a web domain is extremely easy. You literally can just specify "button go to website ooga booga" and that's it.
Because I couldn't find a URI to execute a binary my only option left is using INotificationActivationCallback. Basically, I have to register my malicious code in the registry to receive Toast Notification callbacks. When "Update" is clicked my binary is notified and appropriate action is taken.
Again, this is all totally normal functionality, but it's being used for social engineering. The only caveat here is I am trying to do it as painful and convoluted as possible. I have the general layout done... it's just typing out the code and debugging. It's tiring.
I also planned on stripping the headers and making the binary as lightweight as possible. Why? I have no idea. It is totally unnecessary and ass backward logic.
Day Two of working on really silly malware proof-of-concept.
Is there an easier way to write this code? Yes.
Is it worth investing this much effort into? Probably not, no
Is it a lot of fun bonking Windows with a stick and reading obscure documentation? Yes
Am I a cat? No
ok but fr tho, memes aside, while i personally wouldnt do this, them using a system of trust like this to give nerds more ai for their ai gwump probably isnt a terrible idea.
if youre a regular stinky nerd, this is probably no different than giving linkedin all your poop anyway
Oh yeah? You're a "hacker"? Prove it. Send a stool sample and a copy of your Birth Certificate to Sam Altman.
https://x.com/OpenAI/status/2044161906936791179