40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
Lore: https://x.com/vxunderground/status/2014400182507733013
Читать полностью…
I was looking at AI cat slop on OpenAI Sora (I have literally nothing going on in my life). It says you can make yourself a "character" and do prompts for yourself, or insert yourself into other prompts.
I was like, "lol wtf ok ill try it". Sora makes you turn your head to the left, look up, then say 3 different numbers.
It "scanned me" and "generated" my character. Then I asked it to make a silly video of me.
Dawg, from the left side of my face, me looking up, and saying 3 different numbers, this AI shit perfectly AI slopped me. I got my body type right, my voice mannerisms right, my facial hair, ... basically everything.
I feel like a paranoid schizophrenic now. All someone needs is your face looking to the left, you looking up, and just a few words, and they can just ... make up shit about you? What the fuck?
I'm like, what if they use this shit to frame you for crimes? Do I sound like a crazy person right now?
Don't do this. Don't make this mistake. Do something cooler. Listen to your peers when they recommend reviewing other peoples research.
https://malwaresourcecode.com/home/my-projects/proof-of-concepts/dont-code-like-this-https-post-and-get-with-position-independent-windows-sockets
I just randomly remembered when this lady was awarded some University scholarship for her contributions to the Linux kernel.
They noted she had made several hundred (or several thousand, I can't remember) contributions to the Linux kernel and her work, which she did in her free time, made a real world impact, or something.
They then took a photo the lady, some fancy presenter is giving her this fancy looking thingie.
Open source nerds reviewed her GitHub and discovered she went through and added "static" in front of thousands of variables. Alternatively, she would make small changes to how code appeared to improve legibility.
Nerds were absolutely enraged. They were screaming in the comment section. They hated her guts.
Meanwhile, I'm thinking to myself, "damn, that's a really good way to pad your resume". Yeah, this lady probably isn't a 1337 Linux internals science brain, but she has the fancy words on fancy paper now which allow her to open doors to fancy places.
Thanks for the trip down memory lane.
You're now breathing manually.
You're now blinking manually.
You've been bamboozled.
Keep scrolling, nerd.
I made an interesting discovery when I installed the OpenAI app "Sora".
Maybe everyone is aware of this, and I live under a rock, I don't know. But, Sora is premium real estate for fraudsters and scammers. It's evident when you install it.
I installed the app out of curiosity. I wanted to look at more silly kitty cat AI slop. Unfortunately, the app doesn't have good search functionality so you can't just search "silly cat slop". The app does possess a "latest" feed which displays, presumably in real time, the latest "creations" on Sora.
The "latest" feed is overflowing with prompts in Mandarin. It's hundreds upon hundreds of product advertisements.
Basically, scammers and fraudsters are using Sora to make fake advertisements, make them appear real with AI watermarks and fake AI slop celebrity endorsements, then use 3rd party tools to download the video and remove the watermark.
Is this surprising? No.
Was I aware this was being performed on Sora? No.
I think it's interesting because Sora is free. It also is a crystal clear illustration of Bad Actors abusing AI generated content to scam others.
im so old my favorite musicians have children who are musicians
its all ogre
It appears some cryptocurrency nerds have unironically made a vx-underground cryptocurrency coin-thing (I have no idea how this works).
They've performed some sort of nerd analysis and have concluded I am an ideal candidate for something, I don't know (see attached image for their nerd analysis).
What does this mean? Nothing.
I don't trust magic internet money. I'm not going to authenticate my social media profile to cryptocurrency websites. I'm not going to do anything.
Feel free to use the weird cryptocurrency thing, or don't, I don't care
I'm not a financially motivated person, I don't intend to "claim" the cryptocurrency coin. I don't intend on "getting the bag". I am going to resume work on collecting malware, coding, and posting silly pictures of kitty cats.
Enjoy your Wednesday
The last thing you see before you leak state secrets to the Kremlin
Читать полностью…
I need to admit something I'm ashamed of.
I have a deep love for silly cat AI slop. I know it's slop. I know RAM sticks cost $156,000 and require a small business loan. I know it's not real.
... it's just so silly. Look at this fuckin thing
just received an email from my ISP saying downloading illegally is illegal
Wtf since when???
My post about the Russian dude visiting North Korea has escaped my core audience and I've got a bunch of random people being like, "PfffT tHaT dIdNt HaPpEn"
What the fuck?
Do you think I'm some kind of anti-North Korean account and I'm dedicating my free time to anti-North Korean posts?
Why would I (or anyone for the matter) go out of their way to lie about something visually documented on YouTube?
Whenever I didn't IMMEDIATELY respond for requests to a link for the video, people began being like, "sEe? iT dIdNt HaPpEn!". Yeah, bro. Let me drop everything I'm doing with my work, and my family, to argue with you fucking dorks on the internet.
I know I shouldn't be this annoyed... but there has been a few occasions now where when I mention North Korea I've got a bunch of schizos trying to disprove anything remotely critical of North Korea. I can't tell if it's unironically a psyop or deranged basement dwellers.
Here's the video, you jackass:
https://www.youtube.com/watch?v=inebLA3HqPo
I was watching this YouTube video of this Russian dude who traveled to North Korea to go sightseeing.
North Korea is notoriously strict on what visitors can and cannot do. Throughout most of the trip he risked his own safety by illegally filming around North Korea on his cell phone.
At one point during the trip he managed to sneak away from his appointed North Korean tour guide. He approached a group of people sitting down, ... just kind of hanging around ..., doing something.
They were very friendly to him.
During the conversation he asked them what they'd like to do in the future. One of the men said, "I hope some day to travel. I really want to see Yugoslavia"
The fuckin' Russian guy looked at him like this when he said "Yugoslavia"
My baby boy is the difficult age where he is learning several things simultaneously:
- How to grow teeth
- How to crawl
- Proto-communication
If you've never had a child, around 7 - 9 months (or later, each baby is different, but that's the average-average) babies will begin proto-communication.
They've picked up on people talking, and communicating back and forth, they understand the concept of sentence structure and vocal inflection being indicative of a question. They—understand—you—pausing—between—words, or pausing and waiting for someone to reply back verbally.
My baby boy now tries to join in conversations because he doesn't want to feel left out. He doesn't understand we're having a conversation, he doesn't even understand words, but he understands the "prototype of communication", hence now, seemingly out of nowhere, he inserts himself into our conversations by screaming like a psychopath and babbling incoherent nonsense.
He favorite "word" is blowing raspberries (pressing your lips together and blowing) and "ge-ge-ge" (think of the GE in "geese") or quite literally screaming as loud as he can.
Another interesting thing about proto-communication is he tries to initiate conversations now. Unfortunately, he does not possess manners. Additionally, he does not respect me as a person, place, or thing. This results in him attempting to start conversations with me, while I'm asleep, at 3 in the morning.
It's very interesting watching my baby boy grow. I remember when my wife first got pregnant and we confirmed the pregnancy visually via ultrasound. He was tiny, probably no greater than the size of a pea. His fetus kind of looked like a little sea horse, or something, and under the ultra sound we could see his little heart beating.
Now we look at him. He is much larger than a pea. He no longer looks like a sea horse (thankfully). He is screaming in my face at 3 in the morning because he wants to "talk". If he isn't screaming at my face at 3 in the morning, he's practicing his hand-eye coordination by trying to feed himself ... by putting food all over his face ... or in his pants ... or in his hair ...
As difficult as it can be being a parent, and as much as you "suffer", there is something oddly rejuvenating about the experience and it somehow (in ways I don't understand yet) makes you feel young again.
Iran has had a complete internet blackout for 300 hours now (12.5 days).
Imagine not having anime for 12.5 days
A few days ago there was some banter online about Microsoft breaking stuff (as is tradition). Specifically, some users were trying to open Notepad, but Windows was displaying an error code.
If you have no idea what I'm referencing, I'll attach the post and discussion below this post so you can understand the lore.
Anyway, some nerd named "xakpc" on Twitter commented about Windows "App Execution Aliases". I jokingly commented, "wtf new malware idea". I changed my mind. This isn't a joke.
To the best of my knowledge, and please correct me if I'm wrong, no one has abused Windows App Execution Aliases for malware persistence.
In Windows 11 if you go to:
-> Settings
-> Apps
-> Advanced App Settings
-> App execution aliases
You'll see "aliases". Hence, when a user types something into Powershell, or CMD, or Windows search, it defaults to whatever is aliased. Upon further review, it turns out that a good chunk of these are stored in HKEY_CURRENT_USER, meaning it does not require administrative privileges to create, modify, or delete some app execution aliases.
It's stored under: "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths"
On my machine, notepad.exe has an app execution alias for (God save me) the new fancy Windows Notepad thingie which was giving people problems. It does NOT default to the one in SYSTEM32 like I initially thought.
On the contrary... and something I don't understand, although these settings are stored in the registry, they contain a stub in %LOCALAPPDATA% in
%LOCALAPPDATA%\Microsoft\WindowsApps
I don't understand how they're connected. I have no idea how this all works still. However, this can be abused and we must abuse it for malware persistence.
Under ideal conditions, it should be possible to programmatically modify an App Execution Alias (i.e. Notepad) which in actuality points to a malicious payload. When the malicious payload is triggered it should then subsequently execute Notepad.exe to give the illusion the user executed Notepad and not the payload
tl;dr
Old alias:
notepad -> notepad.exe
New (bad) alias:
notepad -> malware.exe -> notepad.exe
We must poke it with a stick and make malware.
tl;dr
> decide to do winsock malware poc
> need to be position indepedent
> low as possible to metal
> post about it
> domchell recommends x86matthew research
> "nah not related"
> mfw i was wrong
> get code working
> need to remove abstractions
> start reversing winsocks
> mfw confused by code
> provider to provider to ???
> check reactos
> wtf confused by code
> remember domchell comment
> look at x86matthew research
> look at afd.sys
> mfw wtf i fuk up
> dommy chommy was right
> code already 3k lines of code
> to make as low as id like, need another 2k lines
> might not even work
> would require more debugging
> fuck it idc
> look at security.h make tls stuff more low
> look inside
> mfw confused by code
> cchainengine ???
> look at reactos
> thousands of lines of code
> registry stuff
> mfw wtf
> remember comment from Xst3nZ
> look at code from Eduard Suica
> manual tls 10k+ lines of code
> need 10k+ lines position independent
> mfw code would be 30k lines+
> this is only simple GET and simple POST
> mfw
I tried Googling it, but I couldn't find the exact post online. It was absolutely hysterical how angry stinky Linux nerds were. Overall I give it a 7 stinky cats out of 10 stinky cats.
Enjoy your Friday.
I had this idea to do HTTPS stuff in C using the Windows Sockets API (Winsocks).
I did it. I got it working. I was able to verify an SSL cert, do a GET, do a POST octet binary stream thingy to upload a simple file (unironically testing using a picture of a cat).
After I got it working I decided to do what I always do: make it more malware like.
I decided I wanted to poke Windows with a stick, make the code position independent, and make it function as close to the metal as possible.
What happened next cannot be described as a "rabbit hole". I have fallen into an infinite abyss, a fucking Windows internals chasm. I am looking at things in Windows I have never looked at before. I am scared, confused, intrigued, ... but mostly confused (and lost).
ReactOS, x86matthew, some weird French Guy (can't remember his name), and random nerds on OSR, have done unholy work and really dug into it. They deserve a lot of credit for walking knee deep in Windows sludge.
Also, there are some genuinely interesting and entertaining AI generated videos. A vast majority are just ... boring, redundant, and kind of irritating.
Sora features "content creators", such as Snoop Dogg or Jake Paul. As you could assume, they're not producing content ... it is quite literally just AI slop videos of them being morbidly obese or driving dangerously. I'm skeptical these celebrities actually produce this "content", it's probably some assistant they hired to do a video or two a day, or week, whatever.
Overall, Sora AI slop novelty dissipates pretty quickly. It is impossible to curate your feed to silly cat AI slop. Currently the app is overflowing with scams and people giggling at the idea of Jake Paul being 600lbs and providing a makeup tutorial.
Thanks for coming to my Ted Talk. Enjoy your Thursday.
There is a phenomenon called "reduced proprioceptive monitoring".
When humans lock in hardcore and enter the "flow" state, time becomes distorted, weird science stuff occurs, but also the human body does weird stuff too.
The brain says, "body not important, need more focus". This results in peoples body contorting to unusual positions when focused. Most notably, them leaning forward, the shoulders tucked in, the neck "craning".
It happens with basically anything that requires intense focus. It is probably most recognized by people who work in the computer related fields (information technology, cybersecurity, etc). However, it also impacts surgeons, watchmakers, dentists, electrical engineers, jewelers, tattoo artists, animators, air traffic controllers, pilots, paleontologists, ... and more.
tl;dr have u ever locked in so hard ur entire body hurts?
> listening to music while work
> new band recommendation
> "vended"
> lol vending machine?
> song plays
> wtf this sounds just like corey taylor
> (lead singer of slipknot)
> google "vended"
> lead singer is griffin taylor, son of corey taylor
corey must be so proud omg
wtf just opened my door and found these weird looking bugs. anyone know what these are?
Читать полностью…
Hello, Tiny People Living Inside My Computer,
I have added more malware to malware city. It's a lot. I didn't add it up. It's like, 300,000 malwares, or something, I don't know.
Thanks and enjoy your Tuesday
https://vx-underground.org/Updates
Hello,
I appreciate everyone who offers to buy me a beer, or something, if I ever attend a cybersecurity conference. I understand the gesture and I understand it is in good faith.
Unfortunately, in a past life I had a pretty bad drinking problem (and kind of a gambling problem). I've been sober for 11 years.
Thank you
Pic unrelated
For those who don't get it because they're unfamiliar with Europe, or history, or live under a rock like Patrick Star: Yugoslavia hasn't existed since 1992.
Читать полностью…
Okay, I'm done schizo ranting about being a Dad.
Back to your regularly scheduled programming of malware and kitty cats.
I just wanted to share this with someone, even if it means screaming into the void of the internet, because I don't have many friends in real life anymore who I can schizo rant about stuff to (I'm old).
This one year old post has been bothering me.
I felt great discomfort someone hasn't been demented enough to do HTTP stuff as close to the metal as possible with the Windows sockets API (in regards to malware stuff).
I'm not done yet, this code is ... sort of(?) ... in a debug state.
This code connects to HTTPBin, performs a TLS handshake, verifies the web certificate, then performs a simple HTTP GET. The way my code is organized the stage is set to perform HTTP POST to demonstrate data exfiltration to a remote HTTP host.
The next step is basically taking a file, reading it to memory, then uploading it to a remote host and ensuring it was received successfully.
Following the completion of the HTTP post, I'll transform the entire code base into being more position independent. In other words, trying to recreate Windows APIs (like QueryContextAttributesW) to avoid unnecessary (not really "unnecessary", but less hooking opportunities, looks unusual) abstractions. I'll also manually recreate GetProcAddress and do string hashing because ???
When I'm done with this low-level Windows socket C HTTP post example, this code base will probably be well over 3,000 lines of code.
tl;dr 3,000 lines of C or 12 lines of Python code (I tested it, it's literally 12 lines of Python code).
The code so far:
https://gist.github.com/vxunderground/f55edb02b0dbda148f9a3b88669b23c8
> be Dmitry Yuryevich Khoroshev
> bounty of $10,000,000 by FBI
> believed to possess of $4,000,000,000 as a result of criminal extortion
> linked to botnets, money laundering, the russian government, bullet proof hosting
> tries to contact me
> send weird cat videos
imagine unironically being like, a fucking cyber cartel boss and some fucking retard american just keeps sending you cats