This is Maksim Yakubets. Feel old yet?

We have a reverse engineering challenge for you nerds.

In Black Mass Vol. 3, scheduled for October, 2024, we will unveil "Matryoshka". Matryoshka is a strange malware proof-of-concept. We would like you to reverse engineer it to tell us how you think it works.

* Matryoshka only works on Windows 10 or above
* proof-of-concept is not malicious
* you're free to reverse engineer it by any means necessary: static, dynamic, sandbox, making your friend do it, whatever.
* malware proof-of-concept is NOT packed
* Matryoshka does not possess any anti-debug or anti-VM functionality
* source code and full explanation of code will be released in Black Mass Vol. 3
* best write up goes in Black Mass Vol. 3 to show the defensive aspect to Matryoshka!
* binary is being shared in .7z with a super 1337 password!!!!11

inb4 someone reverse engineers it in totality in 2 minutes because they've seen "Kob*".

Matryoshka download: https://samples.vx-underground.org/root/Samples/Matryoshka.7z

The whole "Red Team Fit" thing on Twitter is a complete joke. Try "Malware Nerd Fit". Last night we traversed the entire planet 12 TIMES. We were Naruto running so fast this dumb app couldn't even calculate our rate of speed.

Parents, now is the time to be on guard. We are once again reminding you to be diligent about checking your child's candy throughout the Halloween season. vx-underground recently discovered THREE ransomware affiliates from ALPHV ransomware group inside of a Snickers.

DO NOT TRY TO DOWNLOAD MALWARE SAMPLES ONTO A PS4

Yeah, Okta's support system was compromised. Yeah, they had access for over 2 weeks. Yeah, the Threat Actor(s) probably went through some pretty sensitive stuff...

But they offer SSO at $2/user, so it's not really that big of a deal, right?

Yeah, Okta wasn't aware of the breach until a customer alerted them to a potential compromise.

But they offer MFA at $3/user, so it's not a big deal, right?

We are aware our Twitter ransomware bot is still offline.

We do not know where the individual maintaining it went. We last spoke with them approx. 2 months ago. They disappeared without a trace.

Uhaul was breached. 13GBs of data was exfiltrated from their SharePoint. Initial access was granted by social engineering an employee through text messages.

tl;dr another day in Shangri-La

CloudFlare did a blog yesterday about how the company they use (Okta) was breached (again) and how the Threat Actor tried to pivot into their network (again) and how they mitigated it (again).

The blog gives recommendations to Okta 😂😂

https://blog.cloudflare.com/how-cloudflare-mitigated-yet-another-okta-compromise/

Thank you to the person who submitted their Black Mass Volume II SOC Analyst coloring page.

It looks very nice. We will hang it on the refrigerator

Okta stock fell 11% today 😭😭😭

... after they admitted they got compromised (again) through their support system (again) and the Threat Actor(s) tried to pivot to clients (again).

Even the $2/user SSO can't save them 😭

Luckily, even though their stock fell 11%, they're saving money. They laid off their entire internal Red Team in March because ???

Who needs internal security audits anyway???

Coding malware is good for you.

- Teaches you low level programming concepts
- Helps get a better understanding of computer security
- Can help improve reverse engineering skills
- Improves focus, attention to detail, critical thinking skills

Not everyone who codes malware is a bad person. Is every person who admires the engineering behind weapons a dangerous person? No.

Also, the engineering behind the AK47 is badass.

https://youtu.be/_eQLFVpOYm4