I finished fuzzing drivers and some other stuff. 517 potentially vulnerable drivers identified.

I've also got 17,000 cat pictures ready. Still got another 130,000+- to review.

Chat, we are busy.

Step 1. Lure the people in with cat pictures

Step 2. Mention malware, in some capacity, along side the cat picture

Step 3. Slowly subject the people to malware concepts (through cat pictures)

Step 4. Over time they learn malware

Step 5. More people now into malware

Why is WinRAR MOCKING my pain 😢

We've got 23,607 kitty cat pictures available for download. These are good kitty cats. They will make you happy.

./Archive/Cat Picture Collection

https://vx-underground.org/

Hello, I have an important announcement to make

The APT section will be retired soon. Instead ALL malware analysis papers will be accompanied with the samples discussed in the report.

tl;dr APT section will be rebranded "Malware Analysis". It makes my life easier

Whenever I see graphics like this I contemplate suicide.

Death would be easier than trying to explain to people why this infographic is wrong

Probably a more realistic graph (OC)

STOP CALLING IT VISHING AND SMISHING

YOU SOUND LIKE A FUCKING TODDLER BABBLING NONSENSE

ITS PHISHING OR SOCIAL ENGINEERING

REEEEEEEEE

Peace and love to my information security colleagues

But GOD DAMN, do ALL of you need to make a fucking course? How many courses do we actually need?

Dawg, I see so many of you trying to sell your courses. You can't do ANYTHING else other than prey on the noobs? Holy cannoli

And you know what? I get it. Get your bag. Hustle. Do your thing. God bless you.

But we have a serious oversaturation of courses. Everyone and their fucking Grandmother is trying to sell courses now

Chat is this real

Lockbit ransomware group is officially 6 years old today.

Hello, how are you? It's time for an administrative update.

First and foremost, the APT section is difficult to manage by myself while simultaneously doing everything else. Hence, some small changes will be made. Moving forward the APT section will be rebranded "Malware Analysis". This section will be the paper and samples of EVERY publicly released paper discussing malware analysis. In other words, this section will contain analysis on state-sponsored Threat Actors and financially motivated Threat Actors.

Secondly, the 2025 vulnerable driver fuzzing project has been completed. Initially I was informed it was over 7,000,000 drivers. However, this is deceptive because what the data distributors failed to mention is that this collection of "drivers" also contained installers, user-mode libraries, etc. A more accurate number of drivers, which are also signed, is closer to 50,000, or something. I don't remember. Either way, after fuzzing signed drivers for like, 3 weeks, or 2 weeks, it came out to identifying approx. 450 potentially vulnerable drivers.

Thirdly, all potentially vulnerable drivers, as well as their corresponding IOCTLance report, are being moved to the archive section. In this section you can also download the "7,000,000" drivers. Furthermore, bulk download options will exist for both datasets. It is under ./Archive/Driver Collection/

Fourthly, I'm still processing the cat picture collection. I'm not sure why I'm allocating so much time sorting images and cats. But, I'm doing it. I've used a combination of artificial intelligence and human intelligence (very low intelligence) to identify non-kitty cat pictures and purge them from the collection. Several people have told me a few non-kitty cat pictures are present, but whatever, close enough. I have 130,000 left to review.

Fifthly, and as is tradition, we've got a lot more malware cooking behind the scenes. I need to make some repairs and get things in full swing. I need to "hire" people, but the insane volume of people who contacted me has been overwhelming.

Pic unrelated

Probably the most realistic movie about hacking in history

Thank you to whoever used our open-source artwork to make a cool and badass motorcycle

September is Malware Noob Month (literally just made this up on the spot). Gonna tweet noob stuff so noobs feel good inside and can learn

Malware Noob Month Post #1

Anti-malware vendors (anti-virus companies, but it's more appropriate to call them "anti-malware" now), rely heavily on known-good and known-bad lists.

In other words, anti-malware companies maintain a large list of file signatures which are safe and which are dangerous.

Every file an anti-malware company encounters is digitally "fingerprinted" using what is known as "file hashing". There are many different fingerprinting (or file hashing) techniques. Although, the most commonly used techniques used by anti-malware services are MD5, SHA-1, or SHA256 hashing.

When you first install an anti-malware product on your computer it walks each directory on your computer (it goes through your entire computer), and "fingerprints" everything.

It compares the fingerprint of each file against its "known-good" or "known-bad" list. If a known-good is encountered, it skips it. If it is a known-bad, it will take action based on what it believes the threat to be. If the file is unknown, other action may be taken based on the file characteristics (is it a .exe, a picture of a cat, etc).

Everyday anti-malware vendors update their "known-good" and "known-bad" lists. This is one of the easiest way for anti-malware vendors to combat malware.

The likelihood of 2 files having the same "fingerprint" (SHA256 hash) is 2^256

Or, to be specific, the chance of 2 files having the same fingerprint is 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936

Hence, using this simple file fingerprinting identification system, anti-malware services can feel fairly confident their fingerprinting method works and is accurate

Now you're asking... is there a way for malware writers to avoid fingerprinting? To change their fingerprint? Of course! That's for tomorrows post

CaNt U JuSt ChAnGe A SiNgLe ByTE

How about you shut the fuck up, hmmm? This is for the NOOBS. Yes, you can combat this using hashbusting, polymorphism, oligomorphism, metamorphism, multi-staging, etc. But that IS FOR TOMORROWS POST

YES then the anti-malware vendors can use YARA rules for detection to combat this.

THIS IS FOR THE NOOBS. SHUT THE FUCK UP. LETS ENJOY THE RIDE BRO SHUT THE FUCK UP

wE AlL KnEw thIs bRO

Oh yeah?

How come I don't see your bitch ass commenting on the actual technical discussions? Nerds like to talk big when discussing noob subjects, but then when we start having serious malware conversations these motherfuckers get REALLLLLLLL quiet.

Malware Noob Month Post #2

It is common for people to perpetuate the myth that malware will impact computer performance. This myth is also perpetuated in corporate trainings.

Historically, in the 90's and early-2000's, it was possible for malware to be so resource intensive (using excessive memory or CPU) it would slow down the machine. However, in 2025 this isn't a problem due to improvements in computer hardware.

Part of this myth comes from "polling" operations performed from malware.

An example of "polling" is when you're writing a (shitty) keylogger. You may want to write code which continuously checks to see if a key on the keyboard has been pressed. Then, when your code determines a key has been pressed, write the pressed key to a text file (recording what the user is typing).

This action of continually checking to see if something has been performed (any key being pressed) is "polling". As recent as Windows XP, "polling" when writing malware was considered dangerous because there was a concern of excessive CPU usage.

In 2025 "polling" isn't really a concern. The only malware now which is resource intensive is crypto-mining malware.

New malwares are available for your computer. Please download it.

- Bazaar.2025.08.7z
- InTheWild.0199.7z
- InTheWild.0198.7z

This is like, 100,000 malwares, or something. I don't know. I'm just making up numbers, but I know it's more than 40,000