> wake up
> take a shit
> get out of bed
> check news
> "Speaker of the House says Donald Trump was an FBI Informant tasked with taking down Jeffrey Epstein"

wtf someone cut internet cables in the Red Sea

ok to be fair it could be like, an underwater squirrel or a shark or something (idk if sharks exist in the red sea), but kind of suspect tbh

Anthropic just got fined $1,500,000,000 for piracy.

Sorry, I need to make some language corrections.

It is a $1,500,000,000 settlement*, to authors for alleged piracy, or something.

Malware Noob Month Post #7

There are different types of reverse engineering. Each play a critical role in malware reverse engineering and detection engineering.

The most widely known is what I would define as "standard" reverse engineering. This is attaching a debugger to a running process (i.e. x64dbg) and watching what the program does as it's running.

Another common method for reverse engineer is "static reverse engineering". Static reverse engineering is looking at the program while it's "on disk", in other words, staring at it while it's not running. People usually use Ida or Ghidra.

A third method for reverse engineering is "emulation", "sandboxing", or "triaging". They all kind of mean the same thing, all maybe a little different if you want to get really nitty gritty on the details. This type of reverse engineering is detonating (running) the program in a virtual machine (or special environment) and recording everything that the program does.

Each method listed has a strength and weakness.

Emulation is really good at doing the job quick and dirty. If you use emulation tool suites, like Triage or AppAnyRun, you can very quickly get a high level overview of what the malware is doing, where it's connecting to, etc. Additionally, these tool suites usually have built in rules to automatically detect the malware family (if applicable). However, these tool suites cannot detect everything and it's possible for malware to fall between the cracks and evade emulation.

Static reverse engineering, using Ida or Ghidra, is also really good. You can review the malware before it tries performing evasive actions. The primary issue with this method however is that if the malware obfuscates itself on-disk (encryption, it's packed, etc) this method can challenging.

"Standard" reverse engineering is probably the most difficult form of reverse engineering. It requires you to have a good understanding of Assembly. However, this method is the most superior. Once you're comfortable with assembly and the debugger you're using, it makes it extremely difficult for malware to "evade" the reverse engineer (some non-noobs probably feel tempted to mention LLVMs, don't).

Regardless, it is impossible for malware to evade all of these methods. It is possible to develop malware that makes it challenging to reverse engineer, but ultimately a dedicated (or skilled) reverse engineer will figure it out.

Malware authors must constantly evolve their malware code (update it, use new methods, introduce additional layers of complexity) to hinder reverse engineers. If they do not do this, reverse engineers will have developed methods to detect the malware and it's basically game over.

Large scale malware campaigns are constantly changing the malware code base, delivery mechanism, etc. to ensure the malware can "survive". Likewise, anti-malware companies and reverse engineers must constantly monitor malware campaigns, keep reverse engineering them, and updating their strategies to detect them.

It's a game of cat and mouse.

Malware Noob Month Post #8

What is "undetectable malware"?

Well, it doesn't really exist. Kind of. There has been discussions of governments (United States, Russia, China) which had malware active for long durations of time and not getting caught. For example, Russia's "Woodchipper" was undetected for years.

The secret is "tailored" malware.

Malware campaigns are caught and tracked all the time because Threat Actors want their malware on as many computers as possible. The more "noise" these groups make, the more machines they infect, the more anti-malware companies can see.

However, specially crafted malware, designed for unique systems, unique environments, with a very specific goal in mind, can go undetected for A LONG time. Once a malicious program has made its way onto the target... And it's nowhere else in the world... How can anyone know it exists?

In these scenarios the chance of the malware being detected boils down to luck and/or fate.

For example, the United States government malware "Stuxnet", which targeted Nuclear Centrifuges, was caught by complete accident. That is a long story I highly recommend you read (or maybe look it up on YouTube, maybe a video exists about it)

In summary, the more machines infected the more likely you'll be detected.

I watched this video on YouTube which questioned the validity of a YouTube series called "Hot Ones".

To make a long story short, each of the hot sauces in that show are derived from super mega fuck off hot peppers, but the sauces themselves are not nearly as hot because they're watered down, given flavoring, etc. It's like, sort of fake advertising, but sort of not? It allows people to be like "i HaD tHe HoTtEsT sAuCe eVeR", but it's not. Whatever.

Anyway, then these nerds sent all these different sauces to a laboratory to have scientists do science. They determined that they hottest sauce in the world (or from the dozens of sauces they selected) is a hot sauce called "Mad Dog 357".

I just got a bottle of it

I don't know why because normally the spiciest thing I eat is salt. The science and stuff inspired me to experience the hottest thingy of sauce in the world.

I don't expect anyone to give a shit about "the weird malware cat picture collection" persons thoughts on hot sauce and esoteric YouTube videos is. I just wanted to share this random bit of information with someone.

1. I've learned nerds are very passionate about hot sauce
2. I am concerned that perhaps I am in over my head based off this persons experience with the #2 sauce

Update: Tried MadDog 357. The bottle is cool looking and it comes with a bullet thingy that is a keychain. No idea.

Opened the bottle, the smell made my nose tingle. Very cool.

I put a few drops around a chip. The few drops were probably too much in retrospect. Nerds told me to use a single drop. I thought they were being dramatic. They were not.

At first it tasted kind of sweet. It then went 0 to 100 and it summoned a burn I haven't really experienced before from spicy stuff.

It made my tongue feel like it was physically on fire.

It's been well over an hour and my stomach feels like it has a bruise.

I drank milk and slowly the burn went away within 5 minutes or so.

Overall I rate the experience a 3/10. It was painful and uncomfortable, but it wasn't crazy (I didn't cover a chip in the sauce, I used the sauce sparingly). It sucked, but it was a fun experience with super spicy stuff.

Really exciting things coming.

Working on a massive enhancement to vx-underground. It'll take several months to accomplish it, but it'll be well worth it.

Thank you all of our sponsors and donors. Your money lets me do crazy shit on the internet.

Hint: it's involves malware

for a really long time i thought the Large Hadron Collider was the "Large Hardon Collider".

i never even questioned it. i was like, "well, its science and things are hard"

this is the type of music people listen to when they're extorting companies and laundering money on the internet

Hello,

All APT samples and papers have been moved to "./Archive/Old APT Collection". It is available for bulk download.

A directory will be created which will house ALL malware samples listed in malware analysis papers. This is a long term project which may years to complete.

may take years**

tl;dr trained ai on malware, kind of works, was silly experiment. llms are cool and badass