I know absolutely nothing about AI or LLMs. But, the boys and I decided to goof around (as is tradition) and built an LLM using all the papers we've collected.
1. It's really cool
2. It's super slow and super resource intensive
3. It likes to hallucinate because we fed it super unstructured data (see image 2)
4. No idea what to do with this. This would require insane infrastructure, significant time investment, and ???, to not make this ghetto.
1. It's really cool
2. It's super slow and super resource intensive
3. It likes to hallucinate because we fed it super unstructured data (see image 2)
4. No idea what to do with this. This would require insane infrastructure, significant time investment, and ???, to not make this ghetto.
β€57π13π11π₯5π«‘4π€£2π±1π’1
vx-underground
I know absolutely nothing about AI or LLMs. But, the boys and I decided to goof around (as is tradition) and built an LLM using all the papers we've collected. 1. It's really cool 2. It's super slow and super resource intensive 3. It likes to hallucinateβ¦
tl;dr trained ai on malware, kind of works, was silly experiment. llms are cool and badass
β€40π₯6π₯°4π’3π2π«‘2
vx-underground
Probably not that big a deal tbh no one uses NPM
Also, don't see any facts to back up these claims. Could be some dork going bananas over nothing.
Guess we'll wait and see
Guess we'll wait and see
β€27π₯°7π₯5π’1
vx-underground
Probably not that big a deal tbh no one uses NPM
Update: it's real lmfao y'all are COOKED bro
https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised
https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised
www.aikido.dev
npm debug and chalk packages compromised
The popular packages debug and chalk on npm have been compromised with malicious code
π62π±9π’8π€£4β€2π€2π1
vx-underground
> do largest supply chain attack in history > potentially infect millions of apps > doesnt do the thing good > makes $0 from compromise I don't wanna support the villain here, but my guy, you gotta lock in. You could have infected hundreds of millions ofβ¦
Look... If you had... one shot... or one opportunity...
To seize everything you ever wanted... one moment...
Would you capture it? Or just let it slip?
...
*slips*
To seize everything you ever wanted... one moment...
Would you capture it? Or just let it slip?
...
*slips*
π€£123π―11β€6π2π€2π1π’1
BREAKING
LARGEST SUPPLY CHAIN ATTACK IN HISTORY PULLS OFF MASSIVE CRYPTO HEIST
ATTACKS STEAL $20.05 OF ETH. ENTIRE WORLD CRUMBLING
LARGEST SUPPLY CHAIN ATTACK IN HISTORY PULLS OFF MASSIVE CRYPTO HEIST
ATTACKS STEAL $20.05 OF ETH. ENTIRE WORLD CRUMBLING
π€£117π₯8π₯°4π4β€βπ₯2β€1π1
Drama unfolding in Brazil right now where it was discovered a popular and trending Lesbian Dating App was vibe coded
Turns out all you need to do is a GET request and you can pull everything
Turns out all you need to do is a GET request and you can pull everything
π€£92π’11π4β€2π1π€1
vx-underground
Photo
Posting from mobile. Im not sure why my phone wrote "Lesbian Dating App" like it was an official title or acronym or something (LDA)....
Lolwtf
Lolwtf
π€£53π7β€4π’1π€1
vx-underground
Photo
I recommend following this thread (comments and quoted retweets) to follow the drama and shit storm.
STOP THE SLOP. NO MORE AI VIBE CODED APPS.
https://x.com/acgfbr/status/1965116645556600882
STOP THE SLOP. NO MORE AI VIBE CODED APPS.
https://x.com/acgfbr/status/1965116645556600882
π€£34β€10π€5π―3π1π’1
The drama in Brazil continues.
Sapphos, a lesbian-focused dating app, was compromised as a result of a poorly developed API with users speculating it was vibe coded.
Sapphos, after discovering the situation unfolding on social media, quickly put out a message regarding the compromise.
Sapphos begins by implying the compromise was a targeted campaign by men. However, while it was compromised by men, it does not appear (based on social media conversations and threads) to be compromised as a result of disdain toward women. Rather, the compromise was the result of nerds being nerds and messing with the application.
The message concludes with the statement that no documentation was exfiltrated. However, based on photo evidence on social media, this is incontrovertibly false. Photos and logs have been presented which proves this is false.
tl;dr Brazil mentioned?
Sapphos, a lesbian-focused dating app, was compromised as a result of a poorly developed API with users speculating it was vibe coded.
Sapphos, after discovering the situation unfolding on social media, quickly put out a message regarding the compromise.
Sapphos begins by implying the compromise was a targeted campaign by men. However, while it was compromised by men, it does not appear (based on social media conversations and threads) to be compromised as a result of disdain toward women. Rather, the compromise was the result of nerds being nerds and messing with the application.
The message concludes with the statement that no documentation was exfiltrated. However, based on photo evidence on social media, this is incontrovertibly false. Photos and logs have been presented which proves this is false.
tl;dr Brazil mentioned?
π€£87β€12π8π’1
vx-underground
The drama in Brazil continues. Sapphos, a lesbian-focused dating app, was compromised as a result of a poorly developed API with users speculating it was vibe coded. Sapphos, after discovering the situation unfolding on social media, quickly put out a messageβ¦
I say Brazil mentioned because following the post about the compromise and/or data leak, Brazil nerds seemed happy to see Brazil mentioned.
Brazilian people are cool and badass
Brazilian people are cool and badass
β€62π€£28π₯6β€βπ₯3π’2π1
Mildly interesting
As I'm working on collecting older malware samples I've made some observations.
1. The word "IOC" (Indicator of Compromise) has not been present in a report from 2001 - 2010.
2. Most malware samples were not shared. If they were shared they used MediaFire
3. Around 2008 people began referencing VirusTotal for malware detection rates and names. VirusTotal reports from that era are broken because they URLs have changed. VirusTotal's URLs were originally in spanish and were HTTP based
4. One of the first vendors to share malware MD5 (or SHA1, haven't seen a SHA256 yet) was FireEye (now Trellix) and Secureworks
5. Malware campaigns using social networks for target users was revolutionary concepts in 2009.
6. Conficker malware analysis reports illustrate how much malware has evolved. The malware techniques used by Conficker are amateur at best compared to modern malware techniques. Conficker was declared revolutionary (not exact words) because of its modularity. See attached image. A modern malware payload doing what Conficker did is ... meh ... everyone can do this. Interesting how much has changed.
As I'm working on collecting older malware samples I've made some observations.
1. The word "IOC" (Indicator of Compromise) has not been present in a report from 2001 - 2010.
2. Most malware samples were not shared. If they were shared they used MediaFire
3. Around 2008 people began referencing VirusTotal for malware detection rates and names. VirusTotal reports from that era are broken because they URLs have changed. VirusTotal's URLs were originally in spanish and were HTTP based
4. One of the first vendors to share malware MD5 (or SHA1, haven't seen a SHA256 yet) was FireEye (now Trellix) and Secureworks
5. Malware campaigns using social networks for target users was revolutionary concepts in 2009.
6. Conficker malware analysis reports illustrate how much malware has evolved. The malware techniques used by Conficker are amateur at best compared to modern malware techniques. Conficker was declared revolutionary (not exact words) because of its modularity. See attached image. A modern malware payload doing what Conficker did is ... meh ... everyone can do this. Interesting how much has changed.
π40β€16π―14π€3π₯1π’1
The most interesting person in the world was messaging me.
They've suddenly deleted their e-mail and Xitter account.
Come back:(
They've suddenly deleted their e-mail and Xitter account.
Come back:(
π’49β€18π7π₯°2π1π«‘1